JiaHe - 家和的学习分享

相遇即是缘

JFrog Artifactory

可以先参考该作者写的文章,https://www.cnblogs.com/eagle6688/tag/JFrog/

下载安装

JFrog | Download Legacy Versions

我选择下载 docker-compose 版本,Download Package

然后发送到 Linux,通过 tar -zxf jfrog-artifactory-pro-7.77.12-compose.tar.gz 解压。

cd artifactory-pro-7.77.12
ll .
# 存在以下文件
# README.md
# bin
# config.log
# config.sh
# docker-compose-postgres.yaml
# docker-compose.yaml
# systemDiagnostics.log
# templates
# third-party

运行./config.sh,按照提示一步步操作。最终输出包含以下提示。

start postgresql:    docker compose -p rt-postgres -f docker-compose-postgres.yaml up -d
stop  postgresql:    docker compose -p rt-postgres -f docker-compose-postgres.yaml down
start:               docker compose -p rt up -d
stop:                docker compose -p rt down

净化使用

参考 https://blog.lama.icu/posts/install-artifactory/ 完成净化功能

GitHub 加速下载 https://www.7ed.net/gitmirror/hub.html

因为是通过 docker 部署的,所有流程上略微不同。我设置的安装目录为 /opt/artifactory/,所以需要修改的 system.yml 路径为 /opt/artifactory/var/etc/system.yaml

shared:
     node:
         ip: 192.168.56.31
         id: rocky
         name: rocky
     database:
         type: postgresql
         driver: org.postgresql.Driver
         password: 0ff217.aesgcm256.sYcaND4qXSdUK0goLGCvmxwkeI71nxECDBzjfyjRZap-
         username: artifactory
         url: jdbc:postgresql://192.168.56.31:5432/artifactory
     ## 该配置项可能没有,手动加一下
     ## 这一部分内容根据当前情况修改, -javaagent:/var/opt/jfrog/artifactory/ArtifactoryAgent.jar
     extraJavaOpts: "-Xms512m -Xmx2g -javaagent:/var/opt/jfrog/artifactory/ArtifactoryAgent.jar"
 router:
     entrypoints:
     	# 默认为8082,这里我修改为8072
         externalPort: 8072
 ## 这里修改默认端口,对应上面完成./config.sh操作之后,会生成docker-compose.yaml文件,其中就有端口的映射配置,默认为8081,我修改为8071:8071
 ## 冒号后面的端口,就对应这里 artifactory.port
 artifactory:
     port: 8071

HTTPS 配置

证书生成参考 Fishdrowned/ssl: Self-signed Wildcard SSL Certificate Generator (github.com)

具体步骤参考 https://www.cnblogs.com/eagle6688/p/17375559.html

###########################################################
## this configuration was generated by JFrog Artifactory ##
###########################################################

## server configuration
#server {
#    listen 80;
#    server_name artifactory.jiahe.com;
#    rewrite ^(.*)$ https://${server_name}$1 permanent;
#}

server {
    listen 80;
    listen 443 ssl;

    server_name artifactory.jiahe.com;

    if ($http_x_forwarded_proto = '') {
        set $http_x_forwarded_proto  $scheme;
    }

    ## add ssl entries when https has been set in config
    ssl_certificate /etc/nginx/conf.d/ssl/out/jiahe.com/jiahe.com.crt; # 证书路径根据上面生成的来定
    ssl_certificate_key /etc/nginx/conf.d/ssl/out/jiahe.com/jiahe.com.key.pem;
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    ## Application specific logs
    access_log  /var/log/nginx/artifactory_access.log;
    error_log   /var/log/nginx/artifactory_error.log;
    ## access_log /var/log/nginx/artifactory.jiahe.com-access.log timing;
    ## error_log /var/log/nginx/artifactory.jiahe.com-error.log;

