mirrors/pkg-proxy
1
0
Fork 1
mirror of https://github.com/git-pkgs/proxy.git synced 2026-06-02 08:38:17 -04:00
Code Issues Releases Packages Wiki Activity
pkg-proxy/config.example.yaml
Andrew Nesbitt 1ad182782d
 Add storage.direct_serve_base_url to override presigned URL host 
When the proxy reaches storage at an internal address (127.0.0.1, a
Docker service name) the presigned URLs it generates point there too,
which is useless to external clients. This adds an optional base URL
that replaces the scheme and host of signed URLs before they're returned,
keeping the signed path and query intact.
2026-04-27 12:14:37 +01:00

127 lines
4 KiB
YAML
Raw Permalink Blame History

# Proxy server configuration
# Copy to config.yaml and modify as needed
# Server listen address
listen: ":8080"
# Public URL where this proxy is accessible
# Used for rewriting package metadata URLs
base_url: "http://localhost:8080"
# Artifact storage configuration
storage:
# Storage backend URL
# Supported schemes:
# - file:///path/to/dir - Local filesystem (default)
# - s3://bucket-name - Amazon S3
# - s3://bucket?endpoint=http://localhost:9000 - S3-compatible (MinIO)
#
# For S3, configure credentials via environment variables:
# AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION
url: ""
# Local filesystem path (used when url is empty)
# Deprecated: Use url with file:// scheme instead
path: "./cache/artifacts"
# Maximum cache size (e.g., "10GB", "500MB")
# When exceeded, least recently used artifacts are evicted
# Empty or "0" means unlimited
max_size: ""
# Redirect cached artifact downloads to presigned storage URLs (HTTP 302)
# instead of streaming through the proxy. Only effective for S3 and Azure.
# Leave disabled if clients reach the proxy through an authenticating gateway,
# since presigned URLs bypass it.
direct_serve: false
# How long presigned URLs remain valid (e.g. "5m", "1h"). Default: "15m".
direct_serve_ttl: "15m"
# Public base URL to substitute into presigned URLs. Set this when the
# proxy reaches storage at an internal address (127.0.0.1, a Docker
# service name) but clients must use a public hostname. Only scheme and
# host are used; the signed path and query are preserved. For S3/MinIO
# the reverse proxy at this address must forward requests with the
# internal Host header or the SigV4 signature will not validate.
# direct_serve_base_url: "https://minio.example.com"
# Database configuration
database:
# Database driver: "sqlite" (default) or "postgres"
driver: "sqlite"
# SQLite database file path (used when driver is "sqlite")
path: "./cache/proxy.db"
# PostgreSQL connection URL (used when driver is "postgres")
# Example: "postgres://user:password@localhost:5432/proxy?sslmode=disable"
url: ""
# Logging configuration
log:
# Minimum log level: "debug", "info", "warn", "error"
level: "info"
# Log format: "text" or "json"
format: "text"
# Upstream registry URLs and authentication
upstream:
# npm registry URL
npm: "https://registry.npmjs.org"
# Cargo sparse index URL
cargo: "https://index.crates.io"
# Cargo crate download URL
cargo_download: "https://static.crates.io/crates"
# Authentication for upstream registries
# Keys are URL prefixes matched against request URLs.
# Values can reference environment variables using ${VAR_NAME} syntax.
#
# Supported auth types:
# - bearer: Authorization header with Bearer token
# - basic: Authorization header with Basic auth (username:password)
# - header: Custom header name and value
auth:
# Example: npm with bearer token
# "https://registry.npmjs.org":
# type: bearer
# token: "${NPM_TOKEN}"
# Example: GitHub npm registry
# "https://npm.pkg.github.com":
# type: bearer
# token: "${GITHUB_TOKEN}"
# Example: PyPI with basic auth
# "https://pypi.org":
# type: basic
# username: "__token__"
# password: "${PYPI_TOKEN}"
# Example: Custom header for private registry
# "https://maven.mycompany.com":
# type: header
# header_name: "X-Auth-Token"
# header_value: "${MAVEN_TOKEN}"
# Version cooldown configuration
# Hides package versions published too recently, giving the community time
# to spot malicious releases before they're pulled into projects.
# Supported durations: "7d" (days), "48h" (hours), "30m" (minutes), "0" (disabled)
cooldown:
# Global default cooldown for all ecosystems
# default: "3d"
# Per-ecosystem overrides
# ecosystems:
# npm: "7d"
# cargo: "0"
# Per-package overrides (keyed by PURL)
# packages:
# "pkg:npm/lodash": "0"
# "pkg:npm/@babel/core": "14d"
Reference in a new issue View git blame Copy permalink