Collectives™ on Stack Overflow
Find centralized, trusted content and collaborate around the technologies you use most.
Learn more about Collectives
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Learn more about Teams
we have a Squid proxy with SSL in place, using a self signed certifcate along with a ca-bundle.cert. Only recently NPM installs started to fail when trying to install
npm --registry
https://registry.npmjs.org
\
--proxy
http://localhost:10080
--https-proxy
http://localhost:10443
\
--ddd install express
Producing error -
npm ERR! errno UNABLE_TO_VERIFY_LEAF_SIGNATURE
npm ERR! request to https://registry.npmjs.org/express failed,
reason: unable to verify the first certificate
Squid is running inside a Docker, and it's log shows
NONE/200 0 CONNECT registry.npmjs.org:443 - HIER_DIRECT
Any ideas or pointers would be much appreciated.
First reply response
I added "dns_v4_first on" to the squid.conf and now the NPM error message is
npm verb node v8.9.3
npm verb npm v5.5.1
npm ERR! code SELF_SIGNED_CERT_IN_CHAIN
npm ERR! errno SELF_SIGNED_CERT_IN_CHAIN
npm ERR! request to https://registry.npmjs.org/express failed, reason: self signed certificate in certificate chain
Additional info
What I've discovered is unusual behaviour around NPM accepting proxy settings. When the proxy is set inline as seen below it returns a HTTP 503.
npm cache clear --force && rm -rf node_modules/
npm --strict-ssl=false --registry https://registry.npmjs.org
--proxy http://example-proxy.net:3339 --https-proxy http://example-proxy.net:3339
--ddd install express
When ONLY the proxy is set and not https-proxy it works!
npm cache clear --force && rm -rf node_modules/
npm --strict-ssl=false --registry https://registry.npmjs.org
--proxy http://example-proxy.net:3339
--ddd install express
When the proxy is set in the shell and and not via the npm command, it works!
export http_proxy=http://example-proxy.net:3339
export HTTPS_PROXY=http://example-proxy.net:3339
export https_proxy=http://example-proxy.net:3339
export HTTP_PROXY=http://example-proxy.net:3339
npm cache clear --force && rm -rf node_modules/
npm --strict-ssl=false --registry https://registry.npmjs.org
--ddd install express
So why does the npm command return a HTTP 503 when both proxy and https-proxy are set?
It looks like squid is trying to connect via IPv6 on a host with only IPv4:
connect(14, {sa_family=AF_INET6, sin6_port=htons(443), inet_pton(AF_INET6, "2400:cb00:2048:1::6810:1b23", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 ENETUNREACH (Network is unreachable)
read(14, 0x7ffe450e1040, 65535) = -1 ENOTCONN (Transport endpoint is not connected)
Adding this option to squid.conf fixes it:
dns_v4_first on
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
