200 lines
5.4 KiB
Markdown
200 lines
5.4 KiB
Markdown
|
---
|
|||
|
title: verdaccio 搭建 npm私库
|
|||
|
categories:
|
|||
|
- Front-End
|
|||
|
status: done
|
|||
|
---
|
|||
|
|
|||
|
# 使用 docker 搭建 verdaccio
|
|||
|
|
|||
|
创建 & 配置`config.yaml`文件
|
|||
|
|
|||
|
```yaml
|
|||
|
# Read about the best practices
|
|||
|
# https://verdaccio.org/docs/best
|
|||
|
|
|||
|
# path to a directory with all packages
|
|||
|
storage: /verdaccio/storage/data
|
|||
|
# path to a directory with plugins to include
|
|||
|
plugins: /verdaccio/plugins
|
|||
|
|
|||
|
# 包体积上限,默认10mb
|
|||
|
max_body_size: 1024mb
|
|||
|
|
|||
|
|
|||
|
web:
|
|||
|
enable: true
|
|||
|
title: Mozzie-NPM
|
|||
|
# gravatar: false
|
|||
|
# login: true
|
|||
|
pkgManagers:
|
|||
|
- npm
|
|||
|
- yarn
|
|||
|
- pnpm
|
|||
|
html_cache: true
|
|||
|
showFooter: false
|
|||
|
|
|||
|
auth:
|
|||
|
htpasswd:
|
|||
|
file: /verdaccio/storage/htpasswd
|
|||
|
# 关闭注册,手动添加用户,默认Bcrypt算法,随便找个网页生成个密码,使用账号:密码添加到 htpasswd 文件中,例如 test:$2a$10$0xPGVnpcdxcfmFxtWyWDx./TRtm/W/gSzib/jck3w.sF9x.Ur8t8W
|
|||
|
max_users: -1
|
|||
|
|
|||
|
|
|||
|
i18n:
|
|||
|
web: zh-CN
|
|||
|
|
|||
|
# notify: # 配置 Webhook 推送到钉钉,记得修改 access_token 和 atMobiles
|
|||
|
# method: POST
|
|||
|
# headers: [{ "Content-Type": "application/json" }]
|
|||
|
# endpoint: https://oapi.dingtalk.com/robot/send?access_token=xxxx
|
|||
|
# content: '{"msgtype":"text", "at": {"atMobiles": ["13000000000"] }, "text":{"content":"NPM 发布新包:\n > 包名称:{{name}} \n > 版本号:{{#each versions}}{{version}}{{/each}} \n > 发布者:{{publisher.name}} "}}'
|
|||
|
|
|||
|
uplinks:
|
|||
|
npmjs:
|
|||
|
url: https://registry.npmjs.org/
|
|||
|
yarn:
|
|||
|
url: https://registry.yarnpkg.com/
|
|||
|
timeout: 10s
|
|||
|
taobao:
|
|||
|
url: https://registry.npmmirror.com/
|
|||
|
timeout: 10s
|
|||
|
|
|||
|
packages:
|
|||
|
"@*/*":
|
|||
|
# 可访问权限,web界面看不见,不登陆,也无法 install 包
|
|||
|
access: $authenticated # $all
|
|||
|
# 发布权限, $authenticated 表示只有通过验证的人
|
|||
|
publish: $authenticated
|
|||
|
# 可取消发布权限
|
|||
|
unpublish: $authenticated
|
|||
|
# 包不存在时的代理
|
|||
|
proxy: npmjs yarn taobao
|
|||
|
"**":
|
|||
|
access: $authenticated # $all
|
|||
|
publish: $authenticated
|
|||
|
unpublish: $authenticated
|
|||
|
proxy: npmjs yarn taobao
|
|||
|
|
|||
|
middlewares:
|
|||
|
audit:
|
|||
|
enabled: true
|
|||
|
listen: 0.0.0.0:4873
|
|||
|
log: { type: stdout, format: pretty, level: http }
|
|||
|
```
|
|||
|
|
|||
|
创建容器,环境变量,`VERDACCIO_PUBLIC_URL`是静态资源的前缀地址,由于nginx挂了`ssl`,如果使用`http`可以不添加
|
|||
|
|
|||
|
```bash
|
|||
|
docker run \
|
|||
|
-p 4873:4873 \
|
|||
|
--restart=always \
|
|||
|
--network mozzie.cn-net \
|
|||
|
--network-alias verdaccio \
|
|||
|
--env VERDACCIO_PORT=4873 \
|
|||
|
--env VERDACCIO_PUBLIC_URL=https://npm.mozzie.cn \
|
|||
|
--ip 172.21.0.196 \
|
|||
|
--name verdaccio \
|
|||
|
-v /www/wwwroot/nginx/html/verdaccio/storage:/verdaccio/storage \
|
|||
|
