Skip to content
Permalink
Browse files
Changing some docs for archiva 2.2.3
  • Loading branch information
effrafax authored and Martin Stockhammer committed Aug 28, 2017
1 parent a43d980 commit 1d3714453a5bec5c0a68e6ab1bc724f31445f265
Showing 6 changed files with 133 additions and 146 deletions.
@@ -31,7 +31,9 @@ Configuration Files of Apache Archiva

* <<<archiva.xml>>> - this is the primary Archiva configuration file

* <<<security.properties>>> - this configures the security as described in the {{{./security.html} security configuration documentation}}
* <<<security.properties>>> - This file, if it exists, is only read once to populate the
Redback Runtime Configuration properties (see {{{./redback-runtime-configuration.html#Runtime_Properties}Redback Runtime Configuration}},
stored in <<<archiva.xml>>>. The file will be ignored after this.

This section will focus on the <<<archiva.xml>>> file.

@@ -27,66 +27,24 @@

Archiva Security Configuration

Security properties and password rules can be configured in the
<<<security.properties>>> file, which by default is searched for in:
Security properties and password rules are configured now in the Redback Runtime Configuration
properties (see {{{./redback-runtime-configuration.html#Runtime_properties}Redback Runtime Configuration}}).

* <<<~/.m2/security.properties>>>
* <<<conf/security.properties>>> in the Archiva installation
The Redback Runtime Configuration properties are stored in <<<archiva.xml>>>.
The former <<<security.properties>>> file, if it exists, is only used once for populating the
Runtime Configuration settings. After that, this file will be ignored.

[]

(In the above list, <<<~>>> is the home directory of the user who is running
Archiva.)

~~TODO: Link to plexus-redback documentation when available

Following are some of the properties you can modify. For a complete list,
consult the default properties file in Redback's svn repo:
These are the default properties. The file can be found in in Redback's svn repo:
{{{http://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk/redback-configuration/src/main/resources/org/apache/archiva/redback/config-defaults.properties}
config-defaults.properties}}

+-----+
# Security Policies
# -----------------
#security.policy.password.encoder=
security.policy.password.previous.count=6
security.policy.password.expiration.days=90
security.policy.password.expiration.enabled=true
security.policy.allowed.login.attempt=3

# Password Rules
# --------------
security.policy.password.rule.alphanumeric.enabled=false
security.policy.password.rule.alphacount.enabled=true
security.policy.password.rule.alphacount.minimum=1
security.policy.password.rule.characterlength.enabled=true
security.policy.password.rule.characterlength.minimum=1
security.policy.password.rule.characterlength.maximum=8
security.policy.password.rule.musthave.enabled=true
security.policy.password.rule.numericalcount.enabled=true
security.policy.password.rule.numericalcount.minimum=1
security.policy.password.rule.reuse.enabled=true
security.policy.password.rule.nowhitespace.enabled=true

# Cross Site Request Forgery (CSRF) Prevention
# --------------------------------------------
# Enable/Disable CSRF filtering.
# Possible values: true, false
rest.csrffilter.enabled=true
# Base URL used to verify the origin headers of the requests. If not set or empty
# it tries to determine the base url automatically
rest.baseUrl=
# What to do, if the request contains no Origin or Referer header.
# If true, requests without Origin or Referer Header are denied, otherwise accepted.
# Possible values: true, false
rest.csrffilter.absentorigin.deny=true
# Enable/Disable the token validation only.
# If true, the validation of the CSRF tokens will be disabled.
# Possible values: true, false
rest.csrffilter.disableTokenValidation=false
+-----+

%{snippet|ignoreDownloadError=true|url=https://raw.githubusercontent.com/apache/archiva-redback-core/master/redback-configuration/src/main/resources/org/apache/archiva/redback/config-defaults.properties}

<<Note:>> If installed standalone, Archiva's list of configuration files is <itself> configurable, and
can be found in:
<<<apps/archiva/WEB-INF/applicationContext.xml>>>
@@ -29,7 +29,7 @@ Apache Archiva Redback Runtime Configuration

* Apache Redback User Manager/RbacManager Implementations

Since 1.4-M4, you can choose to switch dynamically
You can choose to switch dynamically

* User Manager Implementations (from Database and/or LDAP).

