Reputation: 21
Configure local proxy for the npm audit with Apache
Based on this one https://github.com/chovyy/npm-audit-proxy
In this case Nexus OSS v3 manager running behind Apache reverse proxy. There is need to proxy npm audit as well from https://registry.npmjs.org/-/npm/v1/security/audits/.
So how to configure properly Apache to pass npm adit call to https://registry.npmjs.org/-/npm/v1/security/audits/
Upvotes: 0
Views: 1408
Answers (2)
Reputation: 101
From npm 9 on (lockfileVersion: 3), you also have to proxy https://registry.npmjs.org/-/npm/v1/security/advisories. A minimal configuration, that is working for me:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName npm.customdomain.com
AllowEncodedSlashes NoDecode
ProxyRequests Off
ProxyPreserveHost Off
SSLProxyEngine On
ProxyPass /repository/npm-public/-/npm/v1/security/audits https://registry.npmjs.org/-/npm/v1/security/audits
ProxyPass /repository/npm-public/-/npm/v1/security/advisories https://registry.npmjs.org/-/npm/v1/security/advisories
SSLEngine on
# Your SSL, Log and further configurations...
</VirtualHost>
</IfModule>
Upvotes: 0
Reputation: 21
This Apache configuration worked in my case.
<VirtualHost 0.0.0.0:443>
ServerName nexus.corporate.domain
SSLEngine on
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
SSLHonorCipherOrder On
SSLCompression off
SSLCertificateFile /etc/ssl/localcerts/nexus/nexus.pem
SSLCertificateKeyFile /etc/ssl/localcerts/nexus/nexus.key
SSLCertificateChainFile /etc/ssl/localcerts/nexus/Local_Corporate_CA_chain.crt
SSLSessionTickets off
SSLProxyEngine On
ProxyPass /repository/npm-public/-/npm/v1/security/audits https://registry.npmjs.org/-/npm/v1/security/audits
ProxyPassReverse /repository/npm-public/-/npm/v1/security/audits https://registry.npmjs.org/-/npm/v1/security/audits
ProxyPass / http://127.0.0.1:8081/ nocanon
ProxyPassReverse / http://127.0.0.1:8081/
ProxyRequests Off
ProxyPreserveHost Off
AllowEncodedSlashes on
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
<Proxy http://127.0.0.1:8081/*>
Order allow,deny
Allow from all
</Proxy>
ErrorLog /var/log/apache2/nexus_apache_error.log
CustomLog /var/log/apache2/nexus_apache_access.log common
</VirtualHost>
I had error Forbidde 403 but it was caused by ProxyPreserveHost on. Changed it to ProxyPreserveHost off
/repository/npm-public/ is npm group type repository created in nexus. https://nexus.corporate.domain/repository/npm-public/
Upvotes: 1
Related Questions
- How should I set _auth in .npmrc when using a Nexus https npm registry proxy?
- Nexus 3 NPM proxy returns 404
- How to configure Nexus Repository Manager to support npm audit
- How to migrate a proxy NPM repository in Nexus 3?
- nexus proxy repository for npm registry 2fa enabled
- Unauthorized Access in NPM Proxy repository in Nexus
- Can't do a proxy for an npm repository in Cloudsmith with Nexus 3
- nexus 3 with proxy npm repository
- Is it possible to use Nexus to proxy a private npmjs org?
- Scoped NPM projects via proxy with Nexus 3.2