Step 1: Configure the Artifactory Filestore for Direct Cloud Storage

As described in Filestore Configuration, you control how Artifactory using stores binaries the$JFROG_HOME/artifactory/var/etc/artifactory/binarystore.xmlfile.

As described in Filestore Configuration, you control how Artifactory stores binaries using the$JFROG_HOME/artifactory/var/etc/artifactory/binarystore.xmlfile.

To configure the Artifactory Filestore for Direct Cloud Storage, in binarystore.xml file, for s3-storage-v3, google-storage-v2, and azure-blob-storage-v2 set the following parameters:

Set enableSignedUrlRedirect to true.
Set signedUrlExpirySeconds to the number of seconds that a signed URL provided to a requesting client for direct download from cloud storage is valid. The default is 30 seconds.

The following snippet shows an example of how these parameters may look in your binarystore.xml file.

<enableSignedUrlRedirect>true</enableSignedUrlRedirect>
<signedUrlExpirySeconds>30</signedUrlExpirySeconds>

Step 1a: Use CloudFront CDN (Optional)

📘
Note
This section is relevant only when using AWS S3 storage.

To further optimize direct cloud storage downloads, Artifactory lets you specify CloudFront settings that will determine in which locations your artifacts will physically reside. This means downloads from your S3 bucket will be via a rapid CDN.

To use CloudFront CDN with direct cloud storage downloads, follow the steps below:

Create a CloudFront distribution as described in Getting Started with CloudFront in the AWS documentation.
Generate a key pair as described in Creating CloudFront Key Pairs for Your Trusted Signers in the AWS documentation.
In the AWS console, under CloudFront | Behaviors, set a pattern on the distribution with Forward Query Strings = yes. This allows files to be downloaded using the actual filename as opposed to their SHA1 value.
Match up your distribution with your S3 bucket.

📘
Note
Make sure that the distribution points to the same S3 bucket configured in your S3 Binary Provider in your $JFROG_HOME/artifactory/var/etc/artifactory/binarystore.xml file.

In your binarystore.xml file, for s3-storage-v3 set enableSignedUrlRedirect to true.
Set the following CloudFront parameters in the Amazon S3 Official SDK Template of your binarystore.xml file:

Parameter	Description
cloudFrontDomainName	The unique domain provided by AWS
cloudFrontKeyPairId	The unique identifier of the key pair you created in step 2 above
cloudFrontPrivateKey	The private key you created in step 2 above, in the following format: `----BEGIN RSA PRIVATE KEY----` `........` `-----END RSA PRIVATE KEY-----`

Parameter

Description

cloudFrontDomainName

The unique domain provided by AWS

cloudFrontKeyPairId

The unique identifier of the key pair you created in step 2 above

cloudFrontPrivateKey

The private key you created in step 2 above, in the following format:

----BEGIN RSA PRIVATE KEY----

........

-----END RSA PRIVATE KEY-----

The following snippet shows an example of how these parameters may look in your binarystore.xml file:

<useSignature>true</useSignature>
 <cloudFrontDomainName>d2n9783dfm6kdoq.cloudfront.net</cloudFrontDomainName>
 <cloudFrontKeyPairId>APKPDIVCZ4OS2GY6VMGS</cloudFrontKeyPairId>
 <cloudFrontPrivateKey>-----BEGIN RSA PRIVATE KEY-----
 MIIEowIBAAKCAQEAmVbCi33YzIyQMGJkNJN7NbRAEzZIxHv43nmq0b+tDM2CKX+f
...........................
...........................
 -----END RSA PRIVATE KEY-----
 </cloudFrontPrivateKey>

Updated 2 days ago