Search


Cloud customer?
Upgrade in MyJFrog >


Working with an older version?

JFrog Artifactory 6.x
JFrog Xray 2.x
JFrog Mission Control 3.x
JFrog Distribution 1.x
JFrog Enterprise+ (Pre-Platform Release)




Overview

The JFrog Platform is composed of multiple services, for each JFrog product, running on multiple nodes. Communication between services is done through router services. Every node has its own router service. The router is responsible for (but not limited to):

  • Monitoring the health of its local services
  • Routing communication between services inside the node and between nodes
  • Enabling TLS between nodes
  • Service discovery

In summary, in the JFrog Platform service mesh, the router is responsible for communication between services in the data plane.

The following describes how the Platform communication is configured between nodes, including:

Additional information on the JFrog Platform services can be found in the JFrog Platform Deployment (JPD) system architecture.

Page Contents


Establishing Trust Using Join Keys

As part of the JFrog Platform, you'll first need to install JFrog Artifactory as the base of your platform deployment. Any additional products installed, must be connected to Artifactory in order to be part of the Platform Deployment.

To do this, you'll need to connect and establish trust using the JFrog URL and the Join Key. The JFrog URL is used by the router for service discovery and health notifications. The Join Key is used to establish trust between the services.

Managing TLS Certificates

TLS connections, using TLS Certificates, can be used within the JFrog Platform between the different cluster nodes and services, or by JFrog services for communicating with remote sites.

Configuring Proxy between JFrog products

In corporate environments it may be required to go through a corporate proxy for all cross-node communication. This can be done using the router services to establish:

  1. Internal communication between services and their local router within a JPD.
  2. Outbound communication through a proxy.

To configure the router, set the following in each service's System YAML Configuration File.

Note: the below example assumes the proxy is listening on 1.2.3.4:7777 for http and on 1.2.3.4:8888 for https.

router:
  proxy:
    # Proxy url for all outgoing http requests
    httpUrl: "http://1.2.3.4:7777"
    # Proxy url for all outgoing https requests
    httpsUrl: "https://1.2.3.4:8888"
    # List of target hosts to communicate with directly, bypassing the proxy.
    # "localhost" will always be added to this list automatically.
    ignoredHosts:
    - "example1.ignored.host"
    - "example2.ignored.host"
  1. The router automatically adds localhost to the ignored hosts.
  2. The example above uses the system configuration file, but the same can be done using environment variables (JF_ROUTER_PROXY_HTTPURL, JF_ROUTER_PROXY_HTTPSURL, JF_ROUTER_PROXY_IGNOREDHOSTS).
  3. The router respects also the standard proxy related environment variables (HTTP_PROXY, HTTPS_PROXY, NO_PROXY), but the router''s system configuration takes precedence if defined.
  4. All other services should also be configured in a similar way to prevent them to go through proxy when calling the local router and to use the proxy when going out to external 3rd party services (e.g. Artifactory remote repositories).



Copyright © 2020 JFrog Ltd.