使用Artifactory部署私有化软件源

本文最后更新于 1528 天前, 如有失效请评论区留言.

趁着节前,需要折(dao)腾(shi)一下去年部署的artifactory镜像源,并将升级到7.x版本。

场景

部署私有化软件源,对内提供服务。这里只作为软件源测试使用,其他场景自行琢磨。

部署服务

部署很简单,这里使用docker-compose方式部署

# docker-compose.yaml
version: '2.1'
services:
  ossv2:
    image: registry.cn-beijing.aliyuncs.com/k7scn/artifactory-pro:7.6.1
    container_name: ossv2
    volumes:
    - /data/ossv2:/var/opt/jfrog/artifactory
    network_mode: host
    restart: always
  nginx:
    image: registry.cn-beijing.aliyuncs.com/k7scn/nginx:1.17.3
    container_name: nginx
    volumes:
    - /var/log/nginx:/var/log/nginx:rw
    - ./config:/etc/nginx/conf.d:rw
    - ./nginxconfig.io:/etc/nginx/nginxconfig.io:rw
    - ./ssl:/etc/nginx/ssl:rw
    - ./wwwroot:/var/www:rw
    network_mode: host
    restart: always

注意事项

  • artifactory 持久化数据目录可用空间最好稍微大些(>500GB),具体看镜像源数目多少。
  • 使用nginx进行反向代理。

配置源

7.x 和 6.x 版本差别还挺大的。

docker-compose up -d 启动服务后,访问 <ip>:8082 进行初始化服务配置,基本默认配置即可或者SKIP跳过。

在此过程中有一步比较坑,就是创建默认的Repositories,这个跳过跳过,否则后面在使用过程中就要踩坑了,如配置Debian或者源后Alpine后,如果文件路径里有**.**就会导致文件无法下载404

artifactory 源

简单介绍一下,

  • Local 本地 (通常放一些内部的二进制文件或者其他,当oss用)
  • Remote 远程 (常用,默认就基本使用这个 通常镜像aliyun或者tuna)
  • Virtual 虚拟 (local + remote)

这里我截取部分软件源示例,基本傻瓜式操作

示例配置Debian源

正常Debian源如下:

deb https://mirrors.ysicing.me/debian/ buster main contrib non-free
deb https://mirrors.ysicing.me/debian/ buster-updates main contrib non-free
deb https://mirrors.ysicing.me/debian/ buster-backports main contrib non-free
deb https://mirrors.ysicing.me/debian-security buster/updates main contrib non-free

如果想达成如上,需要做两件事

  • 镜像Debian源
  • 配置域名

镜像Debian源

  • 创建Remote Repositories debiandebian-security

  • 配置debian Remote Repositories

同理 debian-security 类似

  • 配置完成后访问 <ip>:8082/artifactory/debian/ 或者 <ip>:8081/artifactory/debian/

到这里,我们已经实现了

deb http://172.16.72.42:8082/artifactory/debian/ buster main contrib non-free
....

ip+端口的方式终究不太好记,是时候拖出nginx大杀器了

配置nginx

这里不具体说nginx配置了,直接上配置

# mirrors.conf
server {
    listen 80;
    listen [::]:80;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name mirrors.ysicing.me;
    if ($http_x_forwarded_proto = '') {
        set $http_x_forwarded_proto  $scheme;
    }
    index index.html;
    root /var/www/mirrors.ysicing.me/public;

    # SSL
    ssl_certificate /etc/nginx/ssl/ysicing.me.crt;
    ssl_certificate_key /etc/nginx/ssl/ysicing.me.key;

    # security
    # include security.conf;

    location = / {
	    root /var/www/mirrors.ysicing.me/public;
    }

    location ~ .*\.(html|htm|reponew)$ {
	    root /var/www/mirrors.ysicing.me/public;
    }

    location ~ (docker.sh|func.sh|data.json)$ {
	   root /var/www/mirrors.ysicing.me/public;
    }

    # location ~ ^/$ {
    #     root /var/www/mirrors.ysicing.me/public;
    # }

    location /pypi/ {
	proxy_pass http://127.0.0.1:8081/artifactory/api/pypi/pypi/;
   	include nginxconfig.io/proxy.conf;
    }

    # chunked_transfer_encoding on;
    # client_max_body_size 0;

    # reverse proxy
    location / {

	proxy_buffering    off;
	proxy_buffer_size  128k;
	proxy_buffers 100  128k;
	client_max_body_size 100m;

        proxy_pass http://127.0.0.1:8081/artifactory/;
        include nginxconfig.io/proxy.conf;

        location ~ ^/artifactory/ {
            proxy_pass    http://127.0.0.1:8081;
            include nginxconfig.io/proxy.conf;
        }
    }

    # additional config
    include nginxconfig.io/general.conf;
}

类似两个配置拿自nginxconfig.io

# proxy.conf
proxy_http_version    1.1;
proxy_cache_bypass    $http_upgrade;
proxy_read_timeout  2400s;
proxy_pass_header   Server;
proxy_next_upstream error timeout non_idempotent;
proxy_next_upstream_tries    1;
proxy_set_header Upgrade            $http_upgrade;
proxy_set_header Connection         "upgrade";
proxy_set_header Host                $host;
proxy_set_header X-Real-IP            $remote_addr;
proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto    $scheme;
proxy_set_header X-Forwarded-Host    $host;
proxy_set_header X-Forwarded-Port    $server_port;

# general.conf
# favicon.ico
location = /favicon.ico {
    log_not_found off;
    access_log off;
}

# robots.txt
location = /robots.txt {
    log_not_found off;
    access_log off;
}

# assets, media
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
    expires 7d;
    access_log on;
}

# svg, fonts
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
    add_header Access-Control-Allow-Origin "*";
    expires 7d;
    access_log off;
}

# gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

到这里软件源配置就基本完成了。

效果图如下:

UI借鉴了网易开源镜像站

踩的pypi坑,小记备忘

pypi源不同于其他,需要额外配置nginx规则

location /pypi/ {
	proxy_pass http://127.0.0.1:8081/artifactory/api/pypi/pypi/;
   	include nginxconfig.io/proxy.conf;
    }

使用

~/.pip/pip.conf
[global]
index-url = https://mirrors.ysicing.me/pypi/simple

# 测试
git clone https://gitee.com/ysbot/CTFd.git --depth 1
cd CTFd
pip3 install -r requirements.txt

Go代理

新版本对Go代理做了优化,使用很流程,创建远程Go,源使用https://goproxy.cn

go env -w GO111MODULE=on
go env -w GOPROXY=https://mirrors.ysicing.me/go/,direct

Sponsor

Like this article? $1 reward

Comments