Artifactory is a repository manager created by JFrog. A repository manager is a dedicated server application designed to manage binary components for the application that we build.
Using a repository manager is one of the best practice for using any build tools, whether we use maven, Gradle, or Ant.
Several benefits of using a repository manager accroding to the maven website:
Reduce number of downloads from remote repositories, this can save not only bandwidth but also time.
Improve build stability since you are less dependent on external repositories.
Increase performance for interaction with remote SNAPSHOT repositories.
Potential for control consumed and provided artifacts.
Create a central storage and access to artifacts and metadata that can be used by another developer, even another projects. QA and operations team also get the benefits by using the same binary.
Become effective platform for exchanging binary artifact within and beyond your organization without the need of building the source.
Sharing source code of the components might seems easier and can easily be done but with large number of developers and projects it will be difficult to track which application use which version of components since the component source code can also be updated by the developers of specific project.
Using an artifact repository manager will make sure which (binary) component is being used on an application.
Several features of JFrog Artifactory :
Reliability : As a local proxy to the outside world, Artifactory guarantees consistent access to the components needed by your build tools.
Efficiency : Remote artifacts are cached locally for reuse, so that you don’t have to download them over and over again.
Security : Advanced security features give you control over who can access your artifacts, and where they can deploy them.
Stability : Supports large load bursts with extremely high concurrency and unmatched data integrity.
Automation :Automate all aspects of artifact management using a powerful REST API.
There are SaaS version and also self hosted version of artifactory.
The self-hosted version divided into three versions: OSS, Pro and Enterprise. The Pro and Enterprise versions have features that is not available on OSS version. Features that supported on Artifactory OSS versions are:
Oracle JDK 8. Artifactory is Java software, so we will use Oracle Java 8 to run Artifactory.
MySQL 5.6. Artifactory comes with built in Derby database. It's not a strict requirement but highly recommended to use external database. Artifactory support MySQL, PostgreSQL, Oracle and MSSQL Server. In this tutorial we'll setup MySQL server as external database but on the same server with Artifactory. When needed in the future you can easily migrate the database to dedicated MySQL instance.
Nginx. Artifactory run on top of Tomcat as application server. We can access artifactory directly but we will use Nginx as reverse proxy for Tomcat / Artifactory. We will also setup SSL on Nginx so SSL termination will happen on Nginx instead of on Tomcat.
Update Base System
This tutorial assume we have clean minimalist install of Ubuntu Server 14.04 Trusty Tahr.
Before we install JFrog Artifactory and the components needed, let's update the base system by running command below
$ sudo apt-get update
$ sudo apt-get -y upgrade
Installing Oracle JDK 8
Now, let's install Java Development Kit 8. We will use Oracle JDK instead of OpenJDK version of JDK 8.
We'll also use webupd8team ppa repository instead of installing JDK manually.
Add webupd8team PPA repository.
$ sudo add-apt-repository ppa:webupd8team/java
Oracle Java (JDK) Installer (automatically downloads and installs Oracle JDK7 / JDK8 / JDK9). There are no actual Java files in this PPA.
More info (and Ubuntu installation instructions):
- for Oracle Java 7: http://www.webupd8.org/2012/01/install-oracle-java-jdk-7-in-ubuntu-via.html
- for Oracle Java 8: http://www.webupd8.org/2012/09/install-oracle-java-8-in-ubuntu-via-ppa.html
Important!!! For now, you should continue to use Java 8 because Oracle Java 9 is available as an early access release (it should be released in 2016)! You should only use Oracle Java 9 if you explicitly need it, because it may contain bugs and it might not include the latest security patches! Also, some Java options were removed in JDK9, so you may encounter issues with various Java apps. More information and installation instructions (Ubuntu / Linux Mint / Debian): http://www.webupd8.org/2015/02/install-oracle-java-9-in-ubuntu-linux.html
More info: https://launchpad.net/~webupd8team/+archive/ubuntu/java
Press [ENTER] to continue or ctrl-c to cancel adding it
gpg: keyring `/tmp/tmpaz5gxp9d/secring.gpg' created
gpg: keyring `/tmp/tmpaz5gxp9d/pubring.gpg' created
gpg: requesting key EEA14886 from hkp server keyserver.ubuntu.com
gpg: /tmp/tmpaz5gxp9d/trustdb.gpg: trustdb created
gpg: key EEA14886: public key "Launchpad VLC" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
We will secure MySQL installation by running mysql_secure_installation.
