NPM 私有仓库的搭建
为什么搭建私有仓库
balabala,当然是有需求的时候嘛
搭建流程
介绍和安装verdaccio
备注:
程序启动后,配置文件为/home/work/.config/verdaccio/config.yaml
密码文件所在位置:/home/work/.config/verdaccio/htpasswd
日志文件所在文职:/home/work/verdaccio.log
-
Nodejs环境全局安装(root)
npm install –g verdaccio -
pm2 运行程序,注意请切换成普通用户work,不需要root
pm2 start verdaccio -
修改配置文件,配置文件如下,
参照默认文件修改内容如下- max_users: -1, 限制用户自行注册
- logs 日记存储方式为文件
- title 修改为公司名称
- 修改packages的访问,发布,取消发布的权限,都改为需要登录的权限,初步限制仅公司内部认证过的账户可访问(access: $authenticated,publish: $authenticated,unpublish: $authenticated,proxy: npmjs)
- 后期需要的话,可针对不同的仓库配置不同的人员username权限,有开发能力的团队,可自行定制插件中间件,比如限制IP和用户名访问
自定义UI界面
从官方ui主题仓库fork到个人帐号,然后克隆到本地开始进行自定义修改
自定义界面后需要发布版本到npm中,根据配置文件的theme设定重启后会自定应用
从官方仓库中fock出来,修改搜索关键字favicon, title, logo等,footer和header也可以修改一下
修改package.json中的name属性,修改为 verdaccio-theme-****
安装依赖,打包,等录npm,发布到npm仓库(可发布到共有npm,也可以发布到刚刚新起的npm私有仓库服务)
npm install && npm run build && npm login && npm publishnpm i verdaccio-theme-**** -g
服务端安装刚刚发布的主题包(root, 全局安装,因为verdaccio是动态加载插件)
最后在配置文件中修改主题配置
theme:
****:
a:b
su work
pm2 restart verdaccio 重启服务生效
刷新页面吧亲。不知道为什么,仅写theme: ****或者换行不生效,反正我也不懂,能用就行
添加用户
去网站生成密码,然后将密码添加到服务端密码文件中,记得重启服务
默认配置
#
# This is the default config file. It allows all users to do anything,
# so don't use it on production systems.
#
# Look here for more config file examples:
# https://github.com/verdaccio/verdaccio/tree/master/conf
#
# path to a directory with all packages
storage: ./storage
# path to a directory with plugins to include
plugins: ./plugins
web:
title: Qianjunet npm repo
# comment out to disable gravatar support
# gravatar: false
# by default packages are ordercer ascendant (asc|desc)
# sort_packages: asc
auth:
htpasswd:
file: ./htpasswd
# Maximum amount of users allowed to register, defaults to "+inf".
# You can set this to -1 to disable registration.
max_users: -1
# a list of other known repositories we can talk to
uplinks:
npmjs:
url: https://registry.npmjs.org/
packages:
'@*/*':
# scoped packages
# access: $all
access: $authenticated
publish: $authenticated
unpublish: $authenticated
proxy: npmjs
'**':
# allow all users (including non-authenticated users) to read and
# publish all packages
#
# you can specify usernames/groupnames (depending on your auth plugin)
# and three keywords: "$all", "$anonymous", "$authenticated"
# access: $all
access: $authenticated
# allow all known users to publish/publish packages
# (anyone can register by default, remember?)
publish: $authenticated
unpublish: $authenticated
# if package is not available locally, proxy requests to 'npmjs' registry
proxy: npmjs
# You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections.
# A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout.
# WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough.
server:
keepAliveTimeout: 60
middlewares:
audit:
enabled: true
# log settings
logs:
#- { type: stdout, format: pretty, level: http }
- {type: file, path: ./verdaccio.log, level: info}
#experiments:
# # support for npm token command
# token: false
配置nginx, 将请求转发到4873服务
server {
listen 80;
server_name npm.**********.com;
location / {
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:4873$request_uri;
proxy_redirect off;
}
}
如何使用?nrm
-
npm i -g nrm
-
查看当前所有npm的镜像源
nrm ls -
使用淘宝源
1nrm use taobao -
添加我们自定义的私有仓库的源
1nrm add ******** http://npm.*****.com -
使用自定义的源
1nrm use ******** -
添加错误后,可删除源
1nrm del ***** -
切换到自定义npm源后,使用npm登录
1
2
3
4
5
6nrm use ******
npm login
input username:
input password:
input public email:
输入相关信息后登录成功,登录成功即可使用npm install some-package-name
发布package
1
|
npm init
|
最终详细配置,还是得看官网,虽然官网的描述很不好懂,而且不全,但是比本篇记录要全,毕竟这个只是小哥哥看完文档,实际操作后的随笔而已
TODO: 待对接npm的用户信息到https://gitlab.*****.com