@@ -49,7 +49,7 @@ Apache Archiva Redback Runtime Configuration

* LDAP Group-Roles mapping

Since 1.4-M4, you can map dynamically LDAP Group to Archiva Roles
You can map dynamically LDAP Group to Archiva Roles

[../images/ldap-group-roles-mapping.png]

@@ -42,56 +42,58 @@ Understanding Repository Configuration of Apache Archiva

Managed repository fields:

* <<identifier>> - the id of the repository. This must be unique.

* <<name>> - the name of the repository.

* <<directory>> - the location of the repository. If the path specified does not
exist, Archiva will create the missing directories.

* <<index directory>> - the location of the index files generated by Archiva. If
no location is specified, then the index directory (named <<<.indexer>>>)
will be created at the root of the repository directory.
This directory contains the packaged/bundled index which is consumed by different consumers of the index such as M2Eclipse.

* <<type>> - the repository layout (maven 2 or maven 1)

* <<cron>> - the
{{{http://quartz-scheduler.org/api/2.1.5/org/quartz/CronTrigger.html}cron schedule}} when
repository scanning will be executed.

* <<repository purge by days older>> - the first option for repository purge.
Archiva will check how old the artifact is and if it is older than the set
number of days in this field, then the artifact will be deleted respecting
the retention count of course. In order to disable the purge by
number of days old and set Archiva to purge by retention count, just set the
repository purge field to 0. The maximum number of days which can be set
here is 1000. See the Repository Purge section below for more details.
~~ above was:the retention count (see #7) of course no idea what is was linkeed to

* <<repository purge by retention count>> - the second option for repository
purge. When running the repository purge, Archiva will retain only the
number of artifacts set for this field for a specific snapshot version. See
the Repository Purge section below for more details.

* <<releases included>> - specifies whether there are released artifacts in the
repository.

* <<block re-deployment of released artifacts>> - specifies whether released
artifacts that are already existing in the repository can be overwritten.
Note that this only take effects for non-snapshot deployments.

* <<snapshots included>> - specifies whether there are snapshot artifacts in the
repository.

* <<scannable>> - specifies whether the repository can be scanned, meaning it is
a local repository which can be indexed, browsed, purged, etc.

* <<delete released snapshots>> - specifies whether to remove those snapshot
artifacts which already has release versions of it in the repository during
repository purge.

