Installation of Artifactory on Centos 7

Posted on by Patrick Connolly

The purpose of this is to give a step by step walkthrough of how to install Artifactory on Centos 7. Some assumptions we make before we begin is that we have a PostgreSQL database already set up for us, additionally we have an NGINX reverse proxy ready for final configuration. The system we will use is a basic installation of Centos 7 that is up to date as of March 13th, 2022 with a dockerized PostgreSQL database.

For this installation we will use OSS, however the steps are the same for PRO.

To begin we need to set some basic environment variables. This can be accomplished by adding the following to a file within /etc/profile.d/, in this case I call it artifactory.sh.

JFROG_HOME=/opt/jfrog
ARTIFACTORY_HOME=/opt/jfrog/artifactory
export JFROG_HOME
export ARTIFACTORY_HOME

We will then need to download the RPM installer package from JFrog’s website.

wget https://releases.jfrog.io/artifactory/artifactory-pro-rpms/jfrog-artifactory-[oss/pro]/jfrog-artifactory-[oss/pro]-[RELEASE_VERSION].rpm

Once we have the RPM collected, we can install using yum.

yum install -y jfrog-artifactory-[oss/pro]-[RELEASE_VERSION].rpm

Next we move on to configuring the database. In the directory $JFROG_HOME/artifactory/var/etc/ you will find the file system.yaml. You can add the following configuration to the end for PostgreSQL, not covered is configuration for MySQL, Oracle, MSSQL, MariaDB, or the embedded Derby Database which is the default if you do not configure something else. Please note that you put the password in raw text, upon startup of the instance it will be encrypted in the file for future usage.

  ## Database Configuration
  database:
    ## One of mysql, oracle, mssql, postgresql, mariadb
    ## Default Embedded derby

    ## Example for postgresql
    type: postgresql
    driver: org.postgresql.Driver
    url: "jdbc:postgresql://<hostname or IP>:<port>/<database>"
    username: <username>
    password: <password>

The next step is the Master/Join keys. You can read all about them at this location. It is not strictly necessary to do this however it is good to know about. Artifactory will generate these for you upon first startup, but I prefer to create my own.

mkdir $JFROG_HOME/artifactory/var/etc/security
openssl rand -hex 32 > $JFROG_HOME/artifactory/var/etc/security/join.key
openssl rand -hex 32 > $JFROG_HOME/artifactory/var/etc/security/master.key

In order to save files in your preferred directory versus the built in default of $JFROG_HOME/artifactory/var/data/artifactory/filestore, you will want to edit the binarystore.xml file as detailed in this location. Here is how I configured mine. Please be aware that the “artifactory” user and group should own the directory that the binaries are stored in.

<!-- file-system chain template structure  -->
<config version="v1">
    <chain template="file-system"/>
    <provider id="file-system" type="file-system">
        <baseDataDir>/artifactory_store/binaries</baseDataDir>
    </provider>
</config>

This step is important if you are upgrading or importing from Artifactory version 6.x, copy the logback.xml to the correct location in var. You can read about the file in this location, though they don’t mention this particular step as I had to learn this from experience.

cp $JFROG_HOME/artifactory/app/misc/etc/artifactory/logback.xml $JFROG_HOME/artifactory/var/etc/artifactory/

You can now start your Artifactory server. We will not navigate to the UI quite yet though, we will set up our NGINX reverse proxy. Assuming you already have NGINX set up and just need to add the configuration, you can find the official documentation here. Here is what I put for my NGINX configuration. Please note that artifactory.local on my machine is DNS mapped to the correct machine; this allows me to have the reverse proxy on a separate machine than the actual Artifactory server. Just make sure you have the ports available for the reverse proxy to hit otherwise you will get a 502 error.

server {
    listen 443 ssl;
    server_name <artifactory_url>;

    # SSL parameters
    ssl_certificate     /etc/letsencrypt/live/<domain>/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/<domain>/privkey.pem;

    if ($http_x_forwarded_proto = '') {
        set $http_x_forwarded_proto  $scheme;
    }
    ## Application specific logs
    ## access_log /var/log/nginx/yourdomain.com-access.log timing;
    ## error_log /var/log/nginx/yourdomain.com-error.log;
    rewrite ^/$ /ui/ redirect;
    rewrite ^/ui$ /ui/ redirect;
    chunked_transfer_encoding on;
    client_max_body_size 0;
    location / {
        proxy_read_timeout  2400s;
        proxy_pass_header   Server;
        proxy_cookie_path   ~*^/.* /;
        proxy_pass          http://artifactory.local:8082;
        proxy_next_upstream error timeout non_idempotent;
        proxy_next_upstream_tries    1;
        proxy_set_header    X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
        proxy_set_header    X-Forwarded-Port  $server_port;
        proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
        proxy_set_header    Host              $http_host;
        proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;

        location ~ ^/artifactory/ {
            proxy_pass    http://artifactory.local:8081;
        }
    }
}

In order to verify your NGINX configuration is correct, run “nginx -t” and it will double check your configuration before you reload to the running process.

Now you may navigate to the final URL for your Artifactory instance and enter the default credentials of:

  • Username: admin
  • Password: password

Follow the prompts to get your instance working and enjoy your Artifactory. This concludes the scope of the article.

Share and Enjoy !

Shares

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share