A Private pkg Repo Behind Mutual TLS
The article, published on oshogbo.com and shared on Lobsters, walks through the process of hosting a private package repository secured with mutual TLS. The author explains how to generate a Certificate Authority (CA), server certificates, and client certificates using OpenSSL. They then configure an nginx server to require client certificates and proxy requests to a package manager like npm or pip. The post includes specific configuration snippets for nginx, such as setting `ssl_client_certificate` and `ssl_verify_client on`. For npm, the author demonstrates how to set the registry URL and configure the client to use the client certificate and key. The concrete consequence is that developers can securely host proprietary packages without exposing them to the public internet, avoiding the need for third-party services or complex token management. The author notes that this setup works with any package manager that supports HTTPS and custom certificates, making it a versatile solution for teams needing private package distribution.
Enables secure, tokenless private package distribution using existing TLS infrastructure.