3

I just built an NPM Verdaccio private registry server within our local network and I would like configure an UPLINK to our remote NPM Verdaccio server which is hosted at AWS (and also keep the original npmjs registry).

snippet from Verdaccio config.yaml

uplinks:
  npmjs:
    url: https://registry.npmjs.org/
  our-NPM-AWS-server:
    url: https://our-NPM-AWS-server.com

based on the documentation (Verdaccio_UPLINK), I have to set the Authentication parameters there, anyhow. I found the usage of the UPLINKS here - uplink authorization & here - getting an Auth Token , but it is pretty confusing for me because I am not sure what to set as an AUTH method:

   auth:
     token:
       type: bearer | basic,
       token: "token",
       token_env:  true | <get name process.env> `NPM_TOKEN`

I was not able to find any tutorial which would guide me, so I would like to ask for some insight & help - what is necessary to set on the Internal NPM server & also on the remote NPM AWS server.

Configuration:

Internal NPM server

ubuntu 16.04, node v8.11.1, npm v5.8, Verdaccio v.2.7.4, access is controlled by .htpasswd, NPM is accessible on port 80 (listens on http://127.0.0.1:4873)

Remote own NPM server at AWS

ubuntu 14.04, node v6.14.1, npm v3.10.10, Verdaccio v.2.7.4, access is controlled by .htpasswd, NPM is accessible only via 443 from the outside (proxy_http listens on http://127.0.0.1:4873 with an url_prefix: https://our-NPM-AWS-server.com)

Both servers are operating normally (you can log there with your NPM account, push the packages, etc).

thank you very much


EDIT 2018-04-26

The AWS NPM server is registered into Application ELB, which listens on port 443. The AWS NPM server listens on port 443 and is located in private subnet. I tried to place AWS Verdaccio instance into public subnet and to access it directly without ELB, however it didnt have any affect and the behavior was same.

The config.yaml file of AWS NPM The UPLINKS part was not changed

packages:
  '@*/*':
    # scoped packages
    access: $all
    publish: $authenticated
    proxy: npmjs

  '**':
    # allow all users (including non-authenticated users) to read and
    # publish all packages
    #
    # you can specify usernames/groupnames (depending on your auth plugin)
    # and three keywords: "$all", "$anonymous", "$authenticated"
    access: $authenticated

    # allow all known users to publish packages
    # (anyone can register by default, remember?)
    publish: $authenticated

    # if package is not available locally, proxy requests to 'npmjs' registry
    proxy: npmjs

I tried to set

  '**':
    access: $all

However, it didnt have any effect.

The config.yaml of Internal Verdaccio Server

uplinks:
  aws:
    url: https://our-NPM-AWS-server.com/
    #strictUrlMatch: false
    headers:
      authorization: "Basic <token_which_I_harvested_from_/.npmrc_file>"

packages:
  '@*/*':
    # scoped packages
    access: $all
    publish: $authenticated
    proxy: aws

  '**':
    # allow all users (including non-authenticated users) to read and
    # publish all packages
    #
    # you can specify usernames/groupnames (depending on your auth plugin)
    # and three keywords: "$all", "$anonymous", "$authenticated"
    access: $all

    # allow all known users to publish packages
    # (anyone can register by default, remember?)
    publish: $authenticated

    # if package is not available locally, proxy requests to 'npmjs' registry
    proxy: aws

On Internal Verdaccio instance, I tried to get some package from AWS Verdaccio instance

npm pack --verbose verdaccio-bitbucket

and this is log from AWS Verdaccio:

{"name":"verdaccio","hostname":"hostname_our-NPM-AWS-server","pid":8494,"sub":"in",
"level":30,"req":{"method":"GET","url":"/verdaccio-bitbucket",
"headers":{"host":"our-NPM-AWS-server.com","x-forwarded-for"
:"Public_IP_of_Internal_Verdaccio, 10.XXX.XX.XXX","x-forwarded-proto"
:"https","x-forwarded-port":"443","x-amzn-trace-id":
"Root=X-XXXXXX-XXXXXXXXXXXXXXXX","accept":"application/json;",
"accept-encoding":"gzip","user-agent":"npm (verdaccio/2.7.4)",
"via":"1.1 f8d74eab3cc6 (Verdaccio)","authorization":"<Classified>",
"x-forwarded-host":"our-NPM-AWS-server.com",
"x-forwarded-server":"our-NPM-AWS-server.com","connection":"Keep-Alive"},
"remoteAddress":"127.0.0.1","remotePort":42608},"ip":"127.0.0.1",
"msg":"@{ip} requested '@{req.method} @{req.url}'",
"time":"2018-04-26T20:12:38.893Z","v":0}

{"name":"verdaccio","hostname":"hostname_our-NPM-AWS-server","pid":8494,"sub":"in",
"level":35,"request":{"method":"GET","url":"/verdaccio-bitbucket"},
"remoteIP":"Public_IP_of_Internal_Verdaccio, 10.XXX.XX.XXX via
127.0.0.1","**status":403,"error":"unregistered users are not allowed
to access package verdaccio-bitbucket"**,"bytes":
"in":0,"out":180},"msg":"@{status}, user: @{user}(@{remoteIP}),
req: '@{request.method} @{request.url}', error: @{!error}",
"time":"2018-04-26T20:12:38.895Z","v":0}

and this is log from Internal Verdaccio, where the command was ran from:

http --> 200, req: 'GET https://our-NPM-AWS-server.com/verdaccio-bitbucket' (streaming)
 http --> 200, req: 'GET https://our-NPM-AWS-server.com/verdaccio-bitbucket', bytes: 0/34578
 http <-- 200, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket', bytes: 0/5038
 http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403
 http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403
 http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403
4

1 回答 1

1

Your configuration is correct but slightly wrong. Let me fix it.

uplinks:
  aws:
    url: https://our-NPM-AWS-server.com/
    #strictUrlMatch: false
    headers:
      authorization: "Bearer <token_which_I_harvested_from_/.npmrc_file>"

Do not use Basic, it is Bearer verdaccio uses JWT, unfortunately, verdaccio middleware does not accept bearer in lowercase (it does since verdaccio@v3.0.0-beta.7).

For clarification about Basis and JWT. Since version verdaccio@2.3.0 all tokes are generated with JWT library, somehow, for legacy/unit testing reasons we still accept Basis authentification headers, but, all new tokens generated since verdaccio@2.3.0 must use Bearer in headers instead Basis.

There are a couple of issues I will report on Github, minor ones, but still, causes issues like this one.

I hope it helps.

于 2018-04-28T10:17:39.190 回答