Manage JFrog Bridges

JFrog Platform Administration Documentation
Content Type
Administration / Platform

Note

Currently this feature is provided in Beta mode.

Subscription Information

This feature is supported with the Enterprise+ license.

JFrog Bridges establish secure, encrypted connections between JFrog Platform Deployments (JPDs) in hybrid topologies. This allows you to seamlessly connect JFrog SaaS and Self-managed JPDs through a private channel.

Each JFrog Bridge connects a Bridge Server JPD to a Bridge Client JPD:

  • SaaS JPDs act as Bridge Servers. Contact JFrog Customer Success to verify that the Bridge service is enabled for JPDs in your SaaS environment.

  • Self-managed JPDs act as Bridge Clients. You must install the Bridge Client service on these JPDs.Install Bridge Client Service

The Bridge Client establishes a persistent, outbound TCP connection to the Bridge Server using an HTTP Upgrade request. This creates a secure tunnel that is compatible with corporate firewalls. Services on the JFrog SaaS JPD use the tunnel to securely forward requests to the self-managed JPD, supporting features such as:

  • Access Federation

  • Distribution

The Bridge connection is secured using a registration token. Forwarded API requests are authenticated using JSON Web Tokens (JWTs). Authentication uses your self-managed environment's custom CA certificates.

Typically, Bridges are combined to define a one-to-many architecture: a single SaaS Bridge Server securely manages Bridge connections from multiple, independent self-managed Bridge Clients.

The Bridge Client service initiates and maintains several independent TCP tunneling sessions to the Bridge Server, and initiates additional service instances as traffic demands. You can set the initial number of simultaneous sessions, and configure performance-based ranges.

To view and manage Bridges:

In JFrog Platform go to Administration > Topology > Bridges.

  • On a SaaS JPD, the Bridge Server tab is active. The JPD is the Server for the Bridges in the table.

    In the Actions column, click ... and select Test Connection. The JPD attempts to connect to the Bridge Client.

    To Add a JFrog Bridge click Generate Pairing Token to begin.

  • On a Self-Hosted JPD, the Bridge Client tab is active. The JPD is the Client for the Bridges in the table.

    In the Actions column, click ... and select one of the following:

You can also use the Bridge REST APIs to create and manage Bridges.Bridge REST APIs

For monitoring and troubleshooting, the Bridge service maintains standard JFrog service logs, and provides APIs for troubleshooting,.

Bridges in YAML

Bridges that you define directly in system.yaml appear in the Bridges table of the JFrog Platform interface, but they cannot be managed using the Platform interface or the Bridge APIs. Use only the jFrog Platform interface or the Bridge APIs to create and manage Bridges.