diff --git a/conf/default.yaml b/conf/default.yaml index 707f9c858..a2a230e06 100644 --- a/conf/default.yaml +++ b/conf/default.yaml @@ -3,14 +3,17 @@ # so don't use it on production systems. # # Look here for more config file examples: -# https://github.com/verdaccio/verdaccio/tree/master/conf +# https://github.com/verdaccio/verdaccio/tree/5.x/conf # +# Read about the best practices +# https://verdaccio.org/docs/best # path to a directory with all packages storage: ./storage # path to a directory with plugins to include plugins: ./plugins +# https://verdaccio.org/docs/webui web: title: Verdaccio # comment out to disable gravatar support @@ -48,6 +51,7 @@ web: # list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md # web: en-US +# https://verdaccio.org/docs/configuration#authentication auth: htpasswd: file: ./htpasswd @@ -55,11 +59,15 @@ auth: # You can set this to -1 to disable registration. # max_users: 1000 +# https://verdaccio.org/docs/configuration#uplinks # a list of other known repositories we can talk to uplinks: npmjs: url: https://registry.npmjs.org/ +# Learn how to protect your packages +# https://verdaccio.org/docs/protect-your-dependencies/ +# https://verdaccio.org/docs/configuration#packages packages: '@*/*': # scoped packages @@ -84,16 +92,88 @@ packages: # if package is not available locally, proxy requests to 'npmjs' registry proxy: npmjs +# To improve your security configuration and avoid dependency confusion +# consider removing the proxy property for private packages +# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages + +# https://verdaccio.org/docs/configuration#server # You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections. # A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout. # WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough. server: keepAliveTimeout: 60 +# https://verdaccio.org/docs/configuration#offline-publish +# publish: +# allow_offline: false + +# https://verdaccio.org/docs/configuration#url-prefix +# url_prefix: /verdaccio/ +# VERDACCIO_PUBLIC_URL='https://somedomain.org'; +# url_prefix: '/my_prefix' +# // url -> https://somedomain.org/my_prefix/ +# VERDACCIO_PUBLIC_URL='https://somedomain.org'; +# url_prefix: '/' +# // url -> https://somedomain.org/ +# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix'; +# url_prefix: '/second_prefix' +# // url -> https://somedomain.org/second_prefix/' + +# https://verdaccio.org/docs/configuration#security +# security: +# api: +# legacy: true +# jwt: +# sign: +# expiresIn: 29d +# verify: +# someProp: [value] +# web: +# sign: +# expiresIn: 1h # 1 hour by default +# verify: +# someProp: [value] + +# https://verdaccio.org/docs/configuration#user-rate-limit +# userRateLimit: +# windowMs: 50000 +# max: 1000 + +# https://verdaccio.org/docs/configuration#max-body-size +# max_body_size: 10mb + +# https://verdaccio.org/docs/configuration#listen-port +# listen: +# - localhost:4873 # default value +# - http://localhost:4873 # same thing +# - 0.0.0.0:4873 # listen on all addresses (INADDR_ANY) +# - https://example.org:4873 # if you want to use https +# - "[::1]:4873" # ipv6 +# - unix:/tmp/verdaccio.sock # unix socket + +# The HTTPS configuration is useful if you do not consider use a HTTP Proxy +# https://verdaccio.org/docs/configuration#https +# https: +# key: ./path/verdaccio-key.pem +# cert: ./path/verdaccio-cert.pem +# ca: ./path/verdaccio-csr.pem + +# https://verdaccio.org/docs/configuration#proxy +# http_proxy: http://something.local/ +# https_proxy: https://something.local/ + +# https://verdaccio.org/docs/configuration#notifications +# notify: +# method: POST +# headers: [{ "Content-Type": "application/json" }] +# endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken +# content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}' + middlewares: audit: enabled: true +# https://verdaccio.org/docs/logger # log settings logs: { type: stdout, format: pretty, level: http } #experiments: diff --git a/conf/docker.yaml b/conf/docker.yaml index 117f69450..be1fd33f7 100644 --- a/conf/docker.yaml +++ b/conf/docker.yaml @@ -7,14 +7,17 @@ # see https://verdaccio.org/docs/en/docker#docker-and-custom-port-configuration # # Look here for more config file examples: -# https://github.com/verdaccio/verdaccio/tree/master/conf +# https://github.com/verdaccio/verdaccio/tree/5.x/conf # +# Read about the best practices +# https://verdaccio.org/docs/best # path to a directory with all packages storage: /verdaccio/storage/data # path to a directory with plugins to include plugins: /verdaccio/plugins +# https://verdaccio.org/docs/webui web: title: Verdaccio # comment out to disable gravatar support @@ -52,6 +55,7 @@ web: # list of the available translations https://github.com/verdaccio/verdaccio/blob/master/packages/plugins/ui-theme/src/i18n/ABOUT_TRANSLATIONS.md # web: en-US +# https://verdaccio.org/docs/configuration#authentication auth: htpasswd: file: /verdaccio/storage/htpasswd @@ -59,11 +63,15 @@ auth: # You can set this to -1 to disable registration. # max_users: 1000 +# https://verdaccio.org/docs/configuration#uplinks # a list of other known repositories we can talk to uplinks: npmjs: url: https://registry.npmjs.org/ +# Learn how to protect your packages +# https://verdaccio.org/docs/protect-your-dependencies/ +# https://verdaccio.org/docs/configuration#packages packages: '@*/*': # scoped packages @@ -88,16 +96,88 @@ packages: # if package is not available locally, proxy requests to 'npmjs' registry proxy: npmjs +# To improve your security configuration and avoid dependency confusion +# consider removing the proxy property for private packages +# https://verdaccio.org/docs/best#remove-proxy-to-increase-security-at-private-packages + +# https://verdaccio.org/docs/configuration#server # You can specify HTTP/1.1 server keep alive timeout in seconds for incoming connections. # A value of 0 makes the http server behave similarly to Node.js versions prior to 8.0.0, which did not have a keep-alive timeout. # WORKAROUND: Through given configuration you can workaround following issue https://github.com/verdaccio/verdaccio/issues/301. Set to 0 in case 60 is not enough. server: keepAliveTimeout: 60 +# https://verdaccio.org/docs/configuration#offline-publish +# publish: +# allow_offline: false + +# https://verdaccio.org/docs/configuration#url-prefix +# url_prefix: /verdaccio/ +# VERDACCIO_PUBLIC_URL='https://somedomain.org'; +# url_prefix: '/my_prefix' +# // url -> https://somedomain.org/my_prefix/ +# VERDACCIO_PUBLIC_URL='https://somedomain.org'; +# url_prefix: '/' +# // url -> https://somedomain.org/ +# VERDACCIO_PUBLIC_URL='https://somedomain.org/first_prefix'; +# url_prefix: '/second_prefix' +# // url -> https://somedomain.org/second_prefix/' + +# https://verdaccio.org/docs/configuration#security +# security: +# api: +# legacy: true +# jwt: +# sign: +# expiresIn: 29d +# verify: +# someProp: [value] +# web: +# sign: +# expiresIn: 1h # 1 hour by default +# verify: +# someProp: [value] + +# https://verdaccio.org/docs/configuration#user-rate-limit +# userRateLimit: +# windowMs: 50000 +# max: 1000 + +# https://verdaccio.org/docs/configuration#max-body-size +# max_body_size: 10mb + +# https://verdaccio.org/docs/configuration#listen-port +# listen: +# - localhost:4873 # default value +# - http://localhost:4873 # same thing +# - 0.0.0.0:4873 # listen on all addresses (INADDR_ANY) +# - https://example.org:4873 # if you want to use https +# - "[::1]:4873" # ipv6 +# - unix:/tmp/verdaccio.sock # unix socket + +# The HTTPS configuration is useful if you do not consider use a HTTP Proxy +# https://verdaccio.org/docs/configuration#https +# https: +# key: ./path/verdaccio-key.pem +# cert: ./path/verdaccio-cert.pem +# ca: ./path/verdaccio-csr.pem + +# https://verdaccio.org/docs/configuration#proxy +# http_proxy: http://something.local/ +# https_proxy: https://something.local/ + +# https://verdaccio.org/docs/configuration#notifications +# notify: +# method: POST +# headers: [{ "Content-Type": "application/json" }] +# endpoint: https://usagge.hipchat.com/v2/room/3729485/notification?auth_token=mySecretToken +# content: '{"color":"green","message":"New package published: * {{ name }}*","notify":true,"message_format":"text"}' + middlewares: audit: enabled: true +# https://verdaccio.org/docs/logger # log settings logs: { type: stdout, format: pretty, level: http } #experiments: