amazon-web-services - NPM Verdaccio - 设置上行链路到自己的远程服务器

Question

我刚刚在我们的本地网络中构建了一个 NPM Verdaccio 私有(private)注册表服务器，我想配置一个 UPLINK 到我们托管在 AWS 上的远程 NPM Verdaccio 服务器(并保留原始的 npmjs 注册表)。

来自 Verdaccio config.yaml 的片段

uplinks:
  npmjs:
    url: https://registry.npmjs.org/
  our-NPM-AWS-server:
    url: https://our-NPM-AWS-server.com

根据文档 ( Verdaccio_UPLINK )，无论如何，我必须在那里设置身份验证参数。我找到了 UPLINKS 的用法 here - uplink authorization & here - getting an Auth Token ，但这让我很困惑，因为我不确定要将什么设置为 AUTH 方法:

   auth:
     token:
       type: bearer | basic,
       token: "token",
       token_env:  true | <get name process.env> `NPM_TOKEN`

我找不到任何可以指导我的教程，所以我想寻求一些见解和帮助 - 在内部 NPM 服务器和远程 NPM AWS 服务器上设置什么是必要的。

配置:

内部 NPM 服务器

ubuntu 16.04, node v8.11.1, npm v5.8, Verdaccio v.2.7.4, access is controlled by .htpasswd, NPM is accessible on port 80 (listens on http://127.0.0.1:4873)

在 AWS 上远程自己的 NPM 服务器

ubuntu 14.04, node v6.14.1, npm v3.10.10, Verdaccio v.2.7.4, access is controlled by .htpasswd, NPM is accessible only via 443 from the outside (proxy_http listens on http://127.0.0.1:4873 with an url_prefix: https://our-NPM-AWS-server.com)

两台服务器都正常运行(您可以使用您的 NPM 帐户登录那里，推送包等)。

非常感谢

---

编辑 2018-04-26

AWS NPM 服务器已注册到应用程序 ELB，它在端口 443 上监听。AWS NPM 服务器在端口 443 上监听并且位于私有(private)子网中。我尝试将 AWS Verdaccio 实例放入公共(public)子网并在没有 ELB 的情况下直接访问它，但是它没有任何影响并且行为是相同的。

AWS NPM的config.yaml文件UPLINKS部分没有改变

packages:
  '@*/*':
    # scoped packages
    access: $all
    publish: $authenticated
    proxy: npmjs

  '**':
    # allow all users (including non-authenticated users) to read and
    # publish all packages
    #
    # you can specify usernames/groupnames (depending on your auth plugin)
    # and three keywords: "$all", "$anonymous", "$authenticated"
    access: $authenticated

    # allow all known users to publish packages
    # (anyone can register by default, remember?)
    publish: $authenticated

    # if package is not available locally, proxy requests to 'npmjs' registry
    proxy: npmjs

我试过设置

  '**':
    access: $all

然而，它没有任何效果。

内部Verdaccio Server的config.yaml

uplinks:
  aws:
    url: https://our-NPM-AWS-server.com/
    #strictUrlMatch: false
    headers:
      authorization: "Basic <token_which_I_harvested_from_/.npmrc_file>"

packages:
  '@*/*':
    # scoped packages
    access: $all
    publish: $authenticated
    proxy: aws

  '**':
    # allow all users (including non-authenticated users) to read and
    # publish all packages
    #
    # you can specify usernames/groupnames (depending on your auth plugin)
    # and three keywords: "$all", "$anonymous", "$authenticated"
    access: $all

    # allow all known users to publish packages
    # (anyone can register by default, remember?)
    publish: $authenticated

    # if package is not available locally, proxy requests to 'npmjs' registry
    proxy: aws

---

在内部 Verdaccio 实例上，我尝试从 AWS Verdaccio 实例获取一些包

npm pack --verbose verdaccio-bitbucket

这是来自 AWS Verdaccio 的日志:

{"name":"verdaccio","hostname":"hostname_our-NPM-AWS-server","pid":8494,"sub":"in",
"level":30,"req":{"method":"GET","url":"/verdaccio-bitbucket",
"headers":{"host":"our-NPM-AWS-server.com","x-forwarded-for"
:"Public_IP_of_Internal_Verdaccio, 10.XXX.XX.XXX","x-forwarded-proto"
:"https","x-forwarded-port":"443","x-amzn-trace-id":
"Root=X-XXXXXX-XXXXXXXXXXXXXXXX","accept":"application/json;",
"accept-encoding":"gzip","user-agent":"npm (verdaccio/2.7.4)",
"via":"1.1 f8d74eab3cc6 (Verdaccio)","authorization":"<Classified>",
"x-forwarded-host":"our-NPM-AWS-server.com",
"x-forwarded-server":"our-NPM-AWS-server.com","connection":"Keep-Alive"},
"remoteAddress":"127.0.0.1","remotePort":42608},"ip":"127.0.0.1",
"msg":"@{ip} requested '@{req.method} @{req.url}'",
"time":"2018-04-26T20:12:38.893Z","v":0}

{"name":"verdaccio","hostname":"hostname_our-NPM-AWS-server","pid":8494,"sub":"in",
"level":35,"request":{"method":"GET","url":"/verdaccio-bitbucket"},
"remoteIP":"Public_IP_of_Internal_Verdaccio, 10.XXX.XX.XXX via
127.0.0.1","**status":403,"error":"unregistered users are not allowed
to access package verdaccio-bitbucket"**,"bytes":
"in":0,"out":180},"msg":"@{status}, user: @{user}(@{remoteIP}),
req: '@{request.method} @{request.url}', error: @{!error}",
"time":"2018-04-26T20:12:38.895Z","v":0}

这是来自 Internal Verdaccio 的日志，命令从那里运行:

http --> 200, req: 'GET https://our-NPM-AWS-server.com/verdaccio-bitbucket' (streaming)
 http --> 200, req: 'GET https://our-NPM-AWS-server.com/verdaccio-bitbucket', bytes: 0/34578
 http <-- 200, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket', bytes: 0/5038
 http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403
 http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403
 http <-- 500, user: <npm_account>(127.0.0.1), req: 'GET /verdaccio-bitbucket/-/verdaccio-bitbucket-1.0.0.tgz', error: bad uplink status code: 403

Answer 1

您的配置是正确的，但有点错误。让我修复它。

uplinks:
  aws:
    url: https://our-NPM-AWS-server.com/
    #strictUrlMatch: false
    headers:
      authorization: "Bearer <token_which_I_harvested_from_/.npmrc_file>"

不要使用 Basic，它是 Bearer verdaccio 使用 JWT，不幸的是，verdaccio 中间件不接受小写的 bearer(从 verdaccio@v3.0.0-beta 开始就可以) .7).

For clarification about Basis and JWT. Since version verdaccio@2.3.0 all tokes are generated with JWT library, somehow, for legacy/unit testing reasons we still accept Basis authentification headers, but, all new tokens generated since verdaccio@2.3.0 must use Bearer in headers instead Basis.

我将在 Github 上报告几个问题，虽然是次要问题，但仍然会导致像这样的问题。

希望对你有帮助。