-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathconfig.yaml
73 lines (63 loc) · 2.15 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# path to a directory with all packages
storage: /verdaccio/storage/data
# path to a directory with plugins to include
plugins: /verdaccio/plugins
auth:
openid-connect:
# Verdaccio public URL. If served on a subpath, make sure to include a
# trailing slash.
publicUrl: http://localhost:4873
# Redis hostname
# When set redis storage (for sessions and tokens) will be used.
# see also: fsSessionStorePath, fsTokenStorePath.
redisUri: redis
###
# session files (persistent) storage path and token files (temporary for short-lived files) storage path: will be used if redisUri not set
#fsSessionStorePath: /tmp
#fsTokenStorePath: /tmp
# OpenID Connect Issuer URL
issuer: https://keycloak/auth/realms/MyRealm/
# OpenID Connect Client ID.
# Alternatively can be set via environment variable OIDC_CLIENT_ID
clientId: verdaccio
# OpenID Connect Client Secret.
# Alternatively can be set via environment variable OIDC_CLIENT_SECRET
clientSecret: '...'
# OpenID Connect Scopes
scope: 'openid profile email offline_access'
# Optional id_token claim that will be used for username
usernameClaim: preferred_username
# optional roles claim (id_token).
# claim can be array or string (comma-separated)
rolesClaim: roles
web:
title: Verdaccio
uplinks:
npmjs:
url: https://registry.npmjs.org/
## security system settings ( https://verdaccio.org/docs/configuration/#security )
security:
api:
legacy: false
jwt:
sign:
# lifetime for [cli-to-verdaccio service] jwt tokens that link to oidc server tokens (using sid claim).
# oidc server tokens lifetime (set by oidc server) check as usual after check [cli-to-verdaccio service] jwt token sign and expiration.
# if oidc server returns refresh_token, oidc access_token will refresh when expired.
expiresIn: 30d
web:
sign:
expiresIn: 7d
packages:
'@*/*':
# scoped packages
access: $authenticated
publish: $authenticated
'**':
access: $authenticated
publish: $authenticated
middlewares:
audit:
enabled: true
logs:
- {type: stdout, format: pretty, level: info}