-v /www/wwwroot/nginx/html/verdaccio/config:/verdaccio/conf \
|
|||
|
-v /www/wwwroot/nginx/html/verdaccio/plugins:/verdaccio/plugins \
|
|||
|
-d verdaccio/verdaccio
|
|||
|
```
|
|||
|
|
|||
|
|
|||
|
|
|||
|
配置nginx的反向代理conf,注意所在的docker网络,使用`container_name`
|
|||
|
|
|||
|
|
|||
|
|
|||
|
```conf
|
|||
|
server {
|
|||
|
# listen 80;
|
|||
|
listen 443 ssl;
|
|||
|
server_name npm.mozzie.cn;
|
|||
|
ssl_certificate /etc/nginx/ssl/npm.mozzie.cn_bundle.pem;
|
|||
|
ssl_certificate_key /etc/nginx/ssl/npm.mozzie.cn.key;
|
|||
|
gzip on;
|
|||
|
|
|||
|
location / {
|
|||
|
proxy_set_header X-Real-IP $remote_addr;
|
|||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|||
|
proxy_set_header Host $host;
|
|||
|
proxy_set_header X-NginX-Proxy true;
|
|||
|
proxy_pass http://verdaccio:4873/;
|
|||
|
proxy_redirect off;
|
|||
|
}
|
|||
|
}
|
|||
|
```
|
|||
|
|
|||
|
运行添加用户,报错,因为 `htpasswd`默认创建在宿主机,也就是上面挂载的`/www/wwwroot/nginx/html/verdaccio/storage`目录中
|
|||
|
|
|||
|
```bash
|
|||
|
npm adduser --registry https://npm.mozzie.cn/
|
|||
|
```
|
|||
|
|
|||
|
配置`htpasswd`、`storage` 文件夹权限
|
|||
|
|
|||
|
```bash
|
|||
|
# 宿主机中执行
|
|||
|
cd /www/wwwroot/nginx/html/verdaccio/storage
|
|||
|
touch htpasswd
|
|||
|
sudo chown 10001:65533 htpasswd
|
|||
|
sudo chown -R 10001:65533 /www/wwwroot/nginx/html/verdaccio/storage
|
|||
|
```
|
|||
|
|
|||
|
# verdaccio 用户管理
|
|||
|
|
|||
|
由于在 `config.yml` 中关闭了可访问权限
|
|||
|
|
|||
|
```yaml
|
|||
|
auth:
|
|||
|
htpasswd:
|
|||
|
file: /verdaccio/storage/htpasswd
|
|||
|
# 关闭注册,手动添加用户,默认Bcrypt算法,
|
|||
|
max_users: -1
|
|||
|
|
|||
|
packages:
|
|||
|
"@*/*":
|
|||
|
# 可访问权限,web界面看不见,不登陆,也无法 install 包
|
|||
|
access: $authenticated # $all
|
|||
|
# 发布权限, $authenticated 表示只有通过验证的人
|
|||
|
publish: $authenticated
|
|||
|
# 可取消发布权限
|
|||
|
unpublish: $authenticated
|
|||
|
"**":
|
|||
|
access: $authenticated
|
|||
|
publish: $authenticated
|
|||
|
unpublish: $authenticated
|
|||
|
```
|
|||
|
|
|||
|
默认的 `addUser` 策略是 `Bcrypt` 生成密码,随便找个网页生成个密码,使用`账号:密码`添加到 `htpasswd` 文件中,例如
|
|||
|
|
|||
|
```bash
|
|||
|
test:$2a$10$0xPGVnpcdxcfmFxtWyWDx./TRtm/W/gSzib/jck3w.sF9x.Ur8t8W
|
|||
|
```
|
|||
|
|
|||
|
因此在实际开发中,管理员手动给用户创建好账号,然后根据用户的包管理工具,进行登录,例如以 `npm` 为例
|
|||
|
|
|||
|
```bash
|
|||
|
npm adduser --registry https://npm.mozzie.cn/
|
|||
|
# 输入 Username: mozzie | Password: xxx | Email: (this IS public) himozzie@foxmail.com
|
|||
|
# 提示登陆成功 Logged in as mozzie on https://npm.mozzie.cn/.
|
|||
|
```
|
|||
|
|
|||
|
在系统的 `cat ~/.npmrc` 中会增加一行,就可以正常的进行以来的安装了
|
|||
|
|
|||
|
```bash
|
|||
|
//npm.mozzie.cn/:_authToken="Do/wrh5QzsnYaNU4x3ZlVA=="
|
|||
|
```
|
|||
|
|
|||
|
# 项目 .npmrc Scope区分
|
|||
|
|
|||
|
需要指定 `.npmrc` 来区别 `Scope` 的安装地址,例如一个包名为 `@mozzie/hook`,对应的私库为 `https://npm.mozzie.cn/`
|
|||
|
|
|||
|
```bash
|
|||
|
registry=http://registry.npm.taobao.org/
|
|||
|
@mozzie:registry=https://npm.mozzie.cn
|
|||
|
# npm拉包的校验
|
|||
|
//https://npm.mozzie.cn/:_authToken=xxxxxxxxxxxxx
|
|||
|
```
|