Skip to main content
Version: Next

Docker

To pull the latest pre-built docker image:

docker pull verdaccio/verdaccio

Docker pull

Tagged Versions

alt Docker Pulls Count

Since version v2.x you can pull docker images by tag, as follows:

For a major version:

docker pull verdaccio/verdaccio:4

For a minor version:

docker pull verdaccio/verdaccio:4.0

For a specific (patch) version:

docker pull verdaccio/verdaccio:4.0.0

If you are interested on a list of tags, please visit the Docker Hub website.

Running Verdaccio using Docker

To run the docker container:

docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio

The last argument defines which image to use. The above line will pull the latest prebuilt image from dockerhub, if you haven't done that already.

If you have build an image locally use verdaccio as the last argument.

You can use -v to bind mount conf, storage and plugins to the hosts filesystem (example below).

Note that if you do mount conf like this, that you will first need to supply a copy of config.yaml in that directory; the Docker container will not start properly if this file is missing. You can copy this file initially from https://github.com/verdaccio/verdaccio/blob/5.x/conf/docker.yaml. However, note the security warnings in that file; you will definitely want to lock it down in production.

V_PATH=/path/for/verdaccio; docker run -it --rm --name verdaccio \
-p 4873:4873 \
-v $V_PATH/conf:/verdaccio/conf \
-v $V_PATH/storage:/verdaccio/storage \
-v $V_PATH/plugins:/verdaccio/plugins \
verdaccio/verdaccio

if you are running in a server, you might want to add -d to run it in the background

Note: Verdaccio runs as a non-root user (uid=10001) inside the container, if you use bind mount to override default, you need to make sure the mount directory is assigned to the right user. In above example, you need to run sudo chown -R 10001:65533 /path/for/verdaccio otherwise you will get permission errors at runtime. Use docker volume is recommended over using bind mount.

Verdaccio 4 provides a new set of environment variables to modify either permissions, port or http protocol. Here the complete list:

PropertydefaultDescription
VERDACCIO_APPDIR/opt/verdacciothe docker working directory
VERDACCIO_USER_NAMEverdacciothe system user
VERDACCIO_USER_UID10001the user id being used to apply folder permissions
VERDACCIO_PORT4873the verdaccio port
VERDACCIO_PROTOCOLhttpthe default http protocol

SELinux

If SELinux is enforced in your system, the directories to be bind-mounted in the container need to be relabeled. Otherwise verdaccio will be forbidden from reading those files.

 fatal--- cannot open config file /verdaccio/conf/config.yaml: Error: CONFIG: it does not look like a valid config file

If verdaccio can't read files on a bind-mounted directory and you are unsure, please check /var/log/audit/audit.log to confirm that it's a SELinux issue. In this example, the error above produced the following AVC denial.

type=AVC msg=audit(1606833420.789:9331): avc:  denied  { read } for  pid=1251782 comm="node" name="config.yaml" dev="dm-2" ino=8178250 scontext=system_u:system_r:container_t:s0:c32,c258 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0

chcon can change the labels of shared files and directories. To make a directory accessible to containers, change the directory type to container_file_t.

$ chcon -Rt container_file_t ./conf

If you want to make the directory accessible only to a specific container, use chcat to specify a matching SELinux category.

An alternative solution is to use z and Z flags. To add the z flag to the mountpoint ./conf:/verdaccio/conf simply change it to ./conf:/verdaccio/conf:z. The z flag relabels the directory and makes it accessible by every container while the Z flags relables the directory and makes it accessible only to that specific container. However using these flags is dangerous. A small configuration mistake, like mounting /home/user or /var can mess up the labels on those directories and make the system unbootable.

Plugins

Plugins can be installed in a separate directory and mounted using Docker or Kubernetes, however make sure you build plugins with native dependencies using the same base image as the Verdaccio Dockerfile.

FROM node:lts-alpine as builder
RUN mkdir -p /verdaccio/plugins \
&& cd /verdaccio/plugins \
&& npm install --global-style --no-bin-links --omit=optional verdaccio-auth-memory@latest
FROM verdaccio/verdaccio:6
ADD docker.yaml /verdaccio/conf/config.yaml
COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
/verdaccio/plugins/node_modules/verdaccio-auth-memory \
/verdaccio/plugins/verdaccio-auth-memory

For more information check real plugin examples with Docker in our source code.

Docker and custom port configuration

Any host:port configured in conf/config.yaml under listen is currently ignored when using docker.

If you want to reach Verdaccio docker instance under different port, lets say 5000 in your docker run command add the environment variable VERDACCIO_PORT=5000 and then expose the port -p 5000:5000.

V_PATH=/path/for/verdaccio; docker run -it --rm --name verdaccio \
-e "VERDACCIO_PORT=8080" -p 8080:8080 \
verdaccio/verdaccio

Of course the numbers you give to the -p parameter need to match.

Using HTTPS with Docker

You can configure the protocol verdaccio is going to listen on, similarly to the port configuration. You have to overwrite the default value("http") of the PROTOCOL environment variable to "https", after you specified the certificates in the config.yaml.

docker run -it --rm --name verdaccio \
--env "VERDACCIO_PROTOCOL=https" -p 4873:4873
verdaccio/verdaccio

Using docker-compose

  1. Get the latest version of docker-compose.
  2. Build and run the container:
$ docker-compose up --build

You can set the port to use (for both container and host) by prefixing the above command with VERDACCIO_PORT=5000 .

version: '3.1'

services:
verdaccio:
image: verdaccio/verdaccio
container_name: 'verdaccio'
networks:
- node-network
environment:
- VERDACCIO_PORT=4873
ports:
- '4873:4873'
volumes:
- './storage:/verdaccio/storage'
- './config:/verdaccio/conf'
- './plugins:/verdaccio/plugins'
networks:
node-network:
driver: bridge

Docker will generate a named volume in which to store persistent application data. You can use docker inspect or docker volume inspect to reveal the physical location of the volume and edit the configuration, such as:

$ docker volume inspect verdaccio_verdaccio
[
{
"Name": "verdaccio_verdaccio",
"Driver": "local",
"Mountpoint": "/var/lib/docker/volumes/verdaccio_verdaccio/_data",
"Labels": null,
"Scope": "local"
}
]

Build your own Docker image

docker build -t verdaccio .

There is also an npm script for building the docker image, so you can also do:

yarn run build:docker

Note: The first build takes some minutes to build because it needs to run npm install, and it will take that long again whenever you change any file that is not listed in .dockerignore.

Please note that for any of the above docker commands you need to have docker installed on your machine and the docker executable should be available on your $PATH.

Docker Examples

There is a separate repository that hosts multiple configurations to compose Docker images with verdaccio, for instance, as reverse proxy:

https://github.com/verdaccio/docker-examples

Docker Custom Builds

If you have made an image based on Verdaccio, feel free to add it to this list.