Try JFrog
Guides
Contact SupportTry JFrog
  1. Platform Administration
  2. JFrog Bridge

Manage Bridges

πŸ“˜

Subscription Information

This feature is supported with the Enterprise+ license.

A JFrog Bridge establishes a secure data link between a JPD in the SaaS cloud (the Bridge Server) and a Self-managed JPD (the Bridge Client). You define and manage Bridges in the JFrog Platform interface of these JPDs, or with API requests to the JPDs. The Bridge Server and Bridge Client each expose a different set of management tools.

This topic describes Bridge management using the JFrog Platform user interface. The Bridge REST APIssupports all the actions available in the JFrog Platform user interface, and includes APIs that report detailed performance and troubleshooting information.

To view and manage Bridges:

In JFrog Platform go to Administration > Topology > Bridges. Each row of the table represents a Bridge that connects this JPD to another JPD.

Tunnels are the persistent TCP sessions that support Bridge communication.

Nodes: Typically the Bridge service is deployed on nodes/VM instances, depending on JPD environment settings. Click in a row of the table to see the status of each of these nodes.

The Bridge Client manages nodes and tunnels based on data traffic. By default, each node maintains a minimum of 2 active tunnels. You can tune the thresholds for tunnel creation using Bridge Advanced Parameters.

  • On a SaaS JPD, the Bridge Server tab is active. The JPD is the Server for the Bridges in the table.

    In the In the Actions column, click ... and select one of the following:

    • Test Connection: The JPD attempts to connect to the Bridge Client.
    • Block/Unblock: The JPD terminates connections to the Bridge Client, and declines new connections. The Bridge is not removed. Unblock to accept new connections.

    To Add a JFrog Bridge click Generate Pairing Token to begin.

  • On a Self-Hosted JPD, the Bridge Client tab is active. The JPD is the Client for the Bridges in the table.

    In the Actions column, click ... and select one of the following:

    • Edit: modify basic and Advanced Bridge Parameters.
    • Delete: permanently remove the Bridge.
    • Stop: Suspend the connection without removing the Bridge. Active TCP nodes and tunnels are terminated.
    • Restart: Restart the bridge connection. Active TCP nodes and tunnels are terminated, and new sessions are established after restart.

Click on a row to view additional status and performance information for each TCP tunnel of the Bridge. For example, if a Bridge has the status Offline, click it to view troubleshooting information.

πŸ“˜

Block/Unblock and Stop/Restart are independent actions

When you Block a bridge at the Bridge Server, the Bridge Client is not aware of the action. Similarly, when you Stop a bridge at the Bridge Client, the Bridge Server is not aware of the action. When you click on a Bridge that is offline, the troubleshooting information reflects the status observed by the Server or Client JPD you are in.

The Bridge service maintains standard JFrog service logs.

πŸ“˜

Bridges in YAML

Bridges that you define directly in system.yaml appear in the Bridges table of the JFrog Platform interface, but they cannot be managed using the Platform interface or the Bridge APIs. Use only the JFrog Platform interface or the Bridge APIs to create and manage Bridges.

Use a Custom TLS Certificate for Bridge Communication

By default, Bridges use the default TLS certificate provided by the JPD's Access service. There are several ways to upload a certificate dedicated to Bridge communication:

  • Add a certificate for a specific Bridge. When this certificate is defined, all nodes of this Bridge use only this certificate.

    1. Generate the certificate in PEM format. Include a key to the CA used to sign the certificate.

    2. Log in to the Bridge Client JPD and go to Administration > Topology > Bridges.

    3. Click ... in the Actions column of the Bridge and select Edit.

    4. In the Edit Bridge pane, paste the certificate into the TLS Root CA Certificate field. Then Click Update Bridge.

  • Add a certificate for all Bridges on the JPD. When this certificate is defined, Bridge services use this certificate instead of the JPD's default TLS certificate.

    1. Generate a certificate file named tls_cert.crt in PEM format. Include a key to the CA used to sign the certificate.

    2. Upload the file:

      For Docker or Linux deployments, save the file to the following pathname: $JF_PRODUCT_HOME/var/data/bridge/tls_cert.crt

      For Kubernetes deployments, create a secret that points to the certificate file, and specify the secret in the tunnelClientCertificateSecretName: field of the values.yaml file.


Updated 12 days ago