I have a Debian 12 Server running Apache and Node v20.11.0. The root site (e.g., https://my-website.com/) is reachable and working as expected.
Additionally, I have installed Verdaccio 5.29 on the server using the command npm install --global verdaccio. Verdaccio is running as expected with the HTTP address http://localhost:4873.
I have been trying to configure a reverse proxy in Apache to use Verdaccio with the root URL and the npm prefix like this: https://my-website.com/npm. In order to achieve that, I have followed these instructions:
Unfortunately, I cannot make it work. When I introduce https://my-website.com/npm in my browser, Verdaccio receives the request and I can see the following Verdaccio logs:
info --- plugin successfully loaded: verdaccio-htpasswd
info --- plugin successfully loaded: verdaccio-audit
warn --- http address - http://localhost:4873/ - verdaccio/5.29.0
info <-- 127.0.0.1 requested 'GET /'
http <-- 304, user: null(2001:9e8:460a:6c00:7e44:440e:848f:60c6 via 127.0.0.1), req: 'GET /', bytes: 0/0
http <-- 304, user: null(2001:9e8:460a:6c00:7e44:440e:848f:60c6 via 127.0.0.1), req: 'GET /', bytes: 0/0
info <-- 127.0.0.1 requested 'GET //-/static/runtime.6f77b927373eea0554c8.js'
http <-- 200, user: null(2001:9e8:460a:6c00:7e44:440e:848f:60c6 via 127.0.0.1), req: 'GET //-/static/runtime.6f77b927373eea0554c8.js', bytes: 0/0
http <-- 404, user: null(2001:9e8:460a:6c00:7e44:440e:848f:60c6 via 127.0.0.1), req: 'GET //-/static/runtime.6f77b927373eea0554c8.js', error: File not found
info <-- 127.0.0.1 requested 'GET //-/static/vendors.6f77b927373eea0554c8.js'
http <-- 200, user: null(2001:9e8:460a:6c00:7e44:440e:848f:60c6 via 127.0.0.1), req: 'GET //-/static/vendors.6f77b927373eea0554c8.js', bytes: 0/0
http <-- 404, user: null(2001:9e8:460a:6c00:7e44:440e:848f:60c6 via 127.0.0.1), req: 'GET //-/static/vendors.6f77b927373eea0554c8.js', error: File not found
info <-- 127.0.0.1 requested 'GET //-/static/main.6f77b927373eea0554c8.js'
http <-- 200, user: null(2001:9e8:460a:6c00:7e44:440e:848f:60c6 via 127.0.0.1), req: 'GET //-/static/main.6f77b927373eea0554c8.js', bytes: 0/0
http <-- 404, user: null(2001:9e8:460a:6c00:7e44:440e:848f:60c6 via 127.0.0.1), req: 'GET //-/static/main.6f77b927373eea0554c8.js', error: File not found
However, I only get a white page in my browser with the following errors:
This is the Apache configuration:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName https://my-website.com
ServerAdmin [email protected]
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
# LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example, the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
# Include conf-available/serve-cgi-bin.conf
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/my-website.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my-website.com/privkey.pem
SSLProxyEngine on
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
ProxyPass /npm http://127.0.0.1:4873/ nocanon
ProxyPassReverse /npm http://127.0.0.1:4873/
RequestHeader set X-Forwarded-Proto "https"
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
In Verdaccio, I have set the environment variable $VERDACCIO_PUBLIC_URL. The configuration file looks as follows:
storage: /home/topsonic/.local/share/verdaccio/storage
# path to a directory with plugins to include
plugins: ./plugins
# https://verdaccio.org/docs/webui
web:
title: npm
# https://verdaccio.org/docs/configuration#authentication
auth:
htpasswd:
file: ./htpasswd
# Maximum amount of users allowed to register, defaults to "+inf".
# You can set this to -1 to disable registration.
# max_users: 1000
# Hash algorithm, possible options are: "bcrypt", "md5", "sha1", "crypt".
# algorithm: bcrypt # by default is crypt, but is recommended use bcrypt for new installations
# Rounds number for "bcrypt", will be ignored for other algorithms.
# rounds: 10
# https://verdaccio.org/docs/configuration#uplinks
# a list of other known repositories we can talk to
uplinks:
npmjs:
url: https://registry.npmjs.org/
# Learn how to protect your packages
# https://verdaccio.org/docs/protect-your-dependencies/
# https://verdaccio.org/docs/configuration#packages
packages:
'@*/*':
# scoped packages
access: $all
publish: $authenticated
unpublish: $authenticated
proxy: npmjs
'**':
# allow all users (including non-authenticated users) to read and
# publish all packages
#
# you can specify usernames/groupnames (depending on your auth plugin)
# and three keywords: "$all", "$anonymous", "$authenticated"
access: $all
# allow all known users to publish/publish packages
# (anyone can register by default, remember?)
publish: $authenticated
unpublish: $authenticated
# if package is not available locally, proxy requests to 'npmjs' registry
proxy: npmjs
server:
keepAliveTimeout: 60
# Allow `req.ip` to resolve properly when Verdaccio is behind a proxy or load-balancer
# See: https://expressjs.com/en/guide/behind-proxies.html
# trustProxy: '127.0.0.1'
# https://verdaccio.org/docs/configuration#offline-publish
# publish:
# allow_offline: false
url_prefix: '/npm'
middlewares:
audit:
enabled: true
# https://verdaccio.org/docs/logger
# log settings
log: { type: stdout, format: pretty, level: http }
Does anybody have an idea where the issue is? Any help will be appreciated.