0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-16 21:56:25 -05:00
verdaccio/wiki/ssl.md
Mathieu Savy 25f9a8dadb Update SSL documentation
Hi,

I had some troubles setting up SSL for my Verdaccio registry because document was not perfectly clear.
I made little improvements on the SSL wiki page by adding a section about Docker (`listen` config entry is ignored because it's already set on Dockerfile), and I also added a link to the Node documentation pointing at more documentation for the `ca`, `cert` and `key` options for the `https` entry on the configuration.
2017-08-16 11:27:43 +02:00

1.6 KiB

Set up the SSL Certificates

Follow this instructions to configure a SSL certificate to serve NPM registry under HTTPS.

  • Update the listen property in your ~/.config/verdaccio/config.yaml:
listen: 'https://your.domain.com/'

Once you update the listen and try to run verdaccio again will ask for certificates.

  • Generate your certificates
 $ openssl genrsa -out ~/.config/verdaccio/verdaccio-key.pem 2048
 $ openssl req -new -sha256 -key ~/.config/verdaccio/verdaccio-key.pem -out ~/.config/verdaccio/verdaccio-csr.pem
 $ openssl x509 -req -in ~/.config/verdaccio/verdaccio-csr.pem -signkey ~/.config/verdaccio/verdaccio-key.pem -out ~/.config/verdaccio/verdaccio-cert.pem
  • Edit your config file ~/.config/verdaccio/config.yalm an add the following section (more info on the key, cert and ca arguments on the Node documentation)
https:
  key: ~/.config/verdaccio/server.key
  cert: ~/.config/verdaccio/server.crt
  ca: ~/.config/verdaccio/server.ca
  • Run verdaccio in your command line.

  • Open the browser and load https://your.domain.com:port/

This instructions are mostly valid under OSX and Linux, on Windows the paths will vary but, the steps are the same.

Docker

If you are using the Docker image, you have to set the PROTOCOL environment variable to https as the listen argument is provided on the Dockerfile, and thus ignored from your config file.

You can also set the PORT environment variable if you are using a different port than 4873.