Last active
March 28, 2024 12:05
-
-
Save kth5/7ac3d624c637ea71fe7a942542cb255e to your computer and use it in GitHub Desktop.
Nexus OSS & npm audit with nginx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Have private npm registry and proxying through registry.npmjs.org with Nexus? Still want to be able to transparently `npm audit`? | |
| This might help. | |
| ``` | |
| server { | |
| listen 443 ssl http2; | |
| server_name nginx.some.domain; | |
| ssl_certificate /etc/nginx/tls-certificate.pem; | |
| ssl_certificate_key /etc/nginx/tls-key.pem; | |
| set $proxy_pass_url https://nexus.some.domain:443; | |
| location / { | |
| proxy_ssl_server_name on; | |
| proxy_ssl_name nexus.some.domain; | |
| proxy_set_header Host nexus.some.domain; | |
| proxy_pass $proxy_pass_url; | |
| proxy_redirect https?://nexus.some.domain https://$host; | |
| } | |
| # Nexus OSS does not support npm audit, thus pass it to the public | |
| # npm registry. HTTP/307 is basically a redirect that allows POST. | |
| # | |
| # For this the following two URIs are necessary: | |
| # /repository/<your nexus npm proxy>/-/npm/v1/security/audits/quick | |
| # /repository/<your nexus npm proxy>/-/npm/v1/security/advisories/bulk | |
| location ~ ^/repository/<your nexus npm proxy>/(-/npm/v1/security/audits/quick)$ { | |
| return 307 https://registry.npmjs.org/$1; | |
| } | |
| location ~ ^/repository/<your nexus npm proxy>/(-/npm/v1/security/advisories/bulk)$ { | |
| return 307 https://registry.npmjs.org/$1; | |
| } | |
| } | |
| ``` |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment