This feature is supported with the Enterprise+ license.
JFrog Artifactory Edge (an "Edge node") is an edition of JFrog Artifactory whose available features have been customized to serve the primary purpose of distributing software to a runtime such as a data center, a point-of-sale or even a mobile device. All packages hosted in an Edge node are part of a Release Bundle which is a secure and immutable collection of software packages that make up a release to be provisioned or can be uploaded using direct file upload through the UI or REST API.
Distributing Release Bundles REST API can be found here.
Before you get started - Establish a circle of trust
An Edge node can only receive Release Bundles from an Artifactory service if they are both within the same circle of trust. Once you have completed the installation of the Edge node, make sure to add it to the circle of trust for any Artifactory service from which it should receive Release Bundles. To learn how to establish a circle of trust, see Establishing the Circle of Trust.
Edge Installation Options
The process of installing an Edge node is identical to installing any other Artifactory instance. The following section details the process of installing Artifactory using Linux Archive a popular installation option. For other Artifactory installation options, see Installing Artifactory.
Install Artifactory single node with Linux Archive
Before you proceed with the installation, review the system requirements.
Operating Systems and Platform Support
The following table lists the supported operating systems and the versions.
7.x, 8.x, 9.x
18.04, 20.04, 22.04
2016 or 2019
Amazon Linux 2023, Amazon Linux 2
Operating Systems - End of Support
As part of JFrog commitment to maintain the security and reliability of the JFrog Platform, from Q1-2024, JFrog Artifactory will officially run with Node.js 20.x on all installation types.
Node.js 20.x provided with Linux Archive/Debian/RPM installations (non-containerized distributions) is not supported on the following operating systems:
Hence, these operating systems are no longer supported for JFrog Artifactory.
The following table lists the supported platforms.
Installation on Kubernetes environments is through Helm Charts. Supported Helm version is Helm 3+.
From version 7.41.4, Artifactory supports installation on ARM64 architecture through Helm and Docker installations. You must set up an external database as the Artifactory database since Artifactory does not support the bundled database with the ARM64 installation. Artifactory installation pulls the ARM64 image automatically when you run the Helm or Docker installation on the ARM64 platform.
ARM64 support is also available for Xray, Distribution, and Insight. ARM64 support is not available for Pipelines.
Artifactory Database Requirements
You can configure your own database from the following list.
Artifactory supports the following databases.
Microsoft SQL Server
Artifactory HA requires an external database, which is fundamental to management of binaries and is also used to store cluster wide configuration files.
Since Artifactory HA contains multiple Artifactory cluster nodes, your database must be powerful enough to service all the nodes in the system. Moreover, your database must be able to support the maximum number of connections possible from all the Artifactory cluster nodes in your system.
If you are replicating your database you must ensure that at any given point in time all nodes see a consistent view of the database, regardless of which specific database instance they access. Eventual consistency, and write-behind database synchronization is not supported.
Artifactory File Store
The filestore is where binaries are physically stored.
Artifactory provides the following options to store binaries.
Local file system in which binaries are stored with redundancy using a binary provider, which manages synchronizing files between the cluster nodes according to the redundancy defined.
Cloud storageAmazon S3 and Google Cloud Storage
Network File System (NFS)
For detailed information, see Filestore Configuration.
While Artifactory can use a Networked File System (NFS) for its binary storage, you should do not install the application itself on an NFS. The Artifactory application needs very fast, reliable access to its configuration files. Any latency from an NFS will result in poor performance when the application fails to read these files. Therefore, install Artifactory on a local disk mounted directly to the host.
To use an NFS to store binaries, use the "file-system" binarystore.xml configuration with the additional "<baseDataDir>" setting.
Working with Very Large Storage
In most cases, our recommendation is for storage that is at least 3 times the total size of stored artifacts in order to accommodate system backups.
However, when working with a very large volume of artifacts, the recommendation may vary greatly according to the specific setup of your system. Therefore, when working with over 10 TB of stored artifacts, contact JFrog support, who will work with you to provide a recommendation for storage that is customized to your specific setup.
Allocated storage space may vary
Xray downloads and then deletes fetched artifacts after indexing. However, in order to have more parallel indexing processes, and thereby more temporary files at the same time would require more space.
This is especially applicable for large BLOBs such as Docker images.
Artifactory Network Ports
Artifactory uses external network ports to communicate with services outside Artifactory and internal networks to communicate with Artifactory and other JFrog Platform microservices.
External Network Ports
Artifactory uses the following external network ports by default.
Internal Network Ports
Artifactory uses the following internal network ports.
8040 and 8045
8048 and 9092
8082, 8046, 8047, 8049, and 8091
8061, and 8062
8071 and 8072
Artifactory Linux Archive Installation Steps
Complete the following steps to install the product.
Create a JFrog Home directory and move the downloaded installer archive into that directory.
mkdir jfrog mv jfrog-artifactory-<pro|oss|cpp-ce>-<version>-linux.tar.gz jfrog cd jfrog
Set the JFrog Home environment variable.
export JFROG_HOME=<full path of the jfrog directory>
To learn more about the system variable JFROG_HOME, see JFrog Home.
Extract the contents of the compressed archive and move it into the
tar -xvf jfrog-artifactory-<pro|oss|cpp-ce>-<version>-linux.tar.gz mv artifactory-<pro|oss|cpp-ce>-<version> artifactory
Customize the production configuration (optional) including database, Java Opts, and filestore.
Access Artifactory from your browser at:
http://SERVER_HOSTNAME:8082/ui/. For example, on your local machine:
Check Artifactory Log.
Configure log rotation of the console log
console.logfile can grow quickly since all services write to it. For more information, see configure the log rotation.
Artifactory Post-Installation Steps
Once the installation is complete, complete the following tasks.
Change the default admin password. The default user will have the following credentials predefined in the system:
User: admin, Password: password
Make sure you have applied your licenses
Continue to configure the system using the Artifactory Product Configuration
Configure a reverse proxy (optional for Docker Registry)
You can run Artifactory with one of the supported HTTP serversset up as a front end of each node.
Artifactory Linux Archive Install Script Commands
The following are the sequence of commands performed by the Linux Archive install script.
To change the default user, edit the shared
When running the service with a different user, make sure to update the shared.user and the shared
systemd or init
After installing and before running Artifactory, you may set the following configurations.
System YAML Configuration File
Where to find system.yaml?
If you don't have a System YAML file in your folder, copy the template available in the folder and name it
For the Helm charts, the
system.yamlfile is managed in the chart’s
Artifactory comes with an embedded Derby Database out-of-the-box. If you're planning to use it in production, it is highly recommended to first Configure the Database, and then start Artifactory.
Customize Java Opts (optional)Remember to modify your JVM Parameters as needed by setting
JAVA_OPTIONSin Shared Configurations. The property to pass extra Java opts is
artifactory.extraJavaOpts. It is highly recommended to set your Java memory parameters as follows:
The larger your repository or number of concurrent users, the larger you need to make the -Xms and -Xmx values accordingly. If you can reserve at least 512MB for Artifactory, the recommended minimal values are:
-server -Xms512m -Xmx2g -Xss256k -XX:+UseG1GC
For more recommendations about your hardware configuration (especially the -Xmx parameter), see System Requirements
These include: customizing ports, joinKey (join.key), masterKey (master.key).
Configuring the Filestore
By default, Artifactory is configured to use the local file system as its filestore. Artifactory supports a variety of additional filestore configurations to meet a variety of needs for binary storage providers, storage size and redundancy.
Enable TLS 1.0 and 1.1 for Connectivity with Older Databases
Artifactory version 7.25.2 onwards includes OpenJDK version 11.0.11 and later. TLS 1.0 and TLS 1.1 are disabled by default from OpenJDK 11.0.11 onwards. If your database version does not support TLS 1.2, the Artifactory startup fails.
If you are unable to upgrade your database to a version that supports TLS 1.2 or later, perform the following steps to run Artifactory.
Download the java.security file that has TLS 1.0 and 1.1 enabled.
Create the directory,
Copy the java.security file into
Provide the appropriate permissions to the directory.
Artifactory startup takes a backup of the existing java.security file and bootstraps custom java.security into the
Configure Java Security File for Helm Installations
Create the following local directory.
mkdir -p java/configmap
Download the java.security file that has TLS 1.0 and 1.1 enabled.
Copy the java.security file to
Run the following command to create a custom config map. For more information, see Using Config Maps.
kubectl create configmap java-security-config --from-file=java/configmap/java.security
Pass the following custom config map to your Helm install. For more information, see Using Config Maps.
artifactory: preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/java && cp -Lrf /tmp/java/* /opt/jfrog/artifactory/var/bootstrap/artifactory/java/" customVolumes: | - name: java-security-config configMap: name: java-security-config customVolumeMounts: | - name: java-security-config mountPath: /tmp/java/java.security subPath: java.security
Run Artifactory as a process
You can run Artifactory as a foreground or as daemon process. When running as a foreground process, the console is locked and you can stop the process at any time.
To run as a foreground process $JFROG_HOME/artifactory/app/bin/artifactoryctl To run as a daemon process $JFROG_HOME/artifactory/app/bin/artifactoryctl start To manage the process $JFROG_HOME/artifactory/app/bin/artifactoryctl check|stop
Run Artifactory as a service
Artifactory is packaged as an archive file with a bundled Tomcat, and a complete install script that you can use to install it as a service running under a custom user. This is currently supported on Linux and Solaris systems.
When running Artifactory as a service, the installation script creates a user called
artifactory, which must have run and execute permissions on the installation directory. We recommended that you extract the Artifactory download file into a directory that gives run and execute permissions to all users such as
To install Artifactory as a service, browse to the
$JFROG_HOME/artifactory /app/bin directory and execute the following command as root.
# USER (optional) - the user you want application to run as (default = artifactory) # GROUP (optional) - the group with which the application will run as. (default = artifactory) $JFROG_HOME/artifactory/app/bin/installService.sh [USER [GROUP]]
Manage the service
init.d commands depending on your system.
Using systemd systemctl <start|stop|status> artifactory.service Using init.d service artifactory <start|stop|check>
Add licenses according to your license type.
Option 1: Copy the
artifactory.cluster.licensefile to the first node's configuration directory.
cp artifactory.cluster.license $JFROG_HOME/artifactory/var/etc/artifactory/
This can also be done once you start Artifactory using:
Specifying multiple licenses
Whether in the Artifactory UI, using the REST API or in the
artifactory.cluster.license file, make sure that the licenses are separated by a newline.
Applying a license bucket requires JFrog Mission Control.
Complete configuring and starting the first node.
Enable Mission Control microservice in Artifactory.
Add an Edge Node
After you install Artifactory, use the following steps to add the Artifactory Edge node.
Step 1: Optional: Enable the Replicator on Both Instances
The Replicator is a process that optimizes replication when distributing software with JFrog Distribution. You can enable a Replicator on both Artifactory instances. See Replicator Installation and Activation for more information.
Step 2: Establish a Circle of Trust
An Edge node can only receive Release Bundles from an Artifactory service if they are both within the same circle of trust. Establish a circle of trust by copying the root
crt from the source Artifactory to the trusted keys folder of the edge instance. For more information, see Establishing a Circle of Trust.
Step 3: Add the Edge Node to JFrog Mission Control
Using Platform Deployments, add the Artifactory Edge node to Mission Control. For more information, see Managing Platform Deployments.
Step 4: Add the Edge Node as a Target for Source Instance in Access Federation
Access Federation gives you control over access to all, or any subset of your services from one location by synchronizing all security entities (users, groups, permissions, and access tokens) between the federated services. Once the Access Federation has been set up, you can manage all security entities in the federated services from one place. For more information, see Access Federation.
Step 5: Add Signing Keys to JFrog Distribution
The JFrog Platform supports signing keys to establish trust with your clients for downloading your packages from Artifactory. Signing keys consist of a public and a private key pair, which are used for signing and verifying release bundles. When installing a new Edge, you will need to propagate the public keys to the new Edge. To learn about how to add and propagate keys, see GPG Signing.
Next step: Configuring Distribution