Go language private registry glance

Setup GO private package repositry ATHENS for project development

Use Nexus proxy access public go package and private repository repo

1#The access workflow
2
3                         |------> proxy-public internal            
4internal.pack.com/goproxy--->nexus
5                        |------>athens--->nginx---> private gitlab

The pull package workflow

- set the environment variable `export  GOPROXY=internal.pack.com/goproxy`
- setup nexus proxy the internal athens and public go proxy repo
- the athens access internal gitlab code repo needs nginx rewrite the some paths
- because athens needs https access the code repo
  • Generate the private certificate
1openssl req -x509 -nodes -days 876000 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
  • Prepare Dockerfile
1FROM athens:latest
2
3# use private certificate when pull the GO package in project
4
5COPY ./nginx-selfsigned.crt /usr/local/share/ca-certificates/nginx-selfsigned.crt
6
7RUN update-ca-certificates
  • The launch docker container script
 1export ATHENS_STORAGE=/data/athens/storage
 2mkdir -p $ATHENS_STORAGE
 3docker run -d -v $ATHENS_STORAGE:/var/lib/athens \
 4    -v "/data/athens/.gitconfig:/root/.gitconfig" \
 5    -v "/data/athens/.ssh:/root/.ssh" \
 6    -v "/data/athens/.netrc:/root/.netrc" \
 7   -e ATHENS_DISK_STORAGE_ROOT=/var/lib/athens \
 8   -e ATHENS_STORAGE_TYPE=disk \
 9   -e ATHENS_GO_BINARY_ENV_VARS="GOPRIVATE=private.pack.com; GONOSUMDB=private.pack.com" \
10   -e ATHENS_GONOSUM_PATTERNS=private.pack.com/* \
11   --name athens-proxy \
12   --add-host private.pack.com:10.10.0.10 \
13   --restart always \
14   -p 3000:3000 \
15   athens:v1
  • The private gitlab repo config .gitconfig
1[url "https://[email protected]"]
2        insteadOf = http://private.pack.com
  • The .netrc
1machine private.pack.com
2login username
3password xxxxxx
  • The nginx recusive proxy
 1listen: "443 ssl"
 2  server_name: "private.pack.com"
 3  filename: "private.pack.conf"
 4  state: "present"
 5  extra_parameters: |
 6    ssl_certificate /etc/nginx/nginx-selfsigned.crt;
 7    ssl_certificate_key /etc/nginx/nginx-selfsigned.key;
 8    if ($args ~* "^go-get=1") {
 9            set $condition goget;
10    }
11    if ($condition = goget) {
12        return 200 "<!DOCTYPE html><html><head><meta content='private.pack.com git https://private.pack.com/proj/level/sub.git' name='go-import'></head></html>";
13    }
14    location / {
15      proxy_pass http://code.test.com/;
16 
17      proxy_set_header X-Real-IP $remote_addr;
18      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
19    }
  • use export GOPROXY=http://internal.pack.com/goproxy