npm-publish - 如何将第一个包发布(而不是 PUT)到新安装的 Verdaccio / Docker 实例?
问题描述
我已将 Verdaccio 安装为带有docker-compose.yml文件的 Docker 容器:
├── docker-compose.yml
├── INSTALLATION.md
├── README.md
└── volumes
├── conf
│ ├── config.yaml
│ └── htpasswd
├── plugins
└── storage
这是:
version: "3.7"
services:
registry:
image: verdaccio/verdaccio
networks:
verdaccio:
hostname: verdaccio
ports:
- 4873:4873
volumes:
- ~/dev/docker/registries/verdaccio/volumes/conf:/verdaccio/conf
- ~/dev/docker/registries/verdaccio/volumes/plugins:/verdaccio/plugins
- ~/dev/docker/registries/verdaccio/volumes/storage:/verdaccio/storage
environment:
VERDACCIO_PORT: 4873
deploy:
replicas: 1
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 30s
networks:
verdaccio:
name: verdaccio
和文件权限:
sudo groupadd verdaccio;
sudo useradd -s /bin/false -d /dev/null -g verdaccio verdaccio;
sudo chown -R verdaccio:verdaccio ~/dev/docker/registries/verdaccio/volumes/
sudo chmod -R 755 ~/dev/docker/registries/verdaccio/volumes
我正在尝试使用以下命令发布 Angular 库:
npm publish lib-core-0.0.1.tgz
但我得到了错误:
npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT http://verdaccio:4873/lib-core - user stephane is not allowed to publish package lib-core
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/stephane/.npm/_logs/2020-05-10T05_40_47_153Z-debug.log
✔ ~/dev/js/projects/angular/lib-core/dist/lib-core [master|…1]
07:40 $ npm publish @stephane/lib-core-0.0.1.tgz
npm ERR! code E404
npm ERR! 404 Not Found - GET http://verdaccio:4873/@stephane%2flib-core-0.0.1.tgz - no such package available
npm ERR! 404
npm ERR! 404 '@stephane/lib-core-0.0.1.tgz@latest' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/stephane/.npm/_logs/2020-05-10T05_40_55_652Z-debug.log
服务器日志:
verdaccio-registry_registry.1.662e59l987fw@stephane-pc | http <-- 403, user: stephane(10.255.0.2), req: 'PUT /lib-core', error: user stephane is not allowed to publish package lib-core
verdaccio-registry_registry.1.662e59l987fw@stephane-pc | http <-- 403, user: stephane(10.255.0.2), req: 'PUT /lib-core', error: user stephane is not allowed to publish package lib-core
verdaccio-registry_registry.1.662e59l987fw@stephane-pc | http <-- 403, user: stephane(10.255.0.2), req: 'GET /npm', error: user stephane is not allowed to access package npm
verdaccio-registry_registry.1.662e59l987fw@stephane-pc | http <-- 403, user: stephane(10.255.0.2), req: 'GET /npm', error: user stephane is not allowed to access package npm
verdaccio-registry_registry.1.662e59l987fw@stephane-pc | http <-- 404, user: stephane(10.255.0.2), req: 'GET /@stephane%2flib-core-0.0.1.tgz', error: no such package available
verdaccio-registry_registry.1.662e59l987fw@stephane-pc | http <-- 404, user: stephane(10.255.0.2), req: 'GET /@stephane%2flib-core-0.0.1.tgz', error: no such package available
verdaccio-registry_registry.1.662e59l987fw@stephane-pc | http <-- 404, user: stephane(10.255.0.2), req: 'GET /@stephane%2flib-core-0.0.1.tgz', error: no such package available
verdaccio-registry_registry.1.662e59l987fw@stephane-pc | http <-- 404, user: stephane(10.255.0.2), req: 'GET /@stephane%2flib-core-0.0.1.tgz', error: no such package available
当我读到这个错误时,我了解到该包在 Verdaccio 中被查找但未找到 (404)。等等..我不是想在这里添加一个新包吗?那么为什么先查呢?在发布之前我应该输入任何其他命令吗?麻烦的是,在这个 PUT 请求发出到服务器之前,我看不到任何添加包的 POST 请求。
我也尝试了(并得到了同样的错误)范围前缀:
npm publish @stephane/lib-core-0.0.1.tgz
我使用以下配置运行 Verdaccio:
storage: /verdaccio/storage
plugins: /verdaccio/plugins
auth:
htpasswd:
file: /verdaccio/conf/htpasswd
security:
api:
jwt:
sign:
expiresIn: 360d
notBefore: 1
web:
sign:
expiresIn: 7d
packages:
'@*/*':
access: $all
publish: $all
proxy: npmjs
'@stephane/*':
access: $anonymous
publish: $anonymous
proxy: npmjs
存储仍然是空的:
stephane@stephane-pc:~/dev/docker/registries/verdaccio$ ll volumes/storage/
total 0
即使删除packages:配置并重新启动 Verdaccio 容器,在npm login命令成功后,发布命令再次失败并出现403 Forbidden错误:
~/dev/js/projects/angular/lib-core/dist/lib-core [master|…1]
08:04 $ npm publish lib-core-0.0.1.tgz
更新:整个问题是主机卷权限问题。我将权限恢复为我的常规主机用户,并在运行时将此用户分配给容器。我在docker-compose.yml文件中添加了以下user属性:
user: "${CURRENT_UID}:${CURRENT_GID}"
我还更改了包配置,以允许经过身份验证的用户访问范围包:
packages:
'@*/*':
access: $all
publish: $authenticated
'**':
proxy: npmjs
容器现在与主机用户一起运行,问题消失了。
解决方案
推荐阅读
- javascript - JS浏览器扩展控制台日志字
- excel - 使用查找和删除删除重复项突然变慢
- javascript - Set-Cookie 添加2个cookie
- scala - 实例化规范类时出现“找到接口 scalaz.Tree,但应使用类”错误
- python - python itertool组合列表不完整
- regex - ReplaceWith 条件 DTE
- multithreading - TCriticalSection 有许多读者和一位作者
- docker - Flutter:Visual Studio 模拟器
- javascript - 将 redux 与 redux-persist 与服务器端渲染一起使用
- javascript - 在 $http.post angularJS 之后调用 $http.get