How can I use Artifactory behind a reverse proxy with the new access web application?

Question

After upgrading Artifactory to version >5.4.0 I am not able to run it behind a reverse proxy, because Artifactory uses an additional webapp (access.war) for access tokens from this version on.

Apache is configured as reverse proxy and uses AJP as protocol to connect to Artifactory's Tomcat. The http connector on port 8081 is commented out, as I only want to use AJP.

When starting Artifactory, it tries to get connected to the Access service via http:

Using Access Server URL: http://localhost:8081/access (bundled) source: detected

Following error message occurs when disabling the http connector:

Application could not be initialized: Could not detect listening port.
Caused by: java.lang.IllegalStateException: Could not detect listening port.
at org.artifactory.security.access.ArtifactoryAccessClientConfigStore.detectBundledAccessServerUrl(ArtifactoryAccessClientConfigStore.java:501) ~[artifactory-core-5.5.1.jar:na]
at org.artifactory.security.access.ArtifactoryAccessClientConfigStore.lambda$4(ArtifactoryAccessClientConfigStore.java:476) ~[artifactory-core-5.5.1.jar:na]
at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4742) ~[guava-18.0.jar:na]
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3527) ~[guava-18.0.jar:na]
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2319) ~[guava-18.0.jar:na]
at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2282) ~[guava-18.0.jar:na]
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2197) ~[guava-18.0.jar:na]
... 30 common frames omitted

server.xml

<Service name="Catalina">
    <!--Connector port="8081"/-->

    <!-- This is the optional AJP connector -->
    <Connector port="8019" protocol="AJP/1.3" maxThreads="500" minSpareThreads="20" enableLookups="false" backlog="100"/>

    <Engine name="Catalina" defaultHost="localhost">
        <Host name="localhost" appBase="webapps" startStopThreads="2"/>
    </Engine>
</Service>

How can I change the Access Server URL on client side?

Answer 1

Basically your configuration should look like this: (give or take)

ProxyPreserveHost On

ServerName localhost
ServerAlias *.localhost
ServerAdmin server@admin


## Application specific logs
## ErrorLog ${APACHE_LOG_DIR}/localhost-error.log
## CustomLog ${APACHE_LOG_DIR}/localhost-access.log combined

AllowEncodedSlashes On
RewriteEngine on

RewriteCond %{SERVER_PORT} (.*)
RewriteRule (.*) - [E=my_server_port:%1]
##  NOTE: The 'REQUEST_SCHEME' Header is supported only from apache version 2.4 and above
RewriteCond %{REQUEST_SCHEME} (.*)
RewriteRule (.*) - [E=my_scheme:%1]

RewriteCond %{HTTP_HOST} (.*)
RewriteRule (.*) - [E=my_custom_host:%1]



RewriteRule ^/$                /artifactory/webapp/ [R,L]
RewriteRule ^/artifactory(/)?$      /artifactory/webapp/ [R,L]
RewriteRule ^/artifactory/webapp$   /artifactory/webapp/ [R,L]

RequestHeader set Host %{my_custom_host}e
RequestHeader set X-Forwarded-Port %{my_server_port}e
## NOTE: {my_scheme} requires a module which is supported only from apache version 2.4 and above
RequestHeader set X-Forwarded-Proto %{my_scheme}e
RequestHeader set X-Artifactory-Override-Base-Url %{my_scheme}e://localhost:%{my_server_port}e/artifactory
ProxyPassReverseCookiePath /artifactory /artifactory

ProxyRequests off
ProxyPreserveHost on
ProxyPass /artifactory/ http://localhost:8081/artifactory/
ProxyPassReverse /artifactory/ http://localhost:8081/artifactory/