[V5] Verdaccio is not working behind http2 proxy #2190
Comments
|
https://tools.ietf.org/html/rfc7540 |
|
Thanks @viceice , good catch. Also could be use https://github.com/verdaccio/verdaccio/blob/5.x/docs/env.variables.md#verdaccio_forwarded_proto is the unique header affected? or there are others? |
|
Proto was wrong too. It return http ip address urls instead of https and domain. But I saw it detects the original remote ip header. Did not tested additional env vars. |
|
Ok thanks for the feedback, I will figure out a solution. |
|
Thanks, no hurry, as there is a workaround 🙃 |
|
Hi, I am having the same issue, and the workaround seems to not work for me.
But the result is that it goes in Thank you. |
|
Please provide you compose file. I think you have an error there. Maybe traefik is trying https to verdaccio. |
|
Hi, sure. Traefik: Verdaccio: Regards. |
|
Looks like an issue with your traefik config. You should extend logging and ask on traefik issue tracker for help. |
|
Hi So do you confirm that this is how you set the Regards |
|
@FStefanni Yes, but i do not use a custom port. I use normal 443 and let treafik rules select right backend. I also use kubernetes instead of docker, but it shouldn't change anything about env variables. |
|
This seems to be an interesting issue to take a crack at, can someone help with traefik configuration to see if I can fix this as I'm unfamiliar with this proxy. Surely it will help the next person if I don't get a PR going. |
|
Hi, an example config is what I posted up. I can help you to tune traefik config for your tests. For example:
If you need other, let us know. Regards. |
|
@FStefanni better to provide a simple |
|
Hi, sorry but I have no time to test this. All http routes are redirected to https. Regards |
|
Here a more basic sample, but it didn't reproduce the issue 😕 # /etc/hosts: 127.0.0.1 npm.example.com
services:
traefik:
image: traefik:v2.3.6
ports:
- "443:443"
command:
- --log.level=INFO
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls=true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
verdaccio:
image: verdaccio/verdaccio:5.0.4
environment:
- NODE_ENV=production
# - VERDACCIO_PUBLIC_URL=https://npm.example.com
volumes:
- verdaccio-data:/verdaccio
labels:
- "traefik.enable=true"
- "traefik.http.services.verdaccio.loadbalancer.server.port=4873"
- "traefik.http.routers.verdaccio.rule=Host(`npm.example.com`)"
- "traefik.http.routers.verdaccio.tls=true"
volumes:
verdaccio-data:log {
"level": 25,
"time": 1620370390553,
"pid": 9,
"hostname": "b17920ecb8eb",
"req":
{
"method": "GET",
"url": "/",
"query": {},
"params": {},
"headers":
{
"host": "npm.example.com",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
"accept-encoding": "gzip, deflate, br",
"accept-language": "en-US,en;q=0.9,de-DE;q=0.8,de;q=0.7",
"cache-control": "max-age=0",
"dnt": "1",
"sec-ch-ua": "\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"90\", \"Google Chrome\";v=\"90\"",
"sec-ch-ua-mobile": "?0",
"sec-fetch-dest": "document",
"sec-fetch-mode": "navigate",
"sec-fetch-site": "cross-site",
"sec-fetch-user": "?1",
"upgrade-insecure-requests": "1",
"x-forwarded-for": "172.18.0.1",
"x-forwarded-host": "npm.example.com",
"x-forwarded-port": "443",
"x-forwarded-proto": "https",
"x-forwarded-server": "b0b08bafbfcd",
"x-real-ip": "172.18.0.1"
},
"remoteAddress": "172.18.0.2",
"remotePort": 34344
},
"ip": "172.18.0.2",
"msg": "@{ip} requested '@{req.method} @{req.url}'"
}Using docker desktop on windows with wsl v2. Also tested traefik v2.4.8. |
|
@viceice |
|
Sure, but earliest next week. Sorry. |
|
Seems like a fix was merged to v6 #2271 Can we expect a fix to be released in v5 as well? |
