Enable TLS in JFrog Pipelines

JFrog Installation & Setup Documentation
Content Type
Installation & Setup

Perform the following steps to enable TLS in JFrog Pipelines:

  1. Copy the ca.crt file from your Artifactory server, available at $JFROG_HOME/artifactory/var/etc/access/keys.

  2. Run the following command to recursively create relevant directories for Pipelines:

    mkdir -p /opt/jfrog/pipelines/var/etc/security/keys/trusted.

  3. Paste the root.crt file to $JFROG_HOME/opt/jfrog/pipelines/var/etc/security/keys/trusted.

  4. Paste the ca.crt file to the pipelines trusted folder, $JFROG_HOME/pipelines/var/etc/security/keys/trusted ,copied from $JFROG_HOME/artifactory/var/etc/access/keys.

  5. Install Pipelines and ensure that https is used for all the URLs:

    sudo pipelines install \
    --base-url-ui https://<jfrog-url> \
    --base-url https://<jfrog-url> \
    --artifactory-joinkey <join-key> \
    --installer-ip <new-instance-ip> \
    --api-url https://<external-ip>:8082/pipelines/api \
    --www-url https://<external-ip>:30001 \
    --rabbitmq-url amqp://<external-ip>:30200

    Note

    For information about installing Pipelines, see Installing Pipelines.

Note

Repeat the above steps on all the nodes where Pipelines is installed.

After all additional nodes have been installed with an identical version of Pipelines, the load balancer must be configured to distribute requests made through a common base URI.

The load balancer can also be set up with custom certificates. In this case, those certificates in the crt format should be loaded to $JFROG_HOME/pipelines/var/etc/security/keys/trusted.

In addition, www-url must be behind the load balancer to ensure that the web-sockets work.