I just built an NPM Verdaccio private registry server within our local network and I would like configure an UPLINK to our remote NPM Verdaccio server which is hosted at AWS (and also keep the original npmjs registry).
snippet from Verdaccio config.yaml
uplinks:
npmjs:
url: https://registry.npmjs.org/
our-NPM-AWS-server:
url: https://our-NPM-AWS-server.com
based on the documentation (Verdaccio_UPLINK), I have to set the Authentication parameters there, anyhow. I found the usage of the UPLINKS here - uplink authorization & here - getting an Auth Token , but it is pretty confusing for me because I am not sure what to set as an AUTH method:
auth:
token:
type: bearer | basic,
token: "token",
token_env: true | <get name process.env> `NPM_TOKEN`
I was not able to find any tutorial which would guide me, so I would like to ask for some insight & help - what is necessary to set on the Internal NPM server & also on the remote NPM AWS server.
Configuration:
Internal NPM server
ubuntu 16.04, node v8.11.1, npm v5.8, Verdaccio v.2.7.4, access is controlled by .htpasswd, NPM is accessible on port 80 (listens on http://127.0.0.1:4873)
Remote own NPM server at AWS
ubuntu 14.04, node v6.14.1, npm v3.10.10, Verdaccio v.2.7.4, access is controlled by .htpasswd, NPM is accessible only via 443 from the outside (proxy_http listens on http://127.0.0.1:4873 with an url_prefix: https://our-NPM-AWS-server.com)
Both servers are operating normally (you can log there with your NPM account, push the packages, etc).
thank you very much
EDIT 2018-04-26
The AWS NPM server is registered into Application ELB, which listens on port 443. The AWS NPM server listens on port 443 and is located in private subnet. I tried to place AWS Verdaccio instance into public subnet and to access it directly without ELB, however it didnt have any affect and the behavior was same.
The config.yaml file of AWS NPM The UPLINKS part was not changed
packages:
'@*/*':
# scoped packages
access: $all
publish: $authenticated
proxy: npmjs
'**':
# allow all users (including non-authenticated users) to read and
# publish all packages
#
# you can specify usernames/groupnames (depending on your auth plugin)
# and three keywords: "$all", "$anonymous", "$authenticated"
access: $authenticated
# allow all known users to publish packages
# (anyone can register by default, remember?)
publish: $authenticated
# if package is not available locally, proxy requests to 'npmjs' registry
proxy: npmjs
I tried to set
'**':
access: $all
However, it didnt have any effect.
The config.yaml of Internal Verdaccio Server
uplinks:
aws:
url: https://our-NPM-AWS-server.com/
#strictUrlMatch: false
headers:
authorization: "Basic <token_which_I_harvested_from_/.npmrc_file>"
packages:
'@*/*':
# scoped packages
access: $all
publish: $authenticated
proxy: aws
'**':
# allow all users (including non-authenticated users) to read and
# publish all packages
#
# you can specify usernames/groupnames (depending on your auth plugin)
# and three keywords: "$all", "$anonymous", "$authenticated"
access: $all
# allow all known users to publish packages
# (anyone can register by default, remember?)
publish: $authenticated
# if package is not available locally, proxy requests to 'npmjs' registry
proxy: aws
On Internal Verdaccio instance, I tried to get some package from AWS Verdaccio instance
npm pack --verbose verdaccio-bitbucket
and this is log from AWS Verdaccio:
{"name":"verdaccio","hostname":"hostname_our-NPM-AWS-server","pid":8494,"sub":"in",
"level":30,"req":{"method":"GET","url":"/verdaccio-bitbucket",
"headers":{"host":"our-NPM-AWS-server.com","x-forwarded-for"
:"Public_IP_of_Internal_Verdaccio, 10.XXX.XX.XXX","x-forwarded-proto"
:"https","x-forwarded-port":"443","x-amzn-trace-id":
"Root=X-XXXXXX-XXXXXXXXXXXXXXXX","accept":"application/json;",
"accept-encoding":"gzip","user-agent":"npm (verdaccio/2.7.4)",
"via":"1.1 f8d74eab3cc6 (Verdaccio)","authorization":"<Classified>",
"x-forwarded-host":"our-NPM-AWS-server.com",
"x-forwarded-server":"our-NPM-AWS-server.com","connection":"Keep-Alive"},
"remoteAddress":"127.0.0.1","remotePort":42608},"ip":"127.0.0.1",
"msg":"@{ip} requested '@{req.method} @{req.url}'",
"time":"2018-04-26T20:12:38.893Z","v":0}
{"name":"verdaccio","hostname":"hostname_our-NPM-AWS-server","pid":8494,"sub":"in",
"level":35,"request":{"method":"GET","url":"/verdaccio-bitbucket"},
"remoteIP":"Public_IP_of_Internal_Verdaccio, 10.XXX.XX.XXX via
127.0.0.1","**status":403,"error":"unregistered users are not allowed
to access package verdaccio-bitbucket"**,"bytes":
"in":0,"out":180},"msg":"@{status}, user: @{user}(@{remoteIP}),
req: '@{request.method} @{request.url}', error: @{!error}",
"time":"2018-04-26T20:12:38.895Z","v":0}
and this is log from Internal Verdaccio, where the command was ran from:
http --> 200, req: 'GET https://our-NPM-AWS-server.com/verdaccio-bitbucket' (streaming)
http --> 200, req: 'GET https://our-NPM-AWS-server.com/verdaccio-bitbucket', bytes: 0/34578
http <-- 200, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket', bytes: 0/5038
http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403
http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403
http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403