* << Skip Packed Index creation >> - avoid creation of compressed index for IDE usage.
*----------------------+----------------------------------------------------------------------------------+
| <<Id>> | The identifier of the repository. This must be unique.
*----------------------+----------------------------------------------------------------------------------+
| <<Name>> | The name of the repository. This is the display name.
*----------------------+----------------------------------------------------------------------------------+
| <<Directory>> | The location of the repository. If the path specified does not
| | exist, Archiva will create the missing directories.
*----------------------+----------------------------------------------------------------------------------+
| <<Index Directory>> | The location of the index files generated by Archiva. If
| | no location is specified, then the index directory (named <<<.indexer>>>)
| | will be created at the root of the repository directory.
| | This directory contains the packaged/bundled index which is consumed by different
| | consumers of the index such as M2Eclipse.
*----------------------+----------------------------------------------------------------------------------+
| <<Type>> | The repository layout (maven 2 or maven 1)
*----------------------+----------------------------------------------------------------------------------+
| <<Cron Expression>> | The
| | {{{http://www.quartz-scheduler.org/documentation/quartz-2.x/tutorials/crontrigger.html}cron schedule}}
| | when repository scanning will be executed.
*----------------------+----------------------------------------------------------------------------------+
| <<Days Older>> | The first option for repository purge.
| | Archiva will check how old the artifact is and if it is older than the set
| | number of days in this field, then the artifact will be deleted respecting
| | the retention count of course. In order to disable the purge by
| | number of days old and set Archiva to purge by retention count, just set the
| | repository purge field to 0. The maximum number of days which can be set
| | here is 1000. See the Repository Purge section below for more details.
*----------------------+----------------------------------------------------------------------------------+
| <<Retention Count>> | The second option for repository purge. When running the repository purge,
| | Archiva will retain only the number of artifacts set for this field for a
| | specific snapshot version. See the Repository Purge section below for more details.
*----------------------+----------------------------------------------------------------------------------+
| <<Description>> | Additional information about the repository.
*----------------------+----------------------------------------------------------------------------------+
| <<Releases>> | Specifies whether there are released artifacts in the repository.
*----------------------+----------------------------------------------------------------------------------+
| <<Snapshots>> | Specifies whether there are snapshot artifacts in the repository.
*----------------------+----------------------------------------------------------------------------------+
| <<Block Redeployments>> | Specifies whether released artifacts that are already existing in the
| | repository can be overwritten. Note that this only take effects for non-snapshot
| | deployments.
*----------------------+----------------------------------------------------------------------------------+
| <<Scanned>> | Specifies whether the repository can be scanned, meaning it is a local repository
| | which should be indexed, purged, etc.
*----------------------+----------------------------------------------------------------------------------+
| <<Delete Released Snapshots>> | Specifies whether to remove those snapshot artifacts which already has
| | release versions of it in the repository during repository purge.
*----------------------+----------------------------------------------------------------------------------+
| <<Staging Repository>>| Automatic creation of a stage repository for this local repository.
*----------------------+----------------------------------------------------------------------------------+
|<< Skip Packed Index Creation>> | Avoid creation of compressed index for IDE usage.
*----------------------+----------------------------------------------------------------------------------+

[]

@@ -119,46 +121,57 @@ http://[URL TO ARCHIVA]/repository/[REPOSITORY ID] (e.g. http://localhost:8080/r

Remote repository fields:

* <<identifier>> - the id of the remote repository.

* <<name>> - the name of the remote repository.

* <<url>> - the url of the remote repository. It is also possible to use a
'file://' url to proxy a local repository. Be careful that if this local
repository is a managed repository of archiva which has some proxies
connectors, those ones won't be triggered.

* <<username>> - the username (if authentication is needed) to be used to access
the repository.

* <<password>> - the password (if authentication is needed) to be used to access
the repository.

* <<type>> - the layout (maven 2 or maven 1) of the remote repository.

* <<Activate download remote index>> - to activate downloading remote index to
add available remote artifacts in search queries.

* <<Remote index url, can be relative to url>> - path of the remote index
directory.

* <<Cron expression>> - cron expression for downloading remote index (default
weekly on sunday)

* <<Directory index storage>> - path to store index directory, default will be
$\{appserver.base\}/data/remotes/$\{repositoryId\}/.indexer

* <<Download Remote Index Timeout in seconds>> - read time out for downloading
remote index files (default 300)

* <<Network Proxy to Use for download Remote Index>> - proxy to use for
downloading remote index files.

* <<Download Remote Index on Startup>> - will download remote index on Archiva startup.

* <<Additionnal url parameters>> - key/value pairs to add to url when querying remote repository.

