I am using artifactory community edition which runs artifactory on tomcat and artifactory version is 7.63.11
First when I hit url http://myhost:8081/artifactory it redirects to http://myhost:8082/ui/ and display the login page (working on http)
I am trying to configure to https for this artifactory the page is loading when I hit url https ://myhost:8443/artifactory the page loads with image artifactory is starting and it redirects to https://myhost:8443/ui/ and display error "HTTP Status 404 – Not Found" , I see certifacte looks good and no error in catalina.log
Log shows nothing
Here is the system.yaml I used
shared:
extraJavaOpts: -Xmx4g -Xss256k
database:
type: derby
driver: org.apache.derby.jdbc.EmbeddedDriver
url: jdbc:derby:/opt/app/artifactory-oss-7.63.11/var/data/artifactory/derby;create=true
artifactory:
port: 8081
tomcat:
connector:
maxThreads: 200
sendReasonPhrase: true
relaxedPathChars: ‘"[]"’
relaxedQueryChars: ‘"[]"’
httpsConnector:
enabled: true
port: 8443
certificateFile: "/opt/artifactory-oss-7.63.11/var/etc/artifactory/security/ssl/server.crt"
certificateKeyFile: "/opt/artifactory-oss-7.63.11/var/etc/artifactory/security/ssl/server.key"
extraConfig: ‘SSLProtocol="TLSv1.2"’
access:
http:
port: 8040
tomcat:
connector:
maxThreads: 50
sendReasonPhrase: true
when I stop and restart artifactory , it says artifactory system.yaml file is success then it loads the page on https 8443 redirects to 8443/ui like I mentioned above
I need a solution were it should run on https with port 8443 and display login page
2
Answers
While Artifactory versions 6x and below were only running on Tomcat and using 8081 for external communication, 7.x versions of the product use both port 8081 and port 8082. More information on ports used here.
Port 8082 handles UI, and redirection to other products, so it is able to handle the /ui/ context path.
Currently you may set up an https connector for the Artifactory and Access microservices, so that internal communication is done securely. However for port 8082 and overall end user access, the way to achieve this is a reverse proxy such as Nginx. Documentation here.
If you are using a reverse proxy to handle SSL and redirect traffic, you must make it so that all requests go to port 8082, unless the path begins with "/artifactory", in which case port 8081 must be used. Port 8082 can also handle "/artifactory" requests but will have a performance hit at high concurrency that port 8081 won’t.
The connector port 8443 is for internal communication. All external traffic comes through router port 8082. With TLS enabled on the platform this port should now be told secured.
Please can you go to https://myhost:8082 (makes sure it’s HTTPS) and let us know if that shows the UI as expected.