← back to the blog

Installing verdaccio as a docker image in Ubuntu 18

on October 16th, 2018 in nodejs, Javascript by Chanoch

Verdaccio is a popular private repository which also has a repo for common configurations using docker-compose and kubernetes. There are a number of options for registration and authentication, including LDAP and gitlab and it has a number of configurations for putting a reverse proxy in front of verdaccio including apache httpd and nginx. You can also configure support for https via Let's Encrypt as well as a plugins directory for additional registry functionality.

There are some really useful docker-compose examples under https://github.com/verdaccio/docker-examples. The easiest for a local install is a single container set up using file storage and a hpasswd file, mounting the as volumes into the container and using docker-compose

This compose file assumes that the storage for packages will inside the directory where you run docker-compose from.

It acts as a proxy for npm, downloading any packages and caching them locally.

The only amendment I had to make relates to the fact that I run docker without using sudo. First I added my user to the docker group and switched into it (rather than log out/log in)

sudo usermod -a -G docker chanoch
newgrp docker

I copied the folder structure according to the repo on github except for the htpasswd file which I created blank to avoid bringing in their example user. In my case I also added a user command to the docker-compose file and changed the group ownership of all the files to docker.

image: verdaccio/verdaccio:4.x.next
user: "1000:999"


The user id here is mine (first user created in ubuntu) and the docker groups id (999)

If I was running this as a server, I would likely create a new docker user as well as using nginx as a reverse proxy and adding TLS via Let's encrypt. I would also amend the default configuration in config.yaml to allow authenticated users only to publish.

It would also be useful to implement a hook to notify a group each time a new library is published in order to carry out audits but that is for another day.