artifactory-pro7 部署以及ladp、nginx配置

1、artifactory-pro部署

version: '3.7'
services:
  artifactory:
    image: releases-docker.jfrog.io/jfrog/artifactory-pro:7.55.8
    container_name: artifactory
    ports:
      - 8082:8082 # for router communication
      - 8081:8081 # for artifactory communication
    volumes:
      - ./data/artifactory/var:/var/opt/jfrog/artifactory
      - /etc/localtime:/etc/localtime:ro
    privileged: true
    user: root
    restart: always
    logging:
      driver: json-file
      options:
        max-size: "50m"
        max-file: "10"
    ulimits:
      nproc: 65535
      nofile:
        soft: 32000
        hard: 40000

    networks:
      application:
        aliases:
          - artifactory-pro
networks:
  application:
    name: commons
    driver: bridge

2、数据库配置

配置路径 /opt/jfrog/artifactory/var/etc/system.yaml

## @formatter:off
## JFROG ARTIFACTORY SYSTEM CONFIGURATION FILE
## HOW TO USE: comment-out any field and keep the correct yaml indentation by deleting only the leading '#' character.
configVersion: 1


## NOTE: JFROG_HOME is a place holder for the JFrog root directory containing the deployed product, the home directory for all JFrog products.
## Replace JFROG_HOME with the real path! For example, in RPM install, JFROG_HOME=/opt/jfrog

## NOTE: Sensitive information such as passwords and join key are encrypted on first read.
## NOTE: The provided commented key and value is the default.

## SHARED CONFIGURATIONS
## A shared section for keys across all services in this config
shared:
  ## Security Configuration
  security:
  ## Join key value for joining the cluster (takes precedence over 'joinKeyFile')
  #joinKey: "<Your joinKey>"

  ## Join key file location
  #joinKeyFile: "<For example: JFROG_HOME/artifactory/var/etc/security/join.key>"

  ## Master key file location
  ## Generated by the product on first startup if not provided
  #masterKeyFile: "<For example: JFROG_HOME/artifactory/var/etc/security/master.key>"

  ## Maximum time to wait for key files (master.key and join.key)
  #bootstrapKeysReadTimeoutSecs: 120

  ## Node Settings
  node:
  ## A unique id to identify this node.
  ## Default: auto generated at startup.
  #id: "art1"

  ## Default: auto resolved by startup script
  #ip:

  ## Sets this node as primary in HA installation
  #primary: true

  ## Sets this node as part of HA installation
  #haEnabled: true

  ## Database Configuration
  database:
    ## Example for postgresql
    type: postgresql
    ## One of: mysql, oracle, mssql, postgresql, mariadb
    ## Default: Embedded derby
    driver: org.postgresql.Driver
    url: "jdbc:postgresql://postgres:5432/artifactory-pro"
    username: root
    password: a123456

2.1、postgres安装

version: '3.7'
services:
  artifactory:
    image:  postgres:13.11
    container_name: postgres
    environment:
      - TZ=Asia/Shanghai
      - POSTGRES_USER=root
      - POSTGRES_PASSWORD=a123456
    volumes:
      - ./data/:/var/lib/postgresql/data
      - /etc/localtime:/etc/localtime
    ports:
      - "5432:5432"
    privileged: true
    user: root
    restart: always
    logging:
      driver: json-file
      options:
        max-size: "50m"
        max-file: "10"
    networks:
      application:
        aliases:
          - postgres-sql
networks:
  application:
    name: commons
    driver: bridge

3、nginx 配置

server {
        listen       80;
        server_name artifactory.jfrog.com;
        rewrite ^(.*)$ https://$host$1 permanent;
}

server {
    listen 443 ssl;    
    server_name artifactory.jfrog.com;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_certificate      /etc/nginx/cert/jfrog.com.pem;
	ssl_certificate_key  /etc/nginx/cert/jfrog.com.key;
	ssl_session_cache shared:SSL:1m;
	ssl_prefer_server_ciphers   on;
    if ($http_x_forwarded_proto = '') {
        set $http_x_forwarded_proto  $scheme;
    }
    rewrite ^/$ /artifactory/webapp/ redirect;
    rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
    rewrite ^/(v2)/(.*) /artifactory/$1/$2;
    chunked_transfer_encoding on;
    client_max_body_size 0;
    location /artifactory/ {
        proxy_read_timeout  2400s;
        proxy_pass_header   Server;
        proxy_cookie_path   ~*^/.* /;
        if ( $request_uri ~ ^/artifactory/(.*)$ ) {
            proxy_pass          http://10.10.0.20:8081/artifactory/$1;
        }
        proxy_pass          http://10.10.0.20:8081/artifactory/;
        proxy_set_header    X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
        proxy_set_header    X-Forwarded-Port  $server_port;
        proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
        proxy_set_header    Host              $http_host;
        proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
    }
    location /ui/ {
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://10.10.0.20:8082/;
    }
}

4、LADP设置

5、参考

lldap部署

artifactory-pro官网