Try JFrog
Guides
Contact SupportTry JFrog
  1. Prerequisites
  2. System Requirements
  3. Allowlisted URLs and Air-Gapped Environment Considerations

Platform Air-gapped Environment Configuration

Configure JFrog Platform for air-gapped deployment by setting jfconnect.airgap.enabled=true in system.yaml.


An air-gapped environment is a system without access to the outside Internet. JFrog Platform uses the JFConnect microservice to fetch entitlements that enable the usage of various services. For more information, see JFConnect Microservice.

As of Artifactory version 7.77, you can configure the JFrog Platform to run in an air-gapped environment.

To configure the JFrog Platform to work in an air-gapped environment:

  1. Set the following values in the system.yaml file and restart Artifactory.
jfconnect:
    airgap:
        enabled: true
  1. Perform the initial update of entitlements on the air-gapped platform, as described in Update Entitlements on an Air-gapped JFrog Platform.

Update Entitlements on an Air-gapped JFrog Platform

Use this procedure to obtain entitlements and upload them to the platform when there is no internet connectivity.

Entitlements are needed to run services and to set the correct expiry date on the air-gapped platform.

When is the entitlements file available? For both new subscriptions and renewals, the entitlements file becomes available 14 days before the contract start date. This allows you to update the file ahead of time in your air-gapped environment.

My subscription is unchanged or My new contract adds features or capacity

In the final two weeks (14 days) before your current contract expires, perform the procedure described in this section to update the entitlements file.

My new contract reduces features or capacity

Use this two-step update to ensure service continuity:

  1. In the final two weeks (14 days) before your current contract expires, perform the procedure described in this section to update the entitlements file. This entitlements file extends current features and capacity for the first 14 days of the new contract.
  2. In the first two weeks (14 days) of your new contract, repeat this procedure to update the entitlements file. This entitlements file implements your new contract.

You must install an updated entitlements file before the 14-day grace period ends to ensure uninterrupted access to services.

To update entitlements on an Air-gapped JFrog platform:

  1. Generate an Admin scoped token.

  2. In the air-gapped environment, use the token from the previous step to submit a Start Register request to the JFConnect API, as in the following example:

    curl -H 'Authorization: Bearer <TOKEN>' -X GET
'http://<JFROG_PLATFORM_URL>:8082/jfconnect/api/v1/offline/start_register

    This API returns an offline request token string, as in the following example:

    {"offline_request_token": <offline_request_token>}

  3. On a server with external Internet access, submit the Post Offline Request Token to JFrog Entitlements Service API request. Include the offline request token from the previous step in the request body, as in the following example:

    curl -v -L 'https://jes.jfrog.io/api/v1/offline_register' \
-H 'Content-Type: application/json' \
--data '{
    "offline_request_token": "<offline_request_token>"
}' > entitlements.json

    Keep the following information from the return message:

    • The value of the offline_response_token field in the header
    • The entitlements.json file in the payload, which you must provide to the air-gapped JPD.
📘

Note

Do not modify the entitlements.json file.

  1. On the air-gapped JFrog Platform, submit the Offline Register JFConnect API request, including the offline response token and the entitlements.json file from the previous step, as in the following example:.

    curl -L -H 'Authorization: Bearer <TOKEN>' -X POST 
'http://<JFROG_PLATFORM_URL>:8082/jfconnect/api/v1/offline/register' \
--form '[email protected];type=application/json' \
--form 'offline_response_token=""'
⚠️

Warning

In this step you must use the offline_responsetoken that was returned during offline registration (Step 3). Do not use the offlinerequest_token you generated in Step 2. The API request fails if the incorrect token is used.

Frequently Asked Questions
Q: From which Artifactory version is air-gapped environment configuration supported?

A: Air-gapped environment configuration is supported starting from Artifactory version 7.77.

Q: What setting must I add to system.yaml to enable air-gapped mode?

A: Set jfconnect.airgap.enabled: true under the jfconnect section in system.yaml, then restart Artifactory. This configures the JFrog Platform to run without access to the outside internet.

Q: How far in advance does the entitlements file become available before a contract starts?

A: The entitlements file becomes available 14 days before the contract start date for both new subscriptions and renewals. This allows you to update the file ahead of time in your air-gapped environment.

Q: What happens if I do not install an updated entitlements file before the grace period ends?

A: You must install the updated entitlements file before the 14-day grace period ends to ensure uninterrupted access to services. Failing to update within this window can result in service disruption.

Q: Why does a contract with reduced features or capacity require a two-step entitlements update?

A: When a new contract reduces features or capacity, the first update in the final 14 days of the old contract extends current features for the first 14 days of the new contract. A second update in the first 14 days of the new contract then implements the reduced entitlements, ensuring service continuity throughout the transition. See JFConnect Microservice for background on how entitlements work.

Updated 1 day ago