* <<Additionnal Http Headers>> - key/value pairs to add as http headers when querying remote repository.
*----------------------+----------------------------------------------------------------------------------+
| <<Id>> | The identifier of the remote repository. |
*----------------------+----------------------------------------------------------------------------------+
| <<Name>> | The name of the remote repository. |
*----------------------+----------------------------------------------------------------------------------+
| <<Url>> | The url of the remote repository. It is also possible to use a
| | 'file://' url to proxy a local repository. Be careful that if this local
| | repository is a managed repository of archiva which has some proxies
| | connectors, those ones won't be triggered. |
*----------------------+----------------------------------------------------------------------------------+
| <<Username>> | The username (if authentication is needed) to be used to access
| | the repository.
*----------------------+----------------------------------------------------------------------------------+
| <<Password>> | The password (if authentication is needed) to be used to access
| | the repository.
*----------------------+----------------------------------------------------------------------------------+
| <<Download Timeout>> | The time in seconds after which a download from the remote repository is stopped.
*----------------------+----------------------------------------------------------------------------------+
| <<Type>> | The layout (maven 2 or maven 1) of the remote repository.
*----------------------+----------------------------------------------------------------------------------+
| <<Download Remote Index>> | To activate downloading remote index to
| | add available remote artifacts in search queries.
*----------------------+----------------------------------------------------------------------------------+
| <<Remote Index Url>> | Can be relative to Url - path of the remote index
| | directory.
*----------------------+----------------------------------------------------------------------------------+
| <<Cron expression>> | Cron expression for downloading remote index (default
| | weekly on sunday)
*----------------------+----------------------------------------------------------------------------------+
| <<Index Directory>> | Path to store index directory, default will be
| | $\{appserver.base\}/data/remotes/$\{repositoryId\}/.indexer
*----------------------+----------------------------------------------------------------------------------+
| <<Download Remote Index Timeout>> | Time in seconds, after which download of remote index files will be
| | stopped (default 300).
*----------------------+----------------------------------------------------------------------------------+
| <<Proxy for Remote Download Index>> | Proxy to use for downloading remote index files.
*----------------------+----------------------------------------------------------------------------------+
| <<Download Remote Index on Startup>> | If selected, the remote index will be downloaded on Archiva
| | startup.
*----------------------+----------------------------------------------------------------------------------+
| <<Description>> | Can be used to store additional information about the repository.
*----------------------+----------------------------------------------------------------------------------+
| <<Connection Check Path>> | If set, the connection to the remote repository is checked by validating the
| | existence of the given file / artifact. Some repositories do not allow to browse
| | the base directory and the standard check may fail. The path is relative to the
| | repository Url.
*----------------------+----------------------------------------------------------------------------------+
| <<Additionnal Url Parameters>> | Key/Value pairs to add to url when querying remote repository.
*----------------------+----------------------------------------------------------------------------------+
| <<Additionnal Http Headers>> | Key/Value pairs to add as http headers when querying remote repository.
*----------------------+----------------------------------------------------------------------------------+

[]

@@ -48,11 +48,16 @@ Release Notes for Archiva ${project.version}
and Referer header of the HTTP requests and adding an validation token to the Header.
This prevents requests from malicious sites if they are open in the same browser. If you use
the REST services from other clients you may change the behaviour with the new
configuration properties for the redback security (rest.csrffilter.*, rest.baseUrl).
configuration properties for the redback security (<<<rest.csrffilter.*>>>, <<<rest.baseUrl>>>).
For more information see {{{./adminguide/customising-security.html}Archiva Security Configuration}} and
the {{{/redback/integration/rest.html}Redback REST documentation }}
the {{{/redback/integration/rest.html}Redback REST documentation }}.

* Archiva uses redback for authentication and authorization in version 2.5
<<Note:>> If your archiva installation is behind a reverse proxy or load balancer, it may be possible
that the Archiva Web UI does not load after the upgrade. If this is the case you may access the WebUI
via localhost or edit archiva.xml manually. In the "Redback Runtime Configuration" properties you have to
enter the base URLs of your archiva installation to the <<<rest.baseUrl>>> field.

* Archiva uses redback for authentication and authorization in version 2.6

* Release Notes

@@ -70,6 +70,15 @@ pre.commandline {
color: gray;
}

img {
border-style: solid ;
border-width: 1px;
border-color: #ddd;
padding: 5px;
margin-top: 10px;
border-radius: 5px;
}

pre.commandline .input {
color: #55f;
}

0 comments on commit 1d37144

Please sign in to comment.