Install the following prerequisites independently of the Xray archive installation. Make sure to install them before starting your Xray service.
PostgreSQL
db-util
Erlang
For more information, see Third Party Applications for Xray.
Before you proceed with the installation, review the system requirements.
Complete the following steps to install the product.
Extract the contents of the compressed archive and move it into xray directory.
PostgreSQL is required and must be installed before continuing with the next installation steps.
Set your PostgreSQL connection details in the Shared Configurations section of the
$JFROG_HOME/xray/var/etc/system.yaml
file.Start PostgreSQL.
Customize the product configuration.
Set the Artifactory connection details.
Customize the PostgreSQL Database connection details. (optional)
Set any additional configurations (for example: ports, node id) using the Xray System YAML Configuration File.
Warning
Verify that a large file handle limitis specified before you start Xray.
Start and manage the Xray service as the user who extracted the tar.
As a daemon process
To start the process: xray/app/bin/xray.sh start To manage the process: xray/app/bin/xray.sh start|stop|status|restart
As a service
Xray is packaged as an archive file and you can use the install script to install it as a service running under a custom user. Currently supported on Linux systems.
OS User Permissions
When running Xray as a service, the installation script creates a user called
xray
(by default)which must have run and execute permissions on the installation directory.It is recommended to extract the Xray download file into a directory that gives run and execute permissions to all users such as
/opt
.To install Xray as a service, execute the following command as root.
xray/app/bin/installService.sh --user <enter user, default value is xray> --group <enter group, default value is xray> -u | --user : [optional] (default: xray) user which will be used to run the product, it will be created if its unavailable -g | --group : [optional] (default: xray) group which will be used to run the product, it will be created if its unavailable
Note
User and group can be passed through
xray/var/etc/system.yaml
asshared.user
andshared.group
. This takes precedence over values passed through command line on install.The user and group is stored in
xray/var/etc/system.yaml
at the end of installation.To manage the service, use
systemd
orinit.d
commands depending on your system.Using systemd
systemctl <start|stop|status> xray.service
Using init.d
service xray <start|stop|status>
Access Xray from your browser at:
http://<jfrogUrl>/ui/:port
.Go to the Xray Security & Compliance tab in the Administration module in the UI.
Check Xray Log.
tail -f xray/var/log/console.log
Configure log rotation of the console log
The
console.log
file can grow quickly since all services write to it. For more information, see configure the log rotation.
Third Party Applications for Xray
Ensure that you install the third party application for Xray before run the Xray service.
PostgreSQL for Xray
Using Microsoft Azure PostgreSQL
Some managed databases, such as Azure, have a different username for accessing the database than the actual one inside the database. For Azure-managed PostgreSQL, the username
will be, for example xray@mycompany
and the actualUsername
will be xray
. For more information, see Xray System YAML.
Prior to Xray version 3.30
If you install an Xray version prior to 3.30, do not use a password for PostgreSQL that has special characters.Xray may not work if you configure a password that has special characters, such as~ = # @ $ /
.
PostgreSQL RPM Installation
Install PostgreSQL.
# Run the following commands from the extracted jfrog-xray-<version>-rpm directory. # Note : Use PostgreSQL rpms with el7 when installing on RHEL 7, el8 with CentOS 7 and RHEL8, and el9 with RHEL 9 mkdir -p /var/opt/postgres/data # For RHEL 7 and CentOS 87 rpm -ivh --replacepkgs ./third-party/postgresql/libicu-50.2-4.el7_7.x86_64.rpm (only AWS instance) rpm -ivh --replacepkgs ./third-party/postgresql/postgresql13-libs-13.10-1PGDG.rhel7.x86_64.rpm rpm -ivh --replacepkgs ./third-party/postgresql/postgresql13-13.10-1PGDG.rhel7.x86_64.rpm rpm -ivh --replacepkgs ./third-party/postgresql/postgresql13-server-13.10-1PGDG.rhel7.x86_64.rpm # For RHEL 8 rpm -ivh --replacepkgs ./third-party/postgresql/libicu-60.3-2.el8_1.x86_64.rpm (only AWS instance) rpm -ivh --replacepkgs ./third-party/postgresql/postgresql13-libs-13.10-1PGDG.rhel8.x86_64.rpm rpm -ivh --replacepkgs ./third-party/postgresql/postgresql13-13.10-1PGDG.rhel8.x86_64.rpm rpm -ivh --replacepkgs ./third-party/postgresql/postgresql13-server-13.10-1PGDG.rhel8.x86_64.rpm # For RHEL 9 rpm -ivh --replacepkgs ./third-party/postgresql/libicu-67.1-9.el9.x86_64.rpm (only AWS instance) rpm -ivh --replacepkgs ./third-party/postgresql/postgresql13-libs-13.10-1PGDG.rhel9.x86_64.rpm rpm -ivh --replacepkgs ./third-party/postgresql/postgresql13-13.10-1PGDG.rhel9.x86_64.rpm rpm -ivh --replacepkgs ./third-party/postgresql/postgresql13-server-13.10-1PGDG.rhel9.x86_64.rpm chown -R postgres:postgres /var/opt/postgres export PGDATA="/var/opt/postgres/data" export PGSETUP_INITDB_OPTIONS="-D /var/opt/postgres/data" # For CentOS 7 / RHEL 7,8,9 sed -i "s~^Environment=PGDATA=.*~Environment=PGDATA=/var/opt/postgres/data~" /lib/systemd/system/postgresql-13.service systemctl daemon-reload /usr/pgsql-13/bin/postgresql-13-setup initdb Replace "ident" and "peer" with "trust" in postgres hba configuration file, /var/opt/postgres/data/pg_hba.conf. This configuration is for creating the initial users and database, once this is done, change "trust" to md5 in pg_hba.conf and restart PostgreSQL.
