如何在ubuntu20.04 LTS上安装JFrog Artifactory
JFrog Artifactory是一个开源的存储库管理应用程序,可以与持续集成和交付工具集成。它是一个跨平台的工具,允许DevOps管理多个包存储库。它提供了高可用性和多站点复制,以自动化管道并支持更快的发布。
在本教程中,我们将向我们展示如何在ubuntu20.04上安装JFrog Artifactory。
准备工作
运行ubuntu20.04的服务器。
指向服务器的有效域名。
已在服务器上配置root密码。
安装JFrog Artifactory
默认情况下,JFrog Artifactory不在ubuntu20.04默认存储库中。因此,我们需要将JFrog Artifactory库添加到系统中。
首先,使用以下命令安装Gnupg2包:
apt-get install gnupg2 -y
接下来,使用以下命令下载并添加GPG密钥:
wget -qO - https://api.bintray.com/orgs/jfrog/keys/gpg/public.key | apt-key add -
接下来,使用以下命令添加JFrog Artifactory库:
echo "deb https://jfrog.bintray.com/artifactory-debs bionic main" | tee /etc/apt/sources.list.d/jfrog.list
添加存储库后,使用以下命令更新存储库并安装JFrog Artifactory:
apt-get update -y apt-get install jfrog-artifactory-oss -y
安装成功完成后,我们应该得到以下输出:
************ SUCCESS **************** The Installation of Artifactory has completed successfully. NOTE: It is highly recommended to use Artifactory with an external database (MySQL, Oracle, Microsoft SQL Server, PostgreSQL, MariaDB). For details about how to configure the database, refer to https://service.jfrog.org/installer/Configuring+the+Database Start Artifactory with: > systemctl start artifactory.service Check Artifactory status with: > systemctl status artifactory.service Installation directory was set to /opt/jfrog/artifactory You can find more information in the log directory /opt/jfrog/artifactory/var/log System configuration templates can be found under /opt/jfrog/artifactory/var/etc Copy any configuration you want to modify from the template to /opt/jfrog/artifactory/var/etc/system.yaml Triggering migration script, this will migrate if needed ... Processing triggers for man-db (2.9.1-1) ... Processing triggers for systemd (245.4-4ubuntu3) ...
接下来,使用以下命令启动Artifactory服务并使其在系统重启时启动:
systemctl start artifactory systemctl enable artifactory
接下来,使用以下命令验证 Artifactory服务的状态:
systemctl status artifactory
我们应该得到以下输出:
? artifactory.service - Artifactory service Loaded: loaded (/lib/systemd/system/artifactory.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2020-06-07 12:42:39 UTC; 40s ago Process: 15671 ExecStart=/opt/jfrog/artifactory/app/bin/artifactoryManage.sh start (code=exited, status=0/SUCCESS) Main PID: 17974 (java) Tasks: 0 (limit: 9522) Memory: 2.4M CGroup: /system.slice/artifactory.service ? 17974 /opt/jfrog/artifactory/app/third-party/java/bin/java -Djava.util.logging.config.file=/opt/jfrog/artifactory/app/artifacto> May 07 12:42:38 ubuntu2004 su[18380]: (to artifactory) root on none May 07 12:42:38 ubuntu2004 su[18380]: pam_unix(su:session): session opened for user artifactory by (uid=0) May 07 12:42:38 ubuntu2004 su[18380]: pam_unix(su:session): session closed for user artifactory May 07 12:42:38 ubuntu2004 su[18534]: (to artifactory) root on none May 07 12:42:38 ubuntu2004 su[18534]: pam_unix(su:session): session opened for user artifactory by (uid=0) May 07 12:42:39 ubuntu2004 su[18534]: pam_unix(su:session): session closed for user artifactory May 07 12:42:39 ubuntu2004 su[18655]: (to artifactory) root on none May 07 12:42:39 ubuntu2004 su[18655]: pam_unix(su:session): session opened for user artifactory by (uid=0) May 07 12:42:39 ubuntu2004 su[18655]: pam_unix(su:session): session closed for user artifactory May 07 12:42:39 ubuntu2004 systemd[1]: Started Artifactory service.
此时,安装了Artifactory并在端口8082监听。
将Nginx配置为反向代理
接下来,我们需要将Nginx配置为JFrog的反向代理。首先,使用以下命令安装Nginx web服务器:
apt-get install nginx -y
安装Nginx后,使用以下命令创建一个新的Nginx虚拟主机配置文件:
nano /etc/nginx/sites-available/jfrog.conf
添加以下行:
upstream jfrog { server 127.0.0.1:8082 weight=100 max_fails=5 fail_timeout=5; } server { listen 80; server_name jfrog.0nitroad.com; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://jfrog/; } }
保存并关闭文件,然后使用以下命令激活Nginx虚拟主机:
ln -s /etc/nginx/sites-available/jfrog.conf /etc/nginx/sites-enabled/`
接下来,使用以下命令验证Nginx配置文件是否存在任何语法错误:
nginx -t
我们将看到以下输出:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
最后,重新启动Nginx服务来使更改生效:
systemctl restart nginx
此时,Nginx被配置为服务于JFrog站点。
使用Let's Encrypt来保证JFrog安全
建议使用Let's Encrypt SSL来保护JFrog。
首先,使用以下命令添加Certbot存储库:
apt-get install software-properties-common -y add-apt-repository ppa:ahasenack/certbot-tlssni01-1875471
接下来,使用以下命令更新存储库并安装Certbot客户机:
apt-get update -y apt-get install certbot python3-certbot-nginx -y
安装Certbot客户端后,运行以下命令下载并安装网站的SSL:
certbot --nginx -d jfrog.0nitroad.com
我们会要求我们提供有效的电子邮件,并接受如下所示的服务期限:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): Hyman@theitroad - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for jfrog.0nitroad.com Waiting for verification... Cleaning up challenges Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/jfrog.conf
接下来,选择是否将HTTP流量重定向到HTTPS:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
输入 2并按回车键开始处理。安装证书后,我们将看到以下输出:
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/jfrog.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://jfrog.0nitroad.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=jfrog.0nitroad.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/jfrog.0nitroad.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/jfrog.0nitroad.com/privkey.pem Your cert will expire on 2020-09-07. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le - We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.
访问Artifactory 的web界面
现在,打开web浏览器并键入https://jfrog.0nitroad.com。
我们将被重定向到登录页面:
提供默认用户名为“admin”,密码为“password”,点击 Login按钮。
现在,点击 开始按钮。我们应该会看到密码重置页面:
设置新的管理员密码并点击 下一步按钮。
设置你的基本网址并点击 下一步按钮。
选择所需的存储库并单击 下一步按钮。
现在,单击Finish按钮。我们应该会看到Artifactory控制面板。
总结
在上面的教程中,我们学习了如何在ubuntu20.04上安装JFrog Artifactory。我们还学习了如何使用Let's Encrypt SSL来保护JFrog。