使用反向代理是一种常见做法。 以下配置是 最推荐和最常用的配置。
重要,被视为解析公共协议的 X-Forwarded-Proto 和 Host 域名请求头,请将它们包含在您的配置中。
Apache
A full docker example using the official httpd:2.4 image can be found in our Docker examples repository.
Apache and mod_proxy should not decode/encode slashes and leave them as they are.
Publishing large packages: Apache limits request bodies via
LimitRequestBody(and front proxies may add their own limit). Ifnpm publishof a big tarball fails with HTTP413 Request Entity Too Large, addLimitRequestBody 0(unlimited) inside theVirtualHost. The nginx equivalent isclient_max_body_size 0;.
在服务器上以相对路径 /npm 安装时
<VirtualHost *:80>
AllowEncodedSlashes NoDecode
ProxyPass /npm http://127.0.0.1:4873 nocanon
ProxyPassReverse /npm http://127.0.0.1:4873
</VirtualHost>
在服务器上以根路径 / 安装时
apacheconfig
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName npm.your.domain.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/npm.your.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/npm.your.domain.com/privkey.pem
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
ProxyPass / http://127.0.0.1:4873/ nocanon
ProxyPassReverse / http://127.0.0.1:4873/
</VirtualHost>
</IfModule>
配置 SSL
Apache 虚拟服务器配置。
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName npm.your.domain.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/npm.your.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/npm.your.domain.com/privkey.pem
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
LimitRequestBody 0
ProxyPass / http://127.0.0.1:4873/ nocanon
ProxyPassReverse / http://127.0.0.1:4873/
RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
</IfModule>
Checksum 无效
有时,运行 npm install,gzip 压缩可能会扰乱请求,并导致如下错误消息:
npm WARN tar TAR_ENTRY_INVALID checksum failure
npm WARN tar zlib: incorrect data check
要解决这个问题,可以在配置中添加以下内容,禁用虚拟主机的 gzip 压缩:
SetEnv no-gzip 1
配置结果类似于:
<VirtualHost *:80>
AllowEncodedSlashes NoDecode
SetEnv no-gzip 1
ProxyPass /npm http://127.0.0.1:4873 nocanon
ProxyPassReverse /npm http://127.0.0.1:4873
</VirtualHost>
仅当您遇到问题时,才应将其添加到虚拟主机配置中。
Nginx
The following snippet is a full docker example can be tested in our Docker examples repository.
upstream verdaccio_v4 {
server verdaccio_relative_path_v4:4873;
keepalive 8;
}
upstream verdaccio_v4_root {
server verdaccio_relative_path_v4_root:8000;
keepalive 8;
}
upstream verdaccio_v3 {
server verdaccio_relative_path_latest_v3:7771;
keepalive 8;
}
server {
listen 80 default_server;
access_log /var/log/nginx/verdaccio.log;
charset utf-8;
# nginx limits request bodies to 1 MB by default, which makes `npm publish`
# of larger package tarballs fail with HTTP 413. Set 0 to disable the limit.
client_max_body_size 0;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://verdaccio_v4_root;
proxy_redirect off;
}
location ~ ^/verdaccio/(.*)$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://verdaccio_v4/$1;
proxy_redirect off;
}
location ~ ^/verdacciov3/(.*)$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://verdaccio_v3/$1;
proxy_redirect off;
}
}
SSL 示例
server {
listen 80;
return 302 https://$host$request_uri;
}
server {
# `listen ... ssl` enables TLS. The standalone `ssl on;` directive was
# removed in nginx 1.25.1, and the `http2` listen parameter is deprecated
# in favour of the `http2 on;` directive.
listen 443 ssl;
http2 on;
server_name localhost;
ssl_certificate /etc/nginx/cert.crt;
ssl_certificate_key /etc/nginx/cert.key;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://verdaccio_v4_root;
proxy_read_timeout 600;
proxy_redirect off;
}
location ~ ^/verdaccio/(.*)$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://verdaccio_v4_root/$1;
proxy_redirect off;
}
}
在具有不同域和端口的反向代理后面运行
子目录
如果整个 URL 用于 Verdaccio,则无需定义 url_prefix,否则 您的 config.yaml 中需要类似的内容。
url_prefix: /sub_directory/
如果在反向代理后运行 Verdaccio,您可能会发现所有资源文件都以相对路径提供,如 http://127.0.0.1:4873/-/static
要解决此问题,您应该使用 Host 标头将真实域名和端口发送到 Verdaccio
Nginx 配置应该如下所示:
location / {
proxy_pass http://127.0.0.1:4873/;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
对于这种情况,url_prefix 不应在 Verdaccio 配置中设置
或子目录安装:
location ~ ^/verdaccio/(.*)$ {
proxy_pass http://127.0.0.1:4873/$1;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
在这个例子里, url_prefix 应该设置为/verdaccio/
注意:安装路径后面有一个斜杠(
https://your-domain:port/verdaccio/)!
覆盖公共 url
自
verdaccio@5.0.0
新的 VERDACCIO_PUBLIC_URL 用于代理后,该变量将用于:
- 用作提供 UI 资源(js、favicon 等)的基本路径
- 用于返回元数据
dist基本路径 - 忽略
host和X-Forwarded-Proto请求头 - 如果定义了
url_prefix,则会将其附加到环境变量中。
VERDACCIO_PUBLIC_URL='https://somedomain.org';
url_prefix: '/my_prefix'
// url -> https://somedomain.org/my_prefix/
VERDACCIO_PUBLIC_URL='https://somedomain.org';
url_prefix: '/'
// url -> https://somedomain.org/
VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix';
url_prefix: '/second_prefix'
// url -> https://somedomain.org/second_prefix/'
