verdaccio/docker.md at b6e47118982a9fb530a4ebf8f405bcdb7d0cd30b

mirror of https://github.com/verdaccio/verdaccio.git synced 2024-11-13 03:35:52 +01:00

chore(website): plugin search ui (#3539 )

* chore: plugin search ui

chore: progress

chore: format code

chore: progress

chore: @verdaccio-ui/copy-clipboard

chore: search finish

* chore: ui-components

* Update ToolList.tsx

* xss protection

* Update static-data.yml

* Update AddonCard.tsx

2022-12-25 18:48:18 +01:00

12 KiB

Raw Blame History

id	title
docker	Docker

To pull the latest pre-built docker image:

docker pull verdaccio/verdaccio

Tagged Versions

Since version v2.x you can pull docker images by tag, as follows:

For a major version:

docker pull verdaccio/verdaccio:4

For a minor version:

docker pull verdaccio/verdaccio:4.0

For a specific (patch) version:

docker pull verdaccio/verdaccio:4.0.0

If you are interested on a list of tags, please visit the Docker Hub website.

Running Verdaccio using Docker

To run the docker container:

docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio

The last argument defines which image to use. The above line will pull the latest prebuilt image from dockerhub, if you haven't done that already.

If you have build an image locally use verdaccio as the last argument.

You can use -v to bind mount conf, storage and plugins to the hosts filesystem (example below).

Note that if you do mount conf like this, that you first need to supply a copy of config.yaml in that directory. The Docker container will not start properly if this file is missing.

You can copy this file initially from https://github.com/verdaccio/verdaccio/blob/5.x/conf/docker.yaml.

However, note the security warnings in that file; you will definitely want to lock it down in production.

V_PATH=/path/for/verdaccio; docker run -it --rm --name verdaccio \
  -p 4873:4873 \
  -v $V_PATH/conf:/verdaccio/conf \
  -v $V_PATH/storage:/verdaccio/storage \
  -v $V_PATH/plugins:/verdaccio/plugins \
  verdaccio/verdaccio

if you are running in a server, you might want to add -d to run it in the background

Note: Verdaccio runs as a non-root user (uid=10001) inside the container, if you use bind mount to override default, you need to make sure the mount directory is assigned to the right user. In above example, you need to run sudo chown -R 10001:65533 /path/for/verdaccio otherwise you will get permission errors at runtime. Use docker volume is recommended over using bind mount.

Environment variables

Verdaccio provides a new set of environment variables to modify either permissions, port or http protocol, see them at the environment variables page.

SELinux

If SELinux is enforced in your system, the directories to be bind-mounted in the container need to be relabeled. Otherwise verdaccio will be forbidden from reading those files.

 fatal--- cannot open config file /verdaccio/conf/config.yaml: Error: CONFIG: it does not look like a valid config file

If verdaccio can't read files on a bind-mounted directory and you are unsure, please check /var/log/audit/audit.log to confirm that it's a SELinux issue. In this example, the error above produced the following AVC denial.

type=AVC msg=audit(1606833420.789:9331): avc:  denied  { read } for  pid=1251782 comm="node" name="config.yaml" dev="dm-2" ino=8178250 scontext=system_u:system_r:container_t:s0:c32,c258 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0

chcon can change the labels of shared files and directories. To make a directory accessible to containers, change the directory type to container_file_t.

$ chcon -Rt container_file_t ./conf

If you want to make the directory accessible only to a specific container, use chcat to specify a matching SELinux category.

An alternative solution is to use z and Z flags. To add the z flag to the mountpoint ./conf:/verdaccio/conf simply change it to ./conf:/verdaccio/conf:z. The z flag relabels the directory and makes it accessible by every container while the Z flags relables the directory and makes it accessible only to that specific container. However using these flags is dangerous. A small configuration mistake, like mounting /home/user or /var can mess up the labels on those directories and make the system unbootable.

Plugins

Plugins can be installed in a separate directory and mounted using Docker or Kubernetes, however make sure you build plugins with native dependencies using the same base image as the Verdaccio Dockerfile.

Creating your own `Dockerfile` using `verdaccio/verdaccio:tag` as base

If the plugin already exist in some registry, it could be installed globally with npm command.

FROM verdaccio/verdaccio:5
ADD docker.yaml /verdaccio/conf/config.yaml
USER root
RUN npm install --global verdaccio-static-token \
  && npm install --global verdaccio-auth-memory
USER $VERDACCIO_USER_UID

For more detailed plugin example, check the with docker-examples folder.

Adding plugins with local plugins a `Dockerfile`

If you don't have the packages available some registry and you want to try out a local plugin, you can use the folder /verdaccio/plugins for it, verdaccio will look at this folder for plugins on startup.

