Nginx as NPM proxy

(Arti) #1

Hi!
I try to use nginx as npm caching proxy. I’ve got some troubles with obtaining tgz files. Everytime when I try to install packages via npm install --verbose. NPM goes fetch filelist from http:///repository/npm-proxy/angular, but then try fetch tgz files directly from https://registry.npmjs.org. Take a look at log:

npm http fetch GET 200 http://<my_ip>/repository/npm-proxy/angular 66ms
npm http fetch GET 200 https://registry.npmjs.org/angular/-/angular-1.6.9.tgz 91ms

I’ve set registry in .npmrc in the next way:

registry=http://<my_ip>/repository/npm-proxy/

Also, all links to tgz files(tarballs) in response from this link (http:///repository/npm-proxy/angular) has been updated according my ip, using Nginx’s sub_filter, so I’m assuming that npm will use updated links for fetching tgz files. But no, it uses https://registry.npmjs.org. I’ve tested this behaviour with different projects result is identical.

NPM try send audit info to my ip, when it fails, it try use external registry.

npm http fetch POST 404 http://<my_ip>/-/npm/v1/security/audits/quick 16ms
npm http fetch POST 200 https://registry.npmjs.org/-/npm/v1/security/audits/quick 316ms

But on nginx side I don’t see any requests which are related to tarballs.

My nginx config here.https://pastebin.com/4m6MMQXk

Why npm tries fetch tarballs from https://registry.npmjs.org?

0 Likes

(Lars Willighagen) #2

Well, that should do it. Could you take a look at the output of

http://<my_ip>/repository/npm-proxy/angular

in the browser or with cURL or something else, and then check if there are no more references to registry.npmjs.org?

If you don’t want the audit, you can turn it off with the audit option (--no-audit or audit=false). I don’t know why npm falls back to the external registry, but this seems like an okay workaround.

0 Likes

(Arti) #3

No, no one reference. Everything replaced with nginx sub_filter.

Thx

0 Likes

(system) closed #4

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

0 Likes