To configure Artifactory for direct cloud storage download, follow the steps below:
Because the JetS3t library is no longer maintained; therefore, S3 templates are being deprecated in Artifactory in the second quarter of 2022. You should use the s3-storage-v3 instead, which uses the official, highly-maintained AWS S3 SDK. The transition should be seamless between s3 to s3-storage-v3, as most parameters are the same between the two providers. To learn more, see S3 Object Storage Amazon S3 Official SDK Template. |
As described under Configuring the Filestore, you can control how Artifactory stores binaries using the $JFROG_HOME/artifactory/var/etc/artifactory/binarystore.xml
file.
To enable direct cloud storage download, follow the steps below:
binarystore.xml
file, for s3 set useSignature
to true, for s3-storage-v3 set enableSignedUrlRedirect
to true.Set the following parameters in the S3 Binary Provider or AmazonS3 Official SDK Client of your binarystore.xml
file:
enableSignedUrlRedirect | Enables the feature for s3-storage-v3 |
useSignature | Enables the feature for s3 |
signedUrlExpirySeconds | Default: 30 (optional) Specifies the number of seconds that a signed URL provided to a requesting client for direct download from cloud storage is valid. |
The following snippet shows an example of how these parameters may look in the S3 Binary Provider of your binarystore.xml
file:
<useSignature>true</useSignature> <signedUrlExpirySeconds>30</signedUrlExpirySeconds> <signatureExpirySeconds>300</signatureExpirySeconds> |
Artifactory can be configured to redirect requests for direct download at the level of repositories (there is no global configuration to automatically redirect all requests). This allows you to support both clients that support download redirect responses (HTTP 302) as well as those that do not. Download redirection is supported for all repository types - local, remote, virtual, and generic repositories. For local and remote repositories configured for redirection, all requests are redirected. For virtual repositories, it depends which aggregated local or remote repository ultimately provides the requested artifact. If that repository is configured for redirection, then the requesting client will receive the corresponding redirection response, otherwise, Artifactory will fetch the requested artifact and provide it to the client as usual without redirection.
Artifactory can only redirect requests for direct cloud storage download if the requested artifact is available locally. For local repositories, this is the natural state, however, for remote repositories, you have the option to configure the repository NOT to cache artifacts locally by deselecting the Store Artifacts Locally checkbox in the Advanced tab of the repository configuration (or by setting |
You can configure Artifactory to redirect requests for direct download using the UI, REST API and YAML configuration file.
To configure a local or remote repository to redirect requests for direct download, set the Enable Direct Cloud Storage Download
checkbox in the Advanced tab of the repository configuration.
To configure a local or remote repository to redirect requests for direct download using the REST API, set the downloadRedirect
attribute to be true
(default, false
). For example:
curl -u admin:password -X POST -H "Content-Type: application/json" -d '{"rclass":"local", "downloadRedirect": true}' http://localhost:8080/artifactory/api/repositories/s3-generic |
Alternatively, you can set the downloadRedirect
parameter in the repository configuration JSON to be true.
If you are configuring repositories using a YAML file, you can use the downloadRedirect
attribute.
For example, to configure a repository called generic-remote
for direct download:
curl -u admin:password -X PATCH -H "Content-Type: application/yaml" "http://localhost:8080/artifactory/api/system/configuration" -T remote.yaml |
where remote.yaml
is:
remoteRepositories: generic-remote: downloadRedirect: enabled: true |
One of the benefits of the direct cloud storage downloads feature is that it reduces the load on Artifactory registries when multiple download requests for large artifacts must be served simultaneously. This benefit is implemented when the artifacts being downloaded are indeed large. To fine-tune this feature, set the minimal artifact size for which a download request may be redirected for direct cloud storage download using the Minimum Direct Cloud Storage Download Size parameter (the default for self-hosted customers is 1 MB).
You can control the Download by configuring the following header: X-JFrog-Download-Redirect-To
.
The following methods are supported to control your signed URL redirects:
When direct cloud storage downloads are enabled, it means that artifacts requested will actually be served from the S3 or CloudFront domains rather than from Artifactory's domain. Since these domains are constant in the signed URLs Artifactory provides, you should add them to your organization's firewall to enable smooth and unhindered downloads. The domains you should add are:
For S3: https://<bucketName>.s3.amazonaws.com/...
where <bucketName> is the value of the corresponding attribute specified in the S3 Binary Provider of your binarystore.xml
file. For example,
https://data1234.s3.amazonaws.com/myStoreOfBinaries/60/60b27f004e454aca92b0958209cck4829ec52430?response-content-disposition=attachment%3Bfilename%3D%22connector-java-5.1.4.txt%22&AWSAccessKeyId=AKIAPLS9HS&Expires=1539374539&Signature=lPDrAHlf |
For CloudFront: https://<cloudFrontDomainName>.cloudfront.net/...
where <cloudFrontDomainName> is the value of the corresponding attribute specified in the S3 Binary Provider of your binarystore.xml
file. For example,
https://d2h935dfm2pkds.cloudfront.net/yuval/60/60b27f004e454aca92b0958209cck4829ec52430?response-content-disposition=attachment%3Bfilename%3Djava.jar&Policy=eyJTdGF0ZW1uMzM2ZGZtNnB&Signature=NVmUyUTG~930ub3~mr6~&Key-Pair-Id=APPFSI9VDAF |
To further optimize direct cloud storage downloads, Artifactory lets you specify CloudFront settings which will determine in which locations your artifacts will physically reside which means downloads from your S3 bucket will be via a rapid CDN.
To use CloudFront with direct cloud storage downloads, follow the steps below:
In the AWS console, under CloudFront | Behaviors, set a pattern on the distribution with Forward Query Strings = yes.
This allows files to be downloaded using the actual filename as opposed to their SHA1 value.
Match up your distribution with your S3 bucket.
Make sure that the distribution points to the same S3 bucket configured in your S3 Binary Provider in your |
binarystore.xml
file, for s3 set useSignature
to true, or for s3-storage-v3 set enableSignedUrlRedirect
to true.Set the following CloudFront parameters in the S3 Binary Provider of your binarystore.xml
file:
cloudFrontDomainName | The unique domain provided by AWS |
cloudFrontKeyPairId | The unique identifier of the key pair you created in step 2 above |
cloudFrontPrivateKey | The private key you created in step 2 above, in the following format:
|
The following snippet shows an example of how these parameters may look in the S3 Binary Provider of your binarystore.xml
file:
<useSignature>true</useSignature> <cloudFrontDomainName>d2n9783dfm6kdoq.cloudfront.net</cloudFrontDomainName> <cloudFrontKeyPairId>APKPDIVCZ4OS2GY6VMGS</cloudFrontKeyPairId> <cloudFrontPrivateKey>-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAmVbCi33YzIyQMGJkNJN7NbRAEzZIxHv43nmq0b+tDM2CKX+f ........................... ........................... -----END RSA PRIVATE KEY----- </cloudFrontPrivateKey> |