Configure PostgreSQL to allow external IP connections.
By default PostgreSQL only allows localhost clients communications. To enable different IPs to communicate with the database you will need to configure the pg_hba.conf file.
File location according to installation Docker-compose:
$JFROG_HOME/xray/var/data/postgres/data
Native installations:
/var/opt/postgres/data
To grant all IPs access add the following entry under the IPv4 local connections section.
host all all 0.0.0.0/0 md5
Add the following entries to
/var/opt/postgres/data
/postgresql.conf.listen_addresses='*' port=5432
Start PostgreSQL.
systemctl start postgresql-<version>.service or service postgresql-<version> start
Setup the database and user.
## run the script to seed the tables and schemas needed by Xray cp -f ./third-party/postgresql/createPostgresUsers.sh /tmp source /etc/locale.conf cd /tmp && su postgres -c "POSTGRES_PATH=/usr/pgsql-13/bin PGPASSWORD=postgres DB_PASSWORD=password bash /tmp/createPostgresUsers.sh"
PostgreSQL Debian Installation
Ensure your apt-get
libraries are up-to-date, using the following commands.
apt-get update apt-get install -f -y apt-get update
Install any missing dependencies
Create the file repository configuration to pull PostgreSQL dependencies.
# Create the file repository configuration to pull postgresql dependencies cp -f /etc/apt/sources.list /etc/apt/sources.list.origfile sh -c 'echo "deb http://ftp.de.debian.org/debian/ $(lsb_release -cs) main non-free contrib" >> /etc/apt/sources.list' sh -c 'echo "deb-src http://ftp.de.debian.org/debian/ $(lsb_release -cs) main non-free contrib" >> /etc/apt/sources.list' cp -f /etc/apt/sources.list.d/pgdg.list /etc/apt/sources.list.d/pgdg.list.origfile sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" >> /etc/apt/sources.list.d/pgdg.list' sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ precise-pgdg main" >> /etc/apt/sources.list.d/pgdg.list' wget --no-check-certificate --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
Install PostgreSQL.
Run the following commands from the extracted jfrog-xray-<version>-deb directory.
mkdir -p /var/opt/postgres/data
Ubuntu 22.04 (jammy)
dpkg -i ./third-party/postgresql/postgresql-13_13.10-1.pgdg22.04+1_amd64.deb
Ubuntu 20.04 (focal)
dpkg -i ./third-party/postgresql/postgresql-13_13.10-1.pgdg20.04+1_amd64.deb
Ubuntu 18.04 (bionic)
dpkg -i ./third-party/postgresql/postgresql-13_13.10-1.pgdg18.04+1_amd64.deb
Debian 10 (buster)
apt update -y apt-get install wget sudo -y apt-get install -y gnupg gnupg1 gnupg2 dpkg -i ./third-party/postgresql/postgresql-13_13.10-1.pgdg100+1_amd64.deb
Debian 11 (bullseye)
apt update -y apt-get install wget sudo -y apt-get install -y gnupg gnupg1 gnupg2 dpkg -i ./third-party/postgresql/postgresql-13_13.10-1.pgdg110+1_amd64.deb
Stop the PostgreSQL service.
systemctl stop postgresql.service
Change permissions for the postgres folder.
chown -R postgres:postgres /var/opt/postgres sed -i "s~^data_directory =.*~data_directory = '/var/opt/postgres/data'~" "/etc/postgresql/13/main/postgresql.conf" sed -i "s~^hba_file =.*~hba_file = '/var/opt/postgres/data/pg_hba.conf'~" "/etc/postgresql/13/main/postgresql.conf" sed -i "s~^ident_file =.*~ident_file = '/var/opt/postgres/data/pg_ident.conf'~" "/etc/postgresql/13/main/postgresql.conf" su postgres -c "/usr/lib/postgresql/13/bin/initdb --pgdata=/var/opt/postgres/data"
Configure PostgreSQL to allow external IP connections.
By default PostgreSQL will only allow localhost clients communications. To enable different IPs to communicate with the database you will need to configure the pg_hba.conf file.
File location according to installation Docker-compose:
$JFROG_HOME/xray/var/data/postgres/data
Native installations:
/var/opt/postgres/data
To grant all IPs access add the following entry under the IPv4 local connections section.
host all all 0.0.0.0/0 md5
Add the following entries to /etc/postgresql/13/main/postgresql.conf
listen_addresses='*' port=5432
Start PostgreSQL
systemctl start postgresql-<version>.service or service postgresql-<version> start
Set up the database and user.
## run the script to seed the tables and schemas needed by Xray cp -f ./third-party/postgresql/createPostgresUsers.sh /tmp source /etc/locale.conf cd /tmp && su postgres -c "POSTGRES_PATH=/usr/pgsql-13/bin PGPASSWORD=postgres DB_PASSWORD=password bash /tmp/createPostgresUsers.sh"
Put back the original pgdg.list.
mv /etc/apt/sources.list.d/pgdg.list /etc/apt/sources.list.d/pgdg.list.tmp && cp -f /etc/apt/sources.list.d/pgdg.list.origfile /etc/apt/sources.list.d/pgdg.list
Remove backup files.
rm -f /etc/apt/sources.list.d/pgdg.list.tmp rm -f /etc/apt/sources.list.d/pgdg.list.origfile
Put back the original sources.list.
mv /etc/apt/sources.list /etc/apt/sources.list.tmp && cp -f /etc/apt/sources.list.origfile /etc/apt/sources.list
Remove the backup files.
rm -f /etc/apt/sources.list.tmp && rm -f /etc/apt/sources.list.origfile
PostgreSQL Linux Archive Installation
PostgreSQL binaries are no longer bundled with Linux archive installer. You need to install PostgreSQL manually.
Create the PostgreSQL database.
<pgsql bin path>/psql template1 <postgres prompt>: CREATE DATABASE <user_name>; <postgres prompt>: \q
Run the script, xray/app/third-party/postgresql/createPostgresUsers.sh
, to seed the PostgreSQL database.
POSTGRES_PATH=<pgsql bin path> xray/app/third-party/postgresql/createPostgresUsers.sh
Xray PostgreSQL Upgrade
Xray 3.x supports PostgreSQL versions 10, 11, 12, 13, 14, and 15.
To learn about the process and requirements for upgrading PostgreSQL 9.x, see JFrog Xray PostgreSQL Upgrade - PostgreSQL 9.x EoS.
PostgreSQL Performance Improvements
We recommend that you increase the maximum connections setting in the PostgreSQL configuration file.
Open the $JFROG_HOME/xray/var/lib/pgsql/data/postgresql.conf
configuration file, and add or edit the max_connections
property.
Restart the database to enable this change.
Erlang for Xray
Erlang RPM Installation
Use RPMs with el7 when installing on Centos 7 and RHEL 7, and el8 with CentOS 8 and RHEL8
rpm -ivh --replacepkgs xray/app/third-party/rabbitmq/socat-<version>.rpm rpm -ivh --replacepkgs xray/app/third-party/rabbitmq/erlang-<version>.rpm
Erlang Debian Installation
We recommend that you ensure that the apt-get libraries are up to date, using the following commands.
apt-get update apt-get install -f -y apt-get update
ubuntu 16.04 (xenial)
dpkg -i xray/app/third-party/rabbitmq/libss<version>.deb dpkg -i xray/app/third-party/rabbitmq/socat_<version>.deb dpkg -i xray/app/third-party/rabbitmq/esl-erlang_<version>.deb
ubuntu 18.04 (bionic)
dpkg -i xray/app/third-party/rabbitmq/socat_<version>.deb dpkg -i xray/app/third-party/rabbitmq/esl-erlang_<version>.deb
Debian 8 (jessie)
# Before installing Erlang dependencies mv /etc/apt/sources.list.d/backports.list /etc/apt >/dev/null apt-get update dpkg -i xray/app/third-party/rabbitmq/libss<version>.deb dpkg -i xray/app/third-party/rabbitmq/socat_<version>.deb dpkg -i xray/app/third-party/rabbitmq/esl-erlang_<version>.deb # After installing Erlang dependencies mv /etc/apt/backports.list /etc/apt/sources.list.d/backports.list >/dev/null apt-get update
Debian 9 (stretch)
dpkg -i xray/app/third-party/rabbitmq/socat_<version>.deb dpkg -i xray/app/third-party/rabbitmq/esl-erlang_<version>.deb
Erlang Linux Archive Installation
Erlang binaries are no longer bundled with Linux archive installer for Xray. Remember to install Erlang manually.
db-util for Xray
db-util allows Xray to interact with the Berkley DB that contains information about RPM-based Docker images. This way, JFrog Xray can index OS packages for these images.
db-util RPM Installation
# This will install db-util if db_dump is not available hash db_dump 2>/dev/null || rpm -ivh --replacepkgs xray/app/third-party/misc/db4-utils-<version>.rpm
db-util Debian Installation
Ubuntu
dpkg -i xray/app/third-party/misc/db5.3-util_<version>.deb dpkg -i xray/app/third-party/misc/db-util_<version>.deb
Debian 8
dpkg -i xray/app/third-party/misc/db5.3-util_<version>.deb dpkg -i xray/app/third-party/misc/db-util_<version>.deb
Debian 9
dpkg -i xray/app/third-party/misc/db5.3-util_<version>.deb dpkg -i xray/app/third-party/misc/db-util_<version>.deb
db-util Linux Archive installation
db-util binaries are no longer bundled with Linux archive installer for Xray. Remember to install db-util manually.