Create a base image with multi stage support.
ADD the local plugin into the image
Install dependencies, required if your plugin has dependencies, you might need to build in case you need a transpilation step (tsc, babel).
Copying the final folder into the final image and applying permissions so verdaccio can find the folders (verdaccio uses custom user $VERDACCIO_USER_UID, read more here).

FROM node:lts-alpine as builder
RUN mkdir -p /verdaccio/plugins
ADD plugins/verdaccio-docker-memory /verdaccio/plugins/verdaccio-docker-memory
RUN cd /verdaccio/plugins/verdaccio-docker-memory \
  && npm install --production
FROM verdaccio/verdaccio:5
ADD docker.yaml /verdaccio/conf/config.yaml
COPY --chown=$VERDACCIO_USER_UID:root --from=builder \
  /verdaccio/plugins/verdaccio-docker-memory \
  /verdaccio/plugins/verdaccio-docker-memory

For more detailed plugin example, check the with docker-examples folder.

Adding plugins without creating a new image

Using docker-compose.yaml example below.
Mapping volumes in docker, verdaccio will look up for plugins at /verdaccio/plugins by default.

V_PATH=/path/for/verdaccio; docker run -it --rm --name verdaccio \
  -p 4873:4873 \
  -v $V_PATH/conf:/verdaccio/conf \
  -v $V_PATH/storage:/verdaccio/storage \
  -v $V_PATH/plugins:/verdaccio/plugins \
  verdaccio/verdaccio

Docker and custom port configuration

Any host:port configured in conf/config.yaml under listen is currently ignored when using docker.

If you want to reach Verdaccio docker instance under different port, lets say 5000 in your docker run command add the environment variable VERDACCIO_PORT=5000 and then expose the port -p 5000:5000.

V_PATH=/path/for/verdaccio; docker run -it --rm --name verdaccio \
  -e "VERDACCIO_PORT=8080" -p 8080:8080 \
  verdaccio/verdaccio

Of course the numbers you give to the -p parameter need to match.

Using HTTPS with Docker

You can configure the protocol verdaccio is going to listen on, similarly to the port configuration. You have to overwrite the default value("http") of the PROTOCOL environment variable to "https", after you specified the certificates in the config.yaml.

docker run -it --rm --name verdaccio \
  --env "VERDACCIO_PROTOCOL=https" -p 4873:4873
  verdaccio/verdaccio

Using docker-compose

Get the latest version of docker-compose.
Build and run the container:

$ docker-compose up --build

You can set the port to use (for both container and host) by prefixing the above command with VERDACCIO_PORT=5000 .

version: '3.1'

services:
  verdaccio:
    image: verdaccio/verdaccio
    container_name: 'verdaccio'
    networks:
      - node-network
    environment:
      - VERDACCIO_PORT=4873
    ports:
      - '4873:4873'
    volumes:
      - './storage:/verdaccio/storage'
      - './config:/verdaccio/conf'
      - './plugins:/verdaccio/plugins'
networks:
  node-network:
    driver: bridge

Docker will generate a named volume in which to store persistent application data. You can use docker inspect or docker volume inspect to reveal the physical location of the volume and edit the configuration, such as:

$ docker volume inspect verdaccio_verdaccio
[
    {
        "Name": "verdaccio_verdaccio",
        "Driver": "local",
        "Mountpoint": "/var/lib/docker/volumes/verdaccio_verdaccio/_data",
        "Labels": null,
        "Scope": "local"
    }
]

Build your own Docker image

Go to the 5.x branch and run:

docker build -t verdaccio .

There is also an yarn script for building the docker image, so you can also do:

yarn run build:docker

Note: The first build takes some minutes to build because it needs to run yarn install, and it will take that long again whenever you change any file that is not listed in .dockerignore.

Please note that for any of the above docker commands you need to have docker installed on your machine and the docker executable should be available on your $PATH.

Docker Examples

There is a separate repository that hosts multiple configurations to compose Docker images with verdaccio, for instance, as reverse proxy:

https://github.com/verdaccio/docker-examples

Docker Custom Builds

If you have made an image based on Verdaccio, feel free to add it to this list.

docker-verdaccio-multiarch Multiarch image mirrors
docker-verdaccio-gitlab
docker-verdaccio
docker-verdaccio-s3 Private NPM container that can backup to s3
docker-verdaccio-ldap
verdaccio-ldap
verdaccio-compose-local-bridge
docker-verdaccio
verdaccio-docker
verdaccio-server
coldrye-debian-verdaccio docker image providing verdaccio from coldrye-debian-nodejs.
verdaccio-github-oauth-ui

12 KiB Raw Blame History