How to configure jfrog Artifactory web interface to use https rather than http

Question

I cannot find on the jfrog website a simple explanation of how to configure Artifactory to use https for the website

I thought I might have found the answer in the example system.full-template.yaml that was delivered with the new version 7.17.11 in /opt/jfrog/artifactory/var/etc

  ## Artifactory Tomcat connector customization on the Artifactory port
  tomcat:

    ## Set up an HTTPS connector for artifactory. This opens a port
    ## in addition to the default HTTP connector. All relevant
    ## properties configured for the HTTP connector are applied also
    ## for this connector (e.g. "maxThreads")
    httpsConnector:
      ## Enable connector with SSL/TLS
      #enabled: false

      ## Port to use for the HTTPS connector
      #port: 8443

      ## Certificate file to use
      #certificateFile: "$JFROG_HOME/artifactory/var/etc/artifactory/security/ssl/server.crt"

      ## Certificate key file to use.
      #certificateKeyFile: "$JFROG_HOME/artifactory/var/etc/artifactory/security/ssl/server.key"

But having tried this in a modified system.yaml with the appropriate lines uncommented and values set (see below) and our key and cert copied into the stated locations, then restarting Artifactory, I still can't connect to my Artifactory server web interface with https to port 8443

## ARTIFACTORY TEMPLATE
artifactory:
    ## Artifactory Tomcat connector customization on the Artifactory port
    tomcat:
        ## Set up an HTTPS connector for artifactory. This opens a port
        ## in addition to the default HTTP connector. All relevant
        ## properties configured for the HTTP connector are applied also
        ## for this connector (e.g. "maxThreads")
        httpsConnector:
            ## Enable connector with SSL/TLS - ADK
            enabled: true

            ## Port to use for the HTTPS connector - ADK
            port: 8443

            ## Certificate file to use - ADK
            certificateFile: "$JFROG_HOME/artifactory/var/etc/artifactory/security/ssl/server.crt"

            ## Certificate key file to use. - ADK
            certificateKeyFile: "$JFROG_HOME/artifactory/var/etc/artifactory/security/ssl/server.key"

We are using the jfrog-artifactory-cpp-ce-7.17.11-71711900.x86_64.rpm on RHEL 7

Previously on an older version we did a whole bunch of customization of the embedded tomcat delivered by Artifactory in the tomcat/conf/server.xml and tomcat/conf/web.xml files and artifactory.system.properties file.

Am I wrong in assuming that the system.yaml is supposed to be the way of configuring https now, rather than having to mess about with the delivered tomcat ?

Just found this in the tomcat catalina log

Caused by: java.lang.IllegalArgumentException: /opt/jfrog/artifactory/app/artifactory/tomcat/$JFROG_HOME/artifactory/var/etc/artifactory/security/ssl/server.key (No such file or directory)

So doesn't seem to be using just the location I put in system.yaml for the key

In the end gave up on configuring Artifactory directly and installed nginx as a reverse proxy and configured that to do the https as per https://www.jfrog.com/confluence/display/JFROG/Configuring+NGINX

This then worked for https both for the website and for Conan remote connections

Answer 1

I had the same problem.

If you look at the top of the file system.full-template.yaml it says this:

## NOTE: JFROG_HOME is a place holder for the JFrog root directory containing the deployed product, the home directory for all JFrog products.
## Replace JFROG_HOME with the real path! 

So it looks like an environment variable, but it's not. I had to replace $JFROG_HOME with the actual path to the certificate and key files.

For example:

certificateFile: /opt/jfrog/artifactory/var/etc/artifactory/security/ssl/server.crt
certificateKeyFile: /opt/jfrog/artifactory/var/etc/artifactory/security/ssl/server.key