Establishing Trust Using Join Keys
As part of the JFrog Platform, you'll first need to install JFrog Artifactory as the base of your platform deployment. Any additional products installed, must be connected to Artifactory in order to be part of the Platform Deployment.
To do this, you'll need to connect and establish trust using the JFrog URL and theJoin Key. The JFrog URL is used by the router for service discovery and health notifications. The Join Key is used to establish trust between the services.
Managing TLS Certificates
TLS connections, usingTLS Certificates, can be used within the JFrog Platform between the different cluster nodes and services, or by JFrog services for communicating with remote sites.
Configuring Proxy between JFrog Products
在公司environments it may be required to go through a corporate proxy for all cross-node communication. This can be done using the router services to establish:
- Internal communication between services and their local router within a JPD.
- Outbound communication through a proxy.
To configure the router, set the following in each service'sSystem YAML Configuration File.
Note: the below example assumes the proxy is listening on1.2.3.4:7777for http and on1.2.3.4:8888for https.
router: proxy: # Proxy url for all outgoing http requests httpUrl: "http://1.2.3.4:7777" # Proxy url for all outgoing https requests httpsUrl: "https://1.2.3.4:8888" # List of target hosts to communicate with directly, bypassing the proxy. # "localhost" will always be added to this list automatically. ignoredHosts: - "example1.ignored.host" - "example2.ignored.host"
- The router automatically addslocalhostto the ignored hosts.
- The example above uses the system configuration file, but the same can be done using environment variables (
JF_ROUTER_PROXY_HTTPURL
,JF_ROUTER_PROXY_HTTPSURL
,JF_ROUTER_PROXY_IGNOREDHOSTS
). - The router respects also the standard proxy related environment variables (
HTTP_PROXY
,HTTPS_PROXY
,NO_PROXY
), but the router''s system configuration takes precedence if defined. - All other services should also be configured in a similar way to prevent them to go through proxy when calling the local router and to use the proxy when going out to external 3rd party services (e.g. Artifactory remote repositories).