Go language private registry glance
Setup GO private package repositry ATHENS for project development
Use Nexus proxy access public go package and private repository repo
1#The access workflow
2
3 |------> proxy-public internal
4internal.pack.com/goproxy--->nexus
5 |------>athens--->nginx---> private gitlab
The pull package workflow
- set the environment variable `export GOPROXY=internal.pack.com/goproxy`
- setup nexus proxy the internal athens and public go proxy repo
- the athens access internal gitlab code repo needs nginx rewrite the some paths
- because athens needs https access the code repo
- Generate the private certificate
1openssl req -x509 -nodes -days 876000 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
- Prepare
Dockerfile
1FROM athens:latest
2
3# use private certificate when pull the GO package in project
4
5COPY ./nginx-selfsigned.crt /usr/local/share/ca-certificates/nginx-selfsigned.crt
6
7RUN update-ca-certificates
- The launch docker container script
1export ATHENS_STORAGE=/data/athens/storage
2mkdir -p $ATHENS_STORAGE
3docker run -d -v $ATHENS_STORAGE:/var/lib/athens \
4 -v "/data/athens/.gitconfig:/root/.gitconfig" \
5 -v "/data/athens/.ssh:/root/.ssh" \
6 -v "/data/athens/.netrc:/root/.netrc" \
7 -e ATHENS_DISK_STORAGE_ROOT=/var/lib/athens \
8 -e ATHENS_STORAGE_TYPE=disk \
9 -e ATHENS_GO_BINARY_ENV_VARS="GOPRIVATE=private.pack.com; GONOSUMDB=private.pack.com" \
10 -e ATHENS_GONOSUM_PATTERNS=private.pack.com/* \
11 --name athens-proxy \
12 --add-host private.pack.com:10.10.0.10 \
13 --restart always \
14 -p 3000:3000 \
15 athens:v1
- The private gitlab repo config
.gitconfig
1[url "https://[email protected]"]
2 insteadOf = http://private.pack.com
- The
.netrc
1machine private.pack.com
2login username
3password xxxxxx
- The nginx recusive proxy
1listen: "443 ssl"
2 server_name: "private.pack.com"
3 filename: "private.pack.conf"
4 state: "present"
5 extra_parameters: |
6 ssl_certificate /etc/nginx/nginx-selfsigned.crt;
7 ssl_certificate_key /etc/nginx/nginx-selfsigned.key;
8 if ($args ~* "^go-get=1") {
9 set $condition goget;
10 }
11 if ($condition = goget) {
12 return 200 "<!DOCTYPE html><html><head><meta content='private.pack.com git https://private.pack.com/proj/level/sub.git' name='go-import'></head></html>";
13 }
14 location / {
15 proxy_pass http://code.test.com/;
16
17 proxy_set_header X-Real-IP $remote_addr;
18 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
19 }
- use
export GOPROXY=http://internal.pack.com/goproxy