Enter the root password that we set on installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Since we already have root password set, answer this part with n
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
You already have a root password set, so you can safely answer 'n'.
Change the root password? [Y/n] n
Remove anonymous user to improve security. This will make sure people or application have correct username and password to login to MySQL. Answer with Y
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
Remove anonymous users? [Y/n] Y
We also want remove root login from remote machine. Answer with Y
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
Previously the test database created automatically by MySQL installation, but MySQL 5.6 does not create test database. We can still choose Y, it will throw error but that's fine.
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
ERROR 1008 (HY000) at line 1: Can't drop database 'test'; database doesn't exist
... Failed! Not critical, keep moving...
- Removing privileges on test database...
The last step is to reload MySQL privilege table.
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
Create a Database for Artifactory
Now we have a secure MySQL installation, it's time to create database and user for Artifactory itself.
Login to MySQL using root credentials
$ mysql -u root -p
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 58
Server version: 5.6.30-0ubuntu0.14.04.1 (Ubuntu)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
Create new database named artdb using the command below
Now we have nginx installed, we can check it by checking the status of the service :
$ sudo service nginx status
Configure Nginx Sites For Artifactory
In this tutorial we'll learn how to configure Nginx to serve as an http only proxy and https only proxy.
The configuration directory structure created by nginx package from nginx.org repository is a little bit different with the configuration of the Nginx package from Ubuntu repository. We will reconfigure Nginx configuration directory to make it easier to enable and disable site configuration.
Create two new directories named sites-available and sites-enabled with commands below:
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
Add JFrog repository to source list file. We put the repository configuration under /etc/apt/sources.list.d/ instead of putting the configuration on /etc/apt/sources.list to make it easier to manage the repository.
$ echo "deb https://bintray.com/artifact/download/jfrog/artifactory-debs trusty main" | sudo tee -a /etc/apt/sources.list.d/artifactory-oss.list
Update metadata and install JFrog Artifactory OSS.
Even though we already create database and user for Artifactory we will use configure.mysql.sh script that Artifactory provides. This will create MySQL user, create database, and changing contents of Artifactory configuration files.
Now we're ready to start Artifactory service. We can use command below:
$ sudo service artifactory start
Artifactory will take some time to start for the first time. You can monitor the startup process by looking at log file. Artifactory log file is located at /opt/jfrog/artifactory/tomcat/logs/catalina.out. I quote some lines below that I found interesting.
The Artifactory startup process will include creating database schema, default super user admin and also starting the application itself to listen on specific ports. Once we get INFO: Starting ProtocolHandler message, it means the application is ready.
We can access the Artifactory maintenance configuration from sidebar menu Admin -> Advanced -> Maintenance. In this page we can configure garbage collection schedule, storage quota, cleanup unused cached artifacts and also clean up virtual repositories.
We can set Artifactory to use a proxy. This can be useful if we are on strict network where outgoing traffic is limited and we have to use proxy to access the internet. To add new proxy, click New on top right of the form.
We can access Artifactory mail configuration from sidebar menu Admin -> Configuration -> Mail. We can use any mail server available, either locally installed mail server or third party service like Amazon SES or SendGrid.
Truth be told, it’s difficult for a web application that doesn’t have some kind of identification, even if you don’t see it as a security measure in and of itself. The Internet is a kind of lawless land, and even on free services like Google’s, authentication ensures that abuses will...
Although data persistence is almost always a fundamental element of applications, Node.js has no native integration with databases. Everything is delegated to third-party libraries to be included manually, in addition to the standard APIs. Although MongoDB and other non-relational databases are the most common choice with Node because if you...