Try JFrog
Guides
Contact SupportTry JFrog
  1. Install Individual Products
  2. Individual JFrog Products Installation
  3. Xray Installation

Xray FIPS Installation

Install Xray with FIPS 140-2 enabled on RHEL 8/9 or Amazon Linux 3 using the Linux archive installer.

This installation method is fully supported for the Linux archive-based installer and is only available for RPM-based operating systems, specifically RHEL 8, RHEL 9, and Amazon Linux 3.

Installing Xray with FIPS
Prerequisites

Before installing JFrog Xray using the Linux archive method, verify the following prerequisites:

  • A running JFrog Artifactory instance that Xray will connect to.

  • PostgreSQL Database (Use an external PostgreSQL on a separate VM or manage it via RDS.)

  • A FIPS-enabled VM with the required packages installed:

    • Erlang with FIPS Support

      JFrog provides FIPS-compiled Erlang binaries for the following OS versions:

      After installing Erlang, verify FIPS mode using:

      erl
crypto:enable_fips_mode(true).
crypto:info_fips().

      The output should confirm that FIPS mode is enabled.

    • dbutilsThe db_dump command-line utility is required. The Xray application internally uses this for its functionalities. Verify installation by running db_dump.

      Installation commands by OS:

      • RHEL 8: Included by default
      • RHEL 9: yum install libdb-utils
      • Amazon Linux 2023: yum install libdb-utils
Setting Up JFrog Xray
Fresh Installation

After completing the prerequisites, follow these steps:

  1. Download the Xray Linux archive-based installer ( tar.gz) from the Xray Downloads page.

  2. Extract the archive:

    tar -xvf jfrog-xray-<version>-linux.tar.gz

  3. Set up OS User Permissions:

    • Xray installation script creates an xray user by default.

    • Set run and execute permissions on the installation directory.

    • Recommended installation directory: /opt

      mkdir -p /opt/jfrog
cp -r jfrog-xray-<version>-linux /opt/jfrog/
cd /opt/jfrog
mv jfrog-xray-<version>-linux xray
cd xray/app/bin
    📘

    Note

    From version 3.107 onwards, Xray installers organize files into designated subfolders. Ensure correct navigation post-extraction. 4. Run the Installation Script:

    ./install.sh

    Check prerequisites for Xray in Linux Archive before running the install script.

    The script prompts for input:

    • Artifactory URL ( http://artifactory_node_ip:port)

    • Join Key (Retrieve from: Administration > Security > General > Connection Details)

    • Machine IP Address (System auto-detects or manually enter, ensure IPv6 is in[]

    • Database Connection Details:

      postgres://<IP_ADDRESS>:<PORT>/<DATABASE_NAME>?sslmode=disable
      • Username: <YOUR_DATABASE_USERNAME>
      • Password: <YOUR_DATABASE_PASSWORD>

  4. Configure FIPS for RabbitMQ:

    • Create advanced.conf in /opt/jfrog/xray/var/etc/

      [
{crypto, [
{fips_mode, true}
]}
].

    • Set the environment variable in the file /opt/jfrog/xray/app/bin/xray.default

      export RABBITMQ_ADVANCED_CONFIG_FILE="${JF_PRODUCT_HOME}/var/etc/advanced.conf"

    • Set permissions:

      chown -R xray:xray /opt/jfrog/xray

  5. Start Xray Service:

    xray/app/bin/xray.sh start|stop
Installing Xray as a Service

Xray can be installed as a system service. Execute:

xray/app/bin/installService.sh

Options:

  • -u | --user: (default: xray) Specify a custom user.
  • -g | --group: (default: xray) Specify a custom group.

To manage the service:

systemctl <start|stop|status> xray.service
Adding Nodes to an Xray Cluster

For additional nodes:

  1. Repeat the initial Xray installation.

  2. When prompted, select Y for adding to an existing cluster.

  3. Provide the master key:

    cat /opt/jfrog/xray/var/etc/security/master.key

  4. Enter the active RabbitMQ node hostname.

  5. Use the same PostgreSQL details as the first node.

  6. Follow the FIPS and permission setup steps from the primary node.

Uninstall

For uninstallation, refer to Uninstalling Jfrog Products

Updated 3 days ago