Merge pull request #563 from rawmind0/master

updated artifactory package. added reverse proxy to docker registry i…
2017-07-25 19:18:59 +02:00 · 2017-07-25 19:18:59 +02:00 · ef67c597a0
commit ef67c597a0
parent b04a8a34ea 8c284944dc
3 changed files with 91 additions and 10 deletions
--- a/templates/artifactory-oss/0/README.md
+++ b/templates/artifactory-oss/0/README.md
@ -9,22 +9,33 @@ generated artifacts.

 ### Usage:

- Select Artifactory from catalog. 
+ - Select Artifactory from catalog. 
+ - Select artifactory version. 
+ - Select artifactory release, OSS or PRO.
+ - Set the params and select certificate.

- - Select artifactory version, OSS or PRO.
- - Set the params.
+ Click "Launch".

- Click deploy.
+### Notes:

-Note: To use the PRO version, you need to get a free trial.
+- To use the PRO version, you need to get a free trial.
+- You need a certificate imported in rancher enviroment before deploy this package. 
+- If you use self signed certificates, you should implement [self-signed-certificates][using-self-signed-certificates] in your hosts.
+- If you use http schema, you should implement [insecure-registry][insecure-registry] in your hosts.
+- KNOWN LIMITATION: "SSL certificate" is required for http and https publish schema.


 ### More info:

 - [Resources][artifactory-resources]
 - [Free-trial][artifactory-trial]
+- [Self-signed-certificates][using-self-signed-certificates]
+- [Insecure-registry][insecure-registry]


 [artifactory]: https://www.jfrog.com/artifactory/
 [artifactory-resources]: https://www.jfrog.com/support-service/resources/
 [artifactory-trial]: https://www.jfrog.com/artifactory/free-trial/
+[using-self-signed-certificates]: https://docs.docker.com/registry/insecure/#using-self-signed-certificates
+[insecure-registry]: https://docs.docker.com/registry/insecure/# Artifactory 
+	
--- a/templates/artifactory-oss/0/docker-compose.yml.tpl
+++ b/templates/artifactory-oss/0/docker-compose.yml.tpl
@ -10,6 +10,43 @@ services:
     - artifactory-data:/var/opt/jfrog/artifactory
    environment:
     - EXTRA_JAVA_OPTIONS=${EXTRA_JAVA_OPTIONS}
+  artifactory-rp:
+    image: rawmind/alpine-nginx:1.12.1-3
+    external_links:
+      - artifactory:artifactory
+    environment:
+      NGINX_SERVER_NAME: artifactory
+      NGINX_SERVER_CONF: |
+        server {
+    
+          listen ${PUBLISH_PORT};
+          server_name ~(?<repo>.+)\.${PUBLISH_NAME} ${PUBLISH_NAME};
+    
+          set $$http_x_forwarded_proto  ${PUBLISH_SCHEMA};
+
+          ## Application specific logs
+          ## access_log /var/log/nginx/oss.local-access.log timing;
+          ## error_log /var/log/nginx/oss.local-error.log;
+
+          chunked_transfer_encoding on;
+          client_max_body_size 0;
+
+          proxy_read_timeout  900;
+          proxy_pass_header   Server;
+          proxy_cookie_path   ~*^/.* /;
+
+          location  /v2 {
+            proxy_pass          http://artifactory:8081/artifactory/api/docker/$$repo/v2/;
+          }
+          location / {
+            proxy_pass          http://artifactory:8081/artifactory/;
+          }
+          proxy_set_header    X-Artifactory-Override-Base-Url $$http_x_forwarded_proto://$$host:$$server_port;
+          proxy_set_header    X-Forwarded-Port  $$server_port;
+          proxy_set_header    X-Forwarded-Proto $$http_x_forwarded_proto;
+          proxy_set_header    Host              $$http_host;
+          proxy_set_header    X-Forwarded-For   $$proxy_add_x_forwarded_for;
+        }
  {{- if (.Values.PUBLISH_PORT)}}
  artifactory-lb:
    image: rancher/lb-service-haproxy:v0.6.4
--- a/templates/artifactory-oss/0/rancher-compose.yml
+++ b/templates/artifactory-oss/0/rancher-compose.yml
@ -14,6 +14,22 @@ catalog:
      options:
        - OSS
        - PRO
+    - variable: "PUBLISH_SCHEMA"
+      description: "Publish schema" 
+      label: "Publish schema:"
+      required: true
+      default: "https"
+      type: "enum"
+      options:
+        - http
+        - https
+    - variable: "PUBLISH_NAME"
+      label: "Publish name"
+      description: |
+        Set publish fqdn for Artifactory server.
+      required: true
+      type: "string"
+      default: "artifactory.local"
    - variable: "PUBLISH_PORT"
      label: "Publish port"
      description: |
@ -21,6 +37,12 @@ catalog:
      required: true
      type: "int"
      default: 8081
+    - variable: "SSL_CERT"
+      description: "Select SSL certificate." 
+      label: "SSL certificate:"
+      required: true
+      default: ""
+      type: "certificate"
    - variable: "EXTRA_JAVA_OPTIONS"
      label: "Extra Java options"
      description: |
@ -38,16 +60,27 @@ services:
    scale: 1
    lb_config:
      certs: []
+      default_cert: ${SSL_CERT}
      port_rules:
-      - protocol: http
-        service: artifactory
+      - protocol: ${PUBLISH_SCHEMA}
+        service: artifactory-rp
        source_port: ${PUBLISH_PORT}
-        target_port: 8081
+        target_port: ${PUBLISH_PORT}
    health_check:
      response_timeout: 2000
      healthy_threshold: 2
      port: 42
      unhealthy_threshold: 3
+  artifactory-rp:
+    scale: 1
+    retain_ip: true
+    health_check:
+      port: ${PUBLISH_PORT}
+      interval: 5000
+      unhealthy_threshold: 3
+      request_line: 'GET / HTTP/1.0'
+      healthy_threshold: 2
+      response_timeout: 5000
  artifactory:
    scale: 1
    retain_ip: true