    rewrite ^/$ /ui/ redirect;
    rewrite ^/ui$ /ui/ redirect;
    chunked_transfer_encoding on;
    client_max_body_size 0;

    location / {
        proxy_read_timeout  2400s;
        proxy_pass_header   Server;
        proxy_cookie_path   ~*^/.* /;
        proxy_buffer_size 128k;
        proxy_buffers 40 128k;
        proxy_busy_buffers_size 128k;
        location ~ ^/artifactory/ {
            # 这里的端口对应上面 artifactory.port
            proxy_pass    http://localhost:8071;
        }
        proxy_pass          http://localhost:8072;
        proxy_set_header    X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
        proxy_set_header    X-Forwarded-Port  $server_port;
        proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
        proxy_set_header    Host              $http_host;
        proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Strict-Transport-Security always;

    }
}

Maven 仓库配置

仓库与配置 https://www.cnblogs.com/eagle6688/p/17224573.html

Settings 参考 https://www.cnblogs.com/eagle6688/p/17389594.html

阿里云仓库服务 https://developer.aliyun.com/mvn/guide

<?xml version="1.0" encoding="UTF-8"?>
<settings xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 http://maven.apache.org/xsd/settings-1.2.0.xsd" xmlns="http://maven.apache.org/SETTINGS/1.2.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

    <localRepository>D:\repository</localRepository>

    <servers>
        <server>
            <username>admin</username>
            <password>cmVmdGtuOjAxOjE3NDcwMTg4ODE6SmNRY0pneUZYYmM3WThwZTNDNndpWG9xNXhv</password>
            <id>central</id>
        </server>
        <server>
            <username>admin</username>
            <password>cmVmdGtuOjAxOjE3NDcwMTg4ODE6SmNRY0pneUZYYmM3WThwZTNDNndpWG9xNXhv</password>
            <id>snapshots</id>
        </server>
    </servers>
    <!--<mirrors>
        <mirror>
            <id>central</id>
            <mirrorOf>*</mirrorOf>
            <name>libs-release</name>
            <url>https://artifactory.jiahe.com/artifactory/libs-release</url>
        </mirror>
    </mirrors>-->
    <profiles>
        <profile>
            <repositories>
                <repository>
                    <snapshots>
                        <enabled>false</enabled>
                    </snapshots>
                    <id>central</id>
                    <name>libs-release</name>
                    <url>https://artifactory.jiahe.com/artifactory/libs-release</url>
                </repository>
                <repository>
                    <snapshots />
                    <id>snapshots</id>
                    <name>libs-snapshot</name>
                    <url>https://artifactory.jiahe.com/artifactory/libs-snapshot</url>
                </repository>
            </repositories>
            <pluginRepositories>
                <pluginRepository>
                    <snapshots>
                        <enabled>false</enabled>
                    </snapshots>
                    <id>central</id>
                    <name>libs-release</name>
                    <url>https://artifactory.jiahe.com/artifactory/libs-release</url>
                </pluginRepository>
                <pluginRepository>
                    <snapshots />
                    <id>snapshots</id>
                    <name>libs-snapshot</name>
                    <url>https://artifactory.jiahe.com/artifactory/libs-snapshot</url>
                </pluginRepository>
            </pluginRepositories>
            <id>artifactory</id>
        </profile>
    </profiles>
    <activeProfiles>
        <activeProfile>artifactory</activeProfile>
    </activeProfiles>
</settings>

https 访问注意事项

如果是通过 https 访问的,则需要将上面创建的证书 root.crt 导入到开发环境中使用的 jdk 中。比如我本地 idea 使用的 OracleJdk8

# alias 可以自定义
# -file 后面跟上的就是https配置中提到的证书生成,最终会生成一个根证书root.crt
keytool -import -alias artifactory -keystore $JAVA_HOME/jre/lib/security/cacerts -file root.crt

可以参考以下 https://www.boris1993.com/maven-unable-to-find-valid-certification-path-to-requested-target.html