blog-hexo/source/_posts/front-end/verdaccio.md

200 lines
5.4 KiB
Markdown
Raw Normal View History

2023-10-20 10:28:01 +08:00
---
title: verdaccio 搭建 npm私库
categories:
- Front-End
status: done
---
# 使用 docker 搭建 verdaccio
创建 & 配置`config.yaml`文件
```yaml
# Read about the best practices
# https://verdaccio.org/docs/best
# path to a directory with all packages
storage: /verdaccio/storage/data
# path to a directory with plugins to include
plugins: /verdaccio/plugins
# 包体积上限默认10mb
max_body_size: 1024mb
web:
enable: true
title: Mozzie-NPM
# gravatar: false
# login: true
pkgManagers:
- npm
- yarn
- pnpm
html_cache: true
showFooter: false
auth:
htpasswd:
file: /verdaccio/storage/htpasswd
# 关闭注册手动添加用户默认Bcrypt算法随便找个网页生成个密码使用账号:密码添加到 htpasswd 文件中,例如 test:$2a$10$0xPGVnpcdxcfmFxtWyWDx./TRtm/W/gSzib/jck3w.sF9x.Ur8t8W
max_users: -1
i18n:
web: zh-CN
# notify: # 配置 Webhook 推送到钉钉,记得修改 access_token 和 atMobiles
# method: POST
# headers: [{ "Content-Type": "application/json" }]
# endpoint: https://oapi.dingtalk.com/robot/send?access_token=xxxx
# content: '{"msgtype":"text", "at": {"atMobiles": ["13000000000"] }, "text":{"content":"NPM 发布新包:\n > 包名称:{{name}} \n > 版本号:{{#each versions}}{{version}}{{/each}} \n > 发布者:{{publisher.name}} "}}'
uplinks:
npmjs:
url: https://registry.npmjs.org/
yarn:
url: https://registry.yarnpkg.com/
timeout: 10s
taobao:
url: https://registry.npmmirror.com/
timeout: 10s
packages:
"@*/*":
# 可访问权限web界面看不见不登陆也无法 install 包
access: $authenticated # $all
# 发布权限, $authenticated 表示只有通过验证的人
publish: $authenticated
# 可取消发布权限
unpublish: $authenticated
# 包不存在时的代理
proxy: npmjs yarn taobao
"**":
access: $authenticated # $all
publish: $authenticated
unpublish: $authenticated
proxy: npmjs yarn taobao
middlewares:
audit:
enabled: true
listen: 0.0.0.0:4873
log: { type: stdout, format: pretty, level: http }
```
创建容器,环境变量,`VERDACCIO_PUBLIC_URL`是静态资源的前缀地址由于nginx挂了`ssl`,如果使用`http`可以不添加
```bash
docker run \
-p 4873:4873 \
--restart=always \
--network mozzie.cn-net \
--network-alias verdaccio \
--env VERDACCIO_PORT=4873 \
--env VERDACCIO_PUBLIC_URL=https://npm.mozzie.cn \
--ip 172.21.0.196 \
--name verdaccio \
-v /www/wwwroot/nginx/html/verdaccio/storage:/verdaccio/storage \
-v /www/wwwroot/nginx/html/verdaccio/config:/verdaccio/conf \
-v /www/wwwroot/nginx/html/verdaccio/plugins:/verdaccio/plugins \
-d verdaccio/verdaccio
```
配置nginx的反向代理conf注意所在的docker网络使用`container_name`
```conf
server {
# listen 80;
listen 443 ssl;
server_name npm.mozzie.cn;
ssl_certificate /etc/nginx/ssl/npm.mozzie.cn_bundle.pem;
ssl_certificate_key /etc/nginx/ssl/npm.mozzie.cn.key;
gzip on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://verdaccio:4873/;
proxy_redirect off;
}
}
```
运行添加用户,报错,因为 `htpasswd`默认创建在宿主机,也就是上面挂载的`/www/wwwroot/nginx/html/verdaccio/storage`目录中
```bash
npm adduser --registry https://npm.mozzie.cn/
```
配置`htpasswd`、`storage` 文件夹权限
```bash
# 宿主机中执行
cd /www/wwwroot/nginx/html/verdaccio/storage
touch htpasswd
sudo chown 10001:65533 htpasswd
sudo chown -R 10001:65533 /www/wwwroot/nginx/html/verdaccio/storage
```
# verdaccio 用户管理
由于在 `config.yml` 中关闭了可访问权限
```yaml
auth:
htpasswd:
file: /verdaccio/storage/htpasswd
# 关闭注册手动添加用户默认Bcrypt算法
max_users: -1
packages:
"@*/*":
# 可访问权限web界面看不见不登陆也无法 install 包
access: $authenticated # $all
# 发布权限, $authenticated 表示只有通过验证的人
publish: $authenticated
# 可取消发布权限
unpublish: $authenticated
"**":
access: $authenticated
publish: $authenticated
unpublish: $authenticated
```
默认的 `addUser` 策略是 `Bcrypt` 生成密码,随便找个网页生成个密码,使用`账号:密码`添加到 `htpasswd` 文件中,例如
```bash
test:$2a$10$0xPGVnpcdxcfmFxtWyWDx./TRtm/W/gSzib/jck3w.sF9x.Ur8t8W
```
因此在实际开发中,管理员手动给用户创建好账号,然后根据用户的包管理工具,进行登录,例如以 `npm` 为例
```bash
npm adduser --registry https://npm.mozzie.cn/
# 输入 Username: mozzie | Password: xxx | Email: (this IS public) himozzie@foxmail.com
# 提示登陆成功 Logged in as mozzie on https://npm.mozzie.cn/.
```
在系统的 `cat ~/.npmrc` 中会增加一行,就可以正常的进行以来的安装了
```bash
//npm.mozzie.cn/:_authToken="Do/wrh5QzsnYaNU4x3ZlVA=="
```
# 项目 .npmrc Scope区分
需要指定 `.npmrc` 来区别 `Scope` 的安装地址,例如一个包名为 `@mozzie/hook`,对应的私库为 `https://npm.mozzie.cn/`
```bash
registry=http://registry.npm.taobao.org/
@mozzie:registry=https://npm.mozzie.cn
# npm拉包的校验
//https://npm.mozzie.cn/:_authToken=xxxxxxxxxxxxx
```