FoxuTech

How to install and configure jfrog Artifactory

How to install and configure jfrog Artifactory

Artifactory is a repository manager created by JFrog. A repository manager is a dedicated server application designed to manage binary components for the application that we build.

Using a repository manager is one of the best practice for using any build tools, whether we use mavenGradle, or Ant.

Last post we have discussed about jfrog, now lets install and configure it.

Update Base System-Operating System: Ubuntu16:04

# apt-get update
# apt-get -y upgrade

1.0 Installing Oracle JDK 8:

Now, let’s install Java Development Kit 8. We will use Oracle JDK instead of OpenJDK version of JDK 8. We’ll also use webupd8team ppa repository instead of installing JDK manually. Add webupd8team PPA repository.

# add-apt-repository ppa:webupd8team/java

Update repository metadata.

# apt-get update

Install Oracle JDK 8:

# apt-get -y install oracle-java8-installer

Package configuration. Choose OK.

Accepting Oracle Binary Code License Terms. Choose Yes Check Java version by running command below.

# java -version

2.0 Install MySQL 5.6:

We will install and use MySQL 5.6 as database for Artifactory. We will use MySQL Server 5.6.

# apt-get -y install mysql-server-5.6

We need to setup MySQL root password. Please

Verify root password.

2.1. Secure the MySQL Installation:

We will secure MySQL installation by running

# mysql_secure_installation

Follow the questions and setup it as you want.

2.2. Create a Database for Artifactory:

Now we have a secure MySQL installation, it’s time to create database and user for Artifactory itself.

Login to MySQL using root credentials

# mysql -u root -p

Create new database named jfrogartis using the command below

mysql> CREATE DATABASE jfrogartis;

2.3. Create a User for Artifactory:

The database for Artifactory is ready, let’s create username and password and grant privileges to artifactory database.

Don’t forget to FLUSH PRIVILEGES so that the privileges table will be reloaded by MySQL and we can use new credential.Don’t forget to change the password mysecret below with better password.

mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `jfrogartis`.* TO 'artifactory'@'localhost' IDENTIFIED BY 'mysecret';
mysql> FLUSH PRIVILEGES

3.0. Install Nginx:

Please follow installation steps to install nginx on appropriate OS

Centos/Redhathttps://foxutech.com/install-configure-nginx-redhatcentos-7/

Ubuntuhttps://foxutech.com/how-to-setup-lemp-on-ubuntu/

3.1. Configure Nginx Sites for Artifactory:

Create two new directories named sites-available and sites-enabled with commands below: (if not exists already)

# mkdir /etc/nginx/sites-available
# mkdir /etc/nginx/sites-enabled

open /etc/nginx/nginx.conf find line:

   include /etc/nginx/conf.d/*.conf;

replace with

   include /etc/nginx/sites-enabled/*.conf;

Remove contents of /etc/nginx/conf.d

# rm -f /etc/nginx/conf.d/*

Now we are ready to configure Artifactory site.

3.2. HTTP Only Configuration:

Create a file /etc/nginx/sites-available/artifactory.conf with contents below. You need to change server_name line below with the domain name that you plan to use for Artifactory.

    server {
        listen 80 default_server;
        listen [::]:80 default_server;server_name artifactory.mydomain.xyz;
        root /usr/share/nginx/artifactory;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;location / {
          proxy_pass http://localhost:8081;
        }
}

Enable the configuration by creating symbolic link:

# ln -sf /etc/nginx/sites-available/artifactory.conf /etc/nginx/sites-enabled/artifactory.conf

Now restart Nginx

# service nginx restart

Nginx is ready to work as reverse proxy. You will still get error when opening the sites since Artifactory is not ready yet.

3.3. HTTPS Only Configuration

The configuration below will make Nginx serve both on http port and https port. When a request comes to the http port it will be redirected to https port.

We assume that you already have an ssl certificate and the private key pair. When using this configuration, you need to change server_name ssl_certificate and ssl_certificate_key lines below.

Before creating the configuration file. Let’s create new folder to put ssl certificate.