|
Mmm should be on v5.1.0. Where is not yet available on v6 alpha yet. |
|
I will close this one, since I consider this fix if anyone has issues feel free to open a new ticket and will check it out again. |
|
Hi, just to confirm that verdaccio:5.1.0 works fine behind Traefik. Regards. |
|
@zkochan was right, the commit was not included on |
|
Sorry, this is not resolved for me with 5.1.1. 😕 logs [
{
"level": 25,
"time": 1625840623871,
"pid": 8,
"hostname": "verdaccio-754d946f9b-bzbqt",
"req":
{
"method": "GET",
"url": "/",
"query": {},
"params": {},
"headers":
{
"host": "npm.domain.test",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
"accept-encoding": "gzip, deflate, br",
"accept-language": "en-US,en;q=0.9,de;q=0.8",
"sec-ch-ua": "\" Not;A Brand\";v=\"99\", \"Google Chrome\";v=\"91\", \"Chromium\";v=\"91\"",
"sec-ch-ua-mobile": "?0",
"sec-fetch-dest": "document",
"sec-fetch-mode": "navigate",
"sec-fetch-site": "none",
"sec-fetch-user": "?1",
"upgrade-insecure-requests": "1",
"x-forwarded-for": "172.30.2.20",
"x-forwarded-host": "npm.domain.test",
"x-forwarded-port": "443",
"x-forwarded-proto": "https",
"x-forwarded-server": "internal-traefik-549b78ffcf-8gc62",
"x-real-ip": "172.30.2.20"
},
"remoteAddress": "10.42.103.58",
"remotePort": 45910
},
"ip": "10.42.103.58",
"msg": "@{ip} requested '@{req.method} @{req.url}'"
}
{
"level": 25,
"time": 1625840623873,
"pid": 8,
"hostname": "verdaccio-754d946f9b-bzbqt",
"request":
{
"method": "GET",
"url": "/"
},
"user": null,
"remoteIP": "172.30.2.20 via 10.42.103.58",
"status": 200,
"bytes":
{
"in": 0,
"out": 492
},
"msg": "@{status}, user: @{user}(@{remoteIP}), req: '@{request.method} @{request.url}', bytes: @{bytes.in}/@{bytes.out}"
}
]
|
@viceice have you found a solution? I am in same situation |
|
still using the |
|
@viceice Thank you so much, VERDACCIO_PUBLIC_URL worked for me!!! |
Describe the bug
Verdaccio v5 is not detecting headers passed from reverse proxy, I think it's because of http2 is lowercasing all headers
log
{ "level": 25, "time": 1619156769309, "pid": 7, "hostname": "verdaccio-5bdb8cd95f-6d78j", "req": { "method": "GET", "url": "/", "query": {}, "params": {}, "headers": { "host": "npm.domain.com", "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36", "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9", "accept-encoding": "gzip, deflate, br", "accept-language": "en-US,en;q=0.9,de;q=0.8", "cache-control": "no-cache", "pragma": "no-cache", "sec-ch-ua": "\"Google Chrome\";v=\"89\", \"Chromium\";v=\"89\", \";Not A Brand\";v=\"99\"", "sec-ch-ua-mobile": "?0", "sec-fetch-dest": "document", "sec-fetch-mode": "navigate", "sec-fetch-site": "none", "sec-fetch-user": "?1", "upgrade-insecure-requests": "1", "x-forwarded-for": "172.30.2.20", "x-forwarded-host": "npm.domain.com", "x-forwarded-port": "443", "x-forwarded-proto": "https", "x-forwarded-server": "internal-traefik-6d4789455-hnklc", "x-real-ip": "172.30.2.20" }, "remoteAddress": "10.42.235.33", "remotePort": 38724 }, "ip": "10.42.235.33", "msg": "@{ip} requested '@{req.method} @{req.url}'" }Woraround: override
VERDACCIO_PUBLIC_URLTo Reproduce
running verdaccio behind traefik reverse proxy, which is terminating https (http2) connection.
Expected behavior
Verdaccio should detect lowercase reverse proxy headers.
Screenshots
Configuration File (cat ~/.config/verdaccio/config.yaml)
Environment information
Debugging output
$ NODE_DEBUG=request verdacciodisplay request calls (verdaccio <--> uplinks)$ DEBUG=express:* verdaccioenable extreme verdaccio debug mode (verdaccio api)$ npm -dddprints:$ npm config get registryprints:The text was updated successfully, but these errors were encountered: