Search


Cloud customer?
Upgrade in MyJFrog >


Working with an older version?

JFrog Artifactory 6.x
JFrog Xray 2.x
JFrog Mission Control 3.x
JFrog Distribution 1.x
JFrog Enterprise+ (Pre-Platform Release)




Overview

The following is an example of a complete Artifactory system YAML file showing all the different parameters that you may configure.

Example Templates

It is recommended to use the templates available under $JFROG_HOME/artifactory/var/etc/

  • system.basic-template.yaml includes most commonly used system configurations and is identical to the system.yaml after a fresh install
  • system.full-template.yaml includes a list of all available configurations



YAML File Format

The YAML file is constructed with keys and entities, using the following key: [entity] format.

  • Shared configurations specified under the shared section, are used by all micro-services.
  • Micro-service specific configuration are set under each micro-service section and override similar shared configurations for the specific micro-service.
Page contents


Supported Configurations

Where to find system.yaml?

You can configure all your system settings using the system.yaml file located in the $JFROG_HOME/artifactory/var/etc folder.

Shared Configurations

Note: Make sure to edit the below yaml file according to your specific requirements. For example, remove unused database settings.

## JFROG ARTIFACTORY SYSTEM CONFIGURATION FILE
## HOW TO USE: comment-out any field and keep the correct yaml indentation by deleting only the leading '#' character.

configVersion: 1

## NOTE: JFROG_HOME is a place holder for the JFrog root directory containing the deployed product, the home directory for all JFrog products.
## Replace JFROG_HOME with the real path!
## For example, in RPM install, JFROG_HOME=/opt/jfrog

## NOTE: Sensitive information such as passwords and join key are encrypted on first read.
## NOTE: The provided commented key and value is the default.

## SHARED CONFIGURATIONS
## A shared section for keys across all services in this config
shared:
  ## Java 11 distribution to use
  #javaHome: "JFROG_HOME/artifactory/app/third-party/java"

  ## Extra Java options to pass to the JVM. These values add to or override the defaults.
  #extraJavaOpts: "-Xms512m -Xmx2g"

  ## Security Configuration
  security:
    ## Set your own Join key (takes precedence over 'joinKeyFile')
    #joinKey: "<Your joinKey>"

    ## Join key file location
    #joinKeyFile: "<For example: JFROG_HOME/artifactory/var/etc/security/join.key>"

    ## Master key file location
    ## Generated by the product on first startup if not provided
    #masterKeyFile: "<For example: JFROG_HOME/artifactory/var/etc/security/master.key>"

    ## Maximum time to wait for key files (master.key and join.key)
    #bootstrapKeysReadTimeoutSecs: 120

  ## Logging Configuration (for non-java services)
  ## Artifactory/Access logging can be configured in the separate logback.xml file  
  logging:
    consoleLog:
      ## If true, all service console logs will be redirected to a common console.log
      #enabled: true

    ## Log rotation settings
    rotation:
      ## The max file size at which enforce rotation
      #maxSizeMb: 25

      ## The number of backup files to maintain
      #maxFiles: 10

      ## Whether to compress the backup file
      #compress: true

  ## Node Settings
  node:
    ## A unique id to identify this node.
    ## Default: auto generated at startup.
    #id: "art1"

    ## Default: auto resolved by startup script
    #ip:

    ## Sets this node as primary in HA installