Verdaccio on Ubuntu 24.04 on Azure User Guide
Overview
Verdaccio is a lightweight open-source private npm registry and proxy built on Node.js. It lets teams publish private packages, cache packages from the public npm registry, and control access with simple htpasswd authentication - without standing up a heavyweight artifact server. The cloudimg image installs Verdaccio 6.7.2 on Node.js 22 LTS, runs it as a systemd service behind an nginx reverse proxy on port 80, stores the registry configuration, package storage and the htpasswd auth database on a dedicated Azure data disk, and generates a unique admin account on the first boot of every VM. Backed by 24/7 cloudimg support.
What is included:
- Verdaccio 6.7.2 on Node.js 22 LTS, installed globally
- The web UI and npm registry published on port 80 via nginx (with WebSocket upgrade and a 1 GiB body limit for large tarball publishes)
- An uplink to the public npm registry so any package not published locally is proxied and cached
- A dedicated Azure data disk at
/var/lib/verdacciofor config, package storage and the htpasswd auth database - A unique admin account generated on first boot, written to a root-only credentials file
verdaccio.service+nginx.serviceas systemd units, enabled and active- 24/7 cloudimg support
Prerequisites
An active Azure subscription, an SSH key pair, and a VNet + subnet in the target region. Standard_B2ms (2 vCPU / 8 GiB RAM) is a good starting point. NSG inbound: allow 22/tcp from your management network and 80/tcp for the registry and web UI (front with TLS for public exposure - see Enabling HTTPS).
Step 1 - Deploy from the Azure Marketplace
Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Verdaccio by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create -> Create.
Step 2 - Deploy from the Azure CLI
az vm create \
--resource-group <your-rg> \
--name verdaccio \
--image <marketplace-image-urn> \
--size Standard_B2ms \
--admin-username azureuser \
--ssh-key-values ~/.ssh/id_ed25519.pub \
--vnet-name <your-vnet> --subnet <your-subnet> \
--public-ip-sku Standard
az vm open-port --resource-group <your-rg> --name verdaccio --port 80 --priority 1010
Step 3 - Connect to your VM
ssh azureuser@<vm-public-ip>
Step 4 - Confirm the services are running
systemctl is-active verdaccio.service nginx.service
Both report active. On first boot Verdaccio generates a unique admin account and writes the htpasswd auth database.
Step 5 - Retrieve your admin credentials
The admin password is generated uniquely on the first boot of your VM and written to a root-only file:
sudo cat /root/verdaccio-credentials.txt
This file contains verdaccio.admin.user (admin) and verdaccio.admin.pass. Store the password somewhere safe.
Step 6 - Check the health endpoint
Verdaccio exposes a liveness endpoint (returns 200):
curl -s -o /dev/null -w '%{http_code}\n' http://localhost/-/ping
Step 7 - Open the web UI
Browse to http://<vm-public-ip>/ and sign in with admin and the password from Step 5.
Use the sign-in dialog in the top-right of the UI to authenticate with your admin account:
The web UI shows installation and login help for each package once you have published one, and the empty-registry welcome until then:
Once signed in, the UI shows you are authenticated and the published package list:
Step 8 - Confirm your credentials authenticate
Every package on the registry requires authentication. Confirm the generated admin credentials work by requesting a package with HTTP Basic auth - a valid login returns 200, a missing or wrong password returns 401:
curl -s -o /dev/null -w '%{http_code}\n' -u 'admin:<VERDACCIO_ADMIN_PASSWORD>' http://localhost/lodash
The npm login command (Step 9) performs the same authentication for the npm CLI and stores a token in your ~/.npmrc.
Step 9 - Point npm at your registry
From a developer machine, point npm at the registry and log in (user admin, the password from Step 5):
npm set registry http://<vm-public-ip>/
npm login --registry http://<vm-public-ip>/
Install packages as usual - anything not published privately is proxied and cached from the public npm registry:
npm install lodash
Step 10 - Publish a private package
In a package directory, publish to your registry:
npm publish --registry http://<vm-public-ip>/
The package and its tarball are stored on the dedicated data disk and appear in the web UI. Use a scope (e.g. @yourorg/pkg) to keep private packages separate from public ones.
Step 11 - Confirm storage lives on the dedicated disk
The configuration, package storage and htpasswd auth database are stored on the dedicated Azure data disk so they survive OS changes and can be resized independently:
findmnt /var/lib/verdaccio
The mount is backed by a separate Azure data disk captured into the image and re-provisioned on every VM.
Enabling HTTPS
The nginx reverse proxy terminates plain HTTP on port 80. For public exposure, put a certificate in front of it - add a DNS name for the VM and install certbot, or use the companion cloudimg nginx-ssl-certbot image as a TLS reverse proxy. Keep Verdaccio bound to loopback (127.0.0.1:4873) so the only public surface is the TLS-terminated proxy. Set url_prefix and the public URL in /var/lib/verdaccio/config.yaml if you serve under a path, then restart Verdaccio.
Maintenance
- Backups: snapshot the
/var/lib/verdacciodata disk to back up the configuration, package storage and auth database. - Users: add or update accounts with
sudo htpasswd /var/lib/verdaccio/htpasswd <username>and restart Verdaccio. - Service:
sudo systemctl restart verdaccioafter configuration changes; logs viajournalctl -u verdaccio. - Security patches: unattended-upgrades remains enabled so the OS continues to receive security updates automatically.
Support
cloudimg provides 24/7 expert support for this image. Contact support@cloudimg.co.uk.