NPM安装通过Squid代理失败,无法验证叶签名
我们有一个带有SSL的Squid代理,使用自签名证书和ca-bundle.cert。仅在最近尝试安装时,NPM安装才开始失败 npm——注册表\ --代理--https代理\ --ddd安装快车 产生误差-NPM安装通过Squid代理失败,无法验证叶签名,npm,openssl,reverse-proxy,squid,Npm,Openssl,Reverse Proxy,Squid,我们有一个带有SSL的Squid代理,使用自签名证书和ca-bundle.cert。仅在最近尝试安装时,NPM安装才开始失败 npm——注册表\ --代理--https代理\ --ddd安装快车 产生误差- npm ERR! errno UNABLE_TO_VERIFY_LEAF_SIGNATURE npm ERR! request to https://registry.npmjs.org/express failed, reason: unable to verify the first
npm ERR! errno UNABLE_TO_VERIFY_LEAF_SIGNATURE
npm ERR! request to https://registry.npmjs.org/express failed,
reason: unable to verify the first certificate
Squid在码头内运行,日志显示
NONE/200 0 CONNECT registry.npmjs.org:443 - HIER_DIRECT
任何想法或建议都将不胜感激
第一次答复
我在squid.conf中添加了“dns_v4_first on”,现在NPM错误消息为
npm verb node v8.9.3
npm verb npm v5.5.1
npm ERR! code SELF_SIGNED_CERT_IN_CHAIN
npm ERR! errno SELF_SIGNED_CERT_IN_CHAIN
npm ERR! request to https://registry.npmjs.org/express failed, reason: self signed certificate in certificate chain
附加信息
我所发现的是NPM接受代理设置时的异常行为。当代理设置为内联时,如下图所示,它返回HTTP 503
npm cache clear --force && rm -rf node_modules/
npm --strict-ssl=false --registry https://registry.npmjs.org
--proxy http://example-proxy.net:3339 --https-proxy http://example-proxy.net:3339
--ddd install express
当只设置了代理而没有设置https代理时,它就工作了
npm cache clear --force && rm -rf node_modules/
npm --strict-ssl=false --registry https://registry.npmjs.org
--proxy http://example-proxy.net:3339
--ddd install express
export http_proxy=http://example-proxy.net:3339
export HTTPS_PROXY=http://example-proxy.net:3339
export https_proxy=http://example-proxy.net:3339
export HTTP_PROXY=http://example-proxy.net:3339
npm cache clear --force && rm -rf node_modules/
npm --strict-ssl=false --registry https://registry.npmjs.org
--ddd install express
当代理在shell中设置而不是通过npm命令时,它就可以工作了
npm cache clear --force && rm -rf node_modules/
npm --strict-ssl=false --registry https://registry.npmjs.org
--proxy http://example-proxy.net:3339
--ddd install express
export http_proxy=http://example-proxy.net:3339
export HTTPS_PROXY=http://example-proxy.net:3339
export https_proxy=http://example-proxy.net:3339
export HTTP_PROXY=http://example-proxy.net:3339
npm cache clear --force && rm -rf node_modules/
npm --strict-ssl=false --registry https://registry.npmjs.org
--ddd install express
那么,当同时设置了代理和https代理时,为什么npm命令会返回HTTP 503呢?看起来squid正试图通过IPv6在只有IPv4的主机上进行连接:
connect(14, {sa_family=AF_INET6, sin6_port=htons(443), inet_pton(AF_INET6, "2400:cb00:2048:1::6810:1b23", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 ENETUNREACH (Network is unreachable)
read(14, 0x7ffe450e1040, 65535) = -1 ENOTCONN (Transport endpoint is not connected)
将此选项添加到squid.conf可以修复此问题:
dns_v4_first on