# mkdir /etc/nginx/ssl

Create a new configuration file /etc/nginx/sites-available/artifactory-ssl.conf with the content below:

server {
        listen 80 default_server;
        listen [::]:80 default_server;# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
        return 301 https://$host$request_uri;
    }server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;server_name artifactory.mydomain.xyz;
        root /usr/share/nginx/artifactory;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme
        ssl_certificate /etc/nginx/ssl/artifactory.mydomain.xyz.crt;
        ssl_certificate_key /etc/nginx/ssl/artifactory.mydomain.xyz.key;ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;# intermediate configuration. tweak to your needs.
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
        ssl_prefer_server_ciphers on
        add_header Strict-Transport-Security max-age=15768000;
location / { proxy_pass http://localhost:8081; } }

Eable the site by creating symbolic link using command below:

# ln -sf /etc/nginx/sites-available/artifactory-ssl.conf /etc/nginx-sites-enabled/artifactory-ssl.conf

Test Nginx configuration using command below:

# service nginx configtest
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If the output is different than above, Nginx will show error message and show which file and line of the configuration still not correct.

Restart Nginx using command below:

# service nginx restart

4.0. Install JFrog Artifactory:

Now we are ready to install JFrog Artifactory. Let’s add JFrog repository key so apt can verify the packages downloaded from JFrog repository.

# wget -c -O- "https://bintray.com/user/downloadSubjectPublicKey?username=jfrog" | sudo apt-key add -

Add JFrog repository to source list file. We put the repository configuration under /etc/apt/sources.list.d/ instead of putting the configuration on /etc/apt/sources.list to make it easier to manage the repository.

# echo "deb https://bintray.com/artifact/download/jfrog/artifactory-debs trusty main" | sudo tee -a /etc/apt/sources.list.d/artifactory-oss.list

Update metadata and install JFrog Artifactory OSS.

# apt-get update
# apt-get -y install jfrog-artifactory-oss

5.0. Configure JFrog Artifactory Database:

Even though we already create database and user for Artifactory we will use configure.mysql.sh script that Artifactory provides. This will create MySQL user, create database, and changing contents of Artifactory configuration files.

# /opt/jfrog/artifactory/bin/configure.mysql.sh

Enter the mysql details, and it will ask to install/download the MySQL JDBC connector.

5.1. Manually Configure Artifactory Database:

We can also configure the database manual without using configure.mysql.sh that Artifactory provides.

First let’s download MySQL JDBC Connector.

# wget -nv --timeout=30 -O /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.24.jar http://repo.jfrog.org/artifactory/remote-repos/mysql/mysql-connector-java/5.1.24/mysql-connector-java-5.1.24.jar 2>&1

Now open /etc/opt/jfrog/artifactory/storage.properties. On the sample below the database name is jfrogartis and configured as part of url. You can change database name, username and password.

type=mysql
driver=com.mysql.jdbc.Driver
url=jdbc:mysql://localhost:3306/jfrogartis?characterEncoding=UTF-8&elideSetAutoCommits=true
username=artifactory
password=jfrogpass

5.2. Starting Artifactory Service:

Now we’re ready to start Artifactory service. We can use command below:

# service artifactory start

Artifactory will take some time to start for the first time. You can monitor the startup process by looking at log file. Artifactory log file is located at /opt/jfrog/artifactory/tomcat/logs/catalina.out.

The Artifactory startup process will include creating database schema, default super user admin and starting the application itself to listen on specific ports. when we get INFO: Starting ProtocolHandler message, it means the application is ready.

Steps to check basic facts in Artifactory:

Accessing Artifactory

Now point your browser to Artifactory address. Artifactory will prompt us to login. Artifactory default admin username and password is admin / password

The main dashboard shows features supported by Artifactory. Some integration shows Not Available which means it’s not supported on OSS version.

Change Artifactory Admin Password

Accessing System Logs

We can access System Logs from sidebar menu Admin -> Advanced -> System Logs

Artifactory Maintenance Configuration

We can access the Artifactory maintenance configuration from sidebar menu Admin -> Advanced -> Maintenance. In this page we can configure garbage collection schedule, storage quota, cleanup unused cached artifacts and clean up virtual repositories.

We can also clean up storage by compress internal database and prune unreferenced data.

Artifactory Storage Summary

We can access Artifactory storage summary from sidebar menu Admin -> Advanced -> Storage.

Backup Management

We can access Artifactory backup management from sidebar menu Admin -> Services -> Backups.

Artifactory General Configuration

We can access Artifactory backup management from sidebar menu Admin -> Configuration -> General.

In this page we can set server name, custom base URL, max size for file upload and also date format.

Setting Artifactory Custom Message

Proxy Management

Mail Configuration

We can access Artifactory mail configuration from sidebar menu Admin -> Configuration -> Mail. We can use any mail server available, either locally installed mail server or third-party service like Amazon SES or SendGrid.

User Management

Exit mobile version