Ve
Developer Tools AWS

Verdaccio on AWS User Guide

| Product: Verdaccio on AWS

Overview

Verdaccio is a lightweight open-source private npm registry and proxy built on Node.js. It lets teams publish private packages, cache packages from the public npm registry, and control access with simple htpasswd authentication - without standing up a heavyweight artifact server. The cloudimg image installs Verdaccio on Node.js LTS, runs it as a systemd service behind an nginx reverse proxy on port 80, stores the registry configuration, package storage and the htpasswd auth database on a dedicated data volume, and generates a unique admin account on the first boot of every instance. Backed by 24/7 cloudimg support.

What is included:

  • Verdaccio on Node.js LTS, installed globally
  • The web UI and npm registry published on port 80 via nginx (with WebSocket upgrade and a 1 GiB body limit for large tarball publishes)
  • An uplink to the public npm registry so any package not published locally is proxied and cached
  • A dedicated data volume at /var/lib/verdaccio for config, package storage and the htpasswd auth database
  • A unique admin account generated on first boot, written to a root-only credentials file
  • verdaccio.service + nginx.service as systemd units, enabled and active
  • 24/7 cloudimg support

Prerequisites

An Amazon Web Services account where you can launch EC2 instances, an EC2 key pair in the target Region, and a VPC + subnet. m5.large is a good starting point. Security group inbound: allow 22/tcp from your management network and 80/tcp for the registry and web UI (front with TLS for public exposure - see Enabling HTTPS).

Step 1: Launch the Instance from the AWS Marketplace

Sign in to the AWS Management Console, open the EC2 service, and select Launch instance. Under Application and OS Images choose AWS Marketplace AMIs and search for Verdaccio by cloudimg. Select the cloudimg listing and choose Select, then Continue on the subscription summary. Pick your instance type and EC2 key pair, and under Network settings select a security group that allows inbound ports 22 and 80 as described above. Select Launch instance.

Step 2: Launch the Instance from the AWS CLI

aws ec2 run-instances \
  --image-id <ami-id> \
  --instance-type m5.large \
  --key-name <key-name> \
  --subnet-id <subnet-id> \
  --security-group-ids <security-group-id> \
  --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=verdaccio-01}]'

Step 3: Connect to your Instance

The SSH login user depends on the operating system of the AMI variant you launched:

AMI variant SSH login user
Verdaccio on Ubuntu 24.04 ubuntu
ssh -i <path-to-key>.pem ubuntu@<instance-public-ip>

Step 4: Confirm the services are running

systemctl is-active verdaccio.service nginx.service

Both report active. On first boot Verdaccio generates a unique admin account and writes the htpasswd auth database.

Step 5: Retrieve your admin credentials

The admin password is generated uniquely on the first boot of your instance and written to a root-only file:

sudo cat /root/verdaccio-credentials.txt

This file contains verdaccio.admin.user (admin) and verdaccio.admin.pass. Store the password somewhere safe.

Step 6: Check the health endpoint

Verdaccio exposes a liveness endpoint (returns 200):

curl -s -o /dev/null -w '%{http_code}\n' http://localhost/-/ping

Step 7: Open the web UI

Browse to http://<instance-public-ip>/ and sign in with admin and the password from Step 5.

Verdaccio registry home

Use the sign-in dialog in the top-right of the UI to authenticate with your admin account:

Verdaccio login dialog

The web UI shows installation and login help for each package once you have published one, and the empty-registry welcome until then:

Verdaccio package help

Once signed in, the UI shows you are authenticated and the published package list:

Verdaccio after login

Step 8: Confirm your credentials authenticate

Every package on the registry requires authentication. Confirm the generated admin credentials work by requesting a package with HTTP Basic auth - a valid login returns 200, a missing or wrong password returns 401:

curl -s -o /dev/null -w '%{http_code}\n' -u 'admin:<VERDACCIO_ADMIN_PASSWORD>' http://localhost/lodash

The npm login command (Step 9) performs the same authentication for the npm CLI and stores a token in your ~/.npmrc.

Step 9: Point npm at your registry

From a developer machine, point npm at the registry and log in (user admin, the password from Step 5):

npm set registry http://<instance-public-ip>/
npm login --registry http://<instance-public-ip>/

Install packages as usual - anything not published privately is proxied and cached from the public npm registry:

npm install lodash

Step 10: Publish a private package

In a package directory, publish to your registry:

npm publish --registry http://<instance-public-ip>/

The package and its tarball are stored on the dedicated data volume and appear in the web UI. Use a scope (e.g. @yourorg/pkg) to keep private packages separate from public ones.

Step 11: Confirm storage lives on the dedicated volume

The configuration, package storage and htpasswd auth database are stored on the dedicated data volume so they survive OS changes and can be resized independently:

findmnt /var/lib/verdaccio

The mount is backed by a separate EBS data volume captured into the image and provisioned on every instance.

Enabling HTTPS

The nginx reverse proxy terminates plain HTTP on port 80. For public exposure, put a certificate in front of it - add a DNS name for the instance and install certbot, or use the companion cloudimg nginx-ssl-certbot image as a TLS reverse proxy. Keep Verdaccio bound to loopback (127.0.0.1:4873) so the only public surface is the TLS-terminated proxy. Set url_prefix and the public URL in /var/lib/verdaccio/config.yaml if you serve under a path, then restart Verdaccio. Add 443/tcp to your security group inbound rules.

Maintenance

  • Backups: snapshot the /var/lib/verdaccio data volume to back up the configuration, package storage and auth database.
  • Users: add or update accounts with sudo htpasswd /var/lib/verdaccio/htpasswd <username> and restart Verdaccio.
  • Service: sudo systemctl restart verdaccio after configuration changes; logs via journalctl -u verdaccio.
  • Security patches: unattended-upgrades remains enabled so the OS continues to receive security updates automatically.

Support

cloudimg provides 24/7 expert support for this image. Contact support@cloudimg.co.uk.