-
Notifications
You must be signed in to change notification settings - Fork 8
Artifactory in the Office setup
We use Artifactory as a local repository and cache for Jar files and Docker images.
This pages describes the installation and configuration of Artifactory. For details on how to use the repository see Using Docker in the Office and Using Artifactory in the Office.
In the office we use a full Pro version license. On remote servers, such as repo.tooltwist.com we use the open source version, which only supports Jar files.
We run Artifactory on the Macmini officerepo.local.
The default instructions are at http://www.jfrog.com/confluence/display/RTF/Docker+Repositories, but I found this rather confusing as some of the information is out of order.
Our configuration is rather complicated:
-
Docker uses a hostname for repos, but won't accept the context path (e.g. /artifactory/api), so we need to use nginx on the server to convert https://officerepo to http://officerepo:8091/artifactory/api/twist-docker-local.
-
We're using self-signed certificates on the Macmini, which Docker doesn't like unless it is invoked with the
--insecure-registryoption. Since we're running Docker inside boot2docker on the Desktop machines, we need to log into the boot2docker VM and update the docker startup options. -
We need to set up user credentials for Docker to access the repo on officerepo.local.
This configuration won't work with older versions of Docker or nginx. Minimum requirements:
Docker 1.3.1
nginx 1.3.9
Check the version of Docker included in your boot2docker.
This is a standard Artifactory Pro install, and adding repo twist-docker-local as a Docker repo with default options.
I followed the instructions at http://kevinworthington.com/nginx-for-mac-os-x-mountain-lion-in-2-minutes/, but note I used pcre-8.34 (8.31 wasn’t found) and nginx-1.3.9.
I added this section to /usr/local/conf/nginx.conf, to convert the Docker URL to the appropriate Artifactory URL:
#
# Config for artifactory
# See http://www.jfrog.com/confluence/display/RTF/Docker+Repositories
#
server {
listen 443;
server_name officerepo.local;
# Self signed certificates
# See https://github.com/Varying-Vagrant-Vagrants/VVV/wiki/Site-specific-self-signed-SSL-certificates
ssl on;
ssl_certificate /usr/local/conf/ssl/officerepo.local.cert;
ssl_certificate_key /usr/local/conf/ssl/officerepo.local.key;
access_log logs/nginx.twist-docker.access.log;
error_log logs/nginx.twist-docker.error.log;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Original-URI $request_uri;
proxy_read_timeout 900;
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
chunked_transfer_encoding on;
location / {
proxy_pass http://localhost:8081/artifactory/api/docker/twist-docker-local/;
}
}
Notice that log files are at /usr/local/logs. e.g.
tail -f /usr/local/logs/nginx.twist-docker.access.log
Install self-signed certificates on the server. See https://github.com/Varying-Vagrant-Vagrants/VVV/wiki/Site-specific-self-signed-SSL-certificates, but ignore Step 2 where nginx.conf is updated. Use officerepo.local instead of example.com. Place the generated files in /usr/local/conf/ssl/officerepo.local.key and /usr/local/conf/ssl/officerepo.local.crt, owned by user artifactory.
If you haven't already, set up Docker on your desktop according to Using Docker in the Office.
The Docker api is at http://repo.local:8081/artifactory/api/docker/twist-docker-local/...
Artifactory/Docker: http://www.jfrog.com/confluence/display/RTF/Docker+Repositories
Boot2docker and insecure repos (like ours): Insecure login: https://github.com/boot2docker/boot2docker#insecure-registry
To debug the docker daemon, log on to the boot2docker VM using boot2docker ssh, shut down the daemon using kill -15 <pid>, and start the daemon in the foreground with sudo docker -D -d --insecure-registry officerepo.local.