Posted on

Running Artifactory in a FreeNAS Jail

These notes are with respect to FreeNAS 11.3, Artifactory 5.8, and Apache 2.4.

Let’s begin by adding a jail. Within Jails, click Add Jail. Most of this is default. Here are the settings for a currently working config: DHCP Autoconfigure IPv4 unchecked, NAT unchecked, VNET checked, Berkeley Packet Filter checked, IPv4 statically defined, Autoconfigure IPv6 unchecked, Auto-start checked, mount_devfs checked, mount_fedscfs checked, allow_set_hostname checked, all other jail allow_* properties unchecked, Network interface vnet0:bridge0, within Custom Properties host_time checked).

To install Artifactory, we want to get to a shell on the FreeNAS system (ssh works too).
# shell into the jail
$ sudo iocage console artifactory
# install using ports
# if you do not have /usr/ports, run portsnap fetch && portsnap extract
$ cd /usr/ports/devel/artifactory
$ make install clean

Artifactory runs by default on port 8081. A recommended way to access it over HTTP port 80 is to setup Apache as a proxy. Here is a working /usr/local/etc/apache24/Includes/artifactory.conf file.

LoadModule proxy_module libexec/apache24/mod_proxy.so
LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so

<VirtualHost *:80>
  ProxyPreserveHost On
  ProxyRequests Off
  ProxyPass / http://localhost:8081/
  ProxyPassReverse / http://localhost:8081/
</VirtualHost>
Then test and restart Apache.
$ apachectl configtest && apachectl restart

Artifactory should now be available over HTTP (port 80).

Posted on

Running Git in a FreeNAS Jail

These notes are with respect to FreeNAS 11.3, Git 2.6, and Apache 2.4.

Let’s begin by adding a jail. Within Jails, click Add Jail. Most of this is default. Here are the settings for a currently working config: DHCP Autoconfigure IPv4 unchecked, NAT unchecked, VNET checked, Berkeley Packet Filter checked, IPv4 statically defined, Autoconfigure IPv6 unchecked, Auto-start checked, mount_devfs checked, mount_fedscfs checked, allow_set_hostname checked, all other jail allow_* properties unchecked, Network interface vnet0:bridge0, within Custom Properties host_time checked).

To install Git, we want to get to a shell on the FreeNAS system (ssh works too).
# shell into the jail
$ sudo iocage console git
# install dependencies
$ pkg install git apache24

The next thing to do is create a Git repo within the jail. There are plenty of online references for this, though creating an initial bare repository is the goal.

To use this repo over HTTP, there are some additional configs to setup. Below is the content for the config file at the root of the repo.

[core]
        repositoryformatversion = 0
        filemode = true
        bare = true
        sharedrepository = 1
[receive]
        denyNonFastforwards = true
[http]
        receivepack = true
Also, configure the file system to be modifiable by the Apache user.
$ chown -R www:www /data/git/repos/brian.git

The last bit of work is to configure Apache. Here is a working /usr/local/etc/apache24/Includes/git.conf file where the path /ro/ is used for read-only access to the repository (helpful for CI builds).

LoadModule rewrite_module libexec/apache24/mod_rewrite.so
<IfModule !mpm_prefork_module>
  LoadModule cgid_module libexec/apache24/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
  LoadModule cgi_module libexec/apache24/mod_cgi.so
</IfModule>

<VirtualHost *:80>
  DocumentRoot /data/git/repos

  # Smart-HTTP needs longer timeouts
  Timeout 600

  # Read-only access
  RewriteEngine On
  RewriteCond %{QUERY_STRING} service=git-receive-pack [NC]
  RewriteRule ^ - [E=AUTHREQUIRED:yes]
  SetEnvIf Request_URI ^/ro/.*/git-upload-pack$ AUTHALLOWED
  RewriteCond %{QUERY_STRING} service=git-upload-pack [NC]
  RewriteRule ^/ro/ - [E=AUTHALLOWED:yes]
  <LocationMatch "^/ro/.*">
    Options +Indexes +MultiViews +ExecCGI
    Order allow,deny
    Allow from env=AUTHALLOWED
    Deny from env=AUTHREQUIRED
    Satisfy Any
  </LocationMatch>

  # Read-write access
  <LocationMatch "^(?!/ro)/[^/]+">
    Options +Indexes +MultiViews +ExecCGI
    Order deny,allow
    AuthType Basic
    AuthName "Git"
    AuthUserFile /usr/local/etc/apache24/basic_auth
    require valid-user
  </LocationMatch>

  SetEnv GIT_PROJECT_ROOT /data/git/repos
  SetEnv GIT_HTTP_EXPORT_ALL
  ScriptAlias /ro /usr/local/libexec/git-core/git-http-backend/
  ScriptAlias / /usr/local/libexec/git-core/git-http-backend/
</VirtualHost>
Then test and restart Apache.
$ apachectl configtest && apachectl restart

The Git repo should now be available over HTTP.
# read-only
$ git clone http://.../ro/brian.git
# read-write
$ git clone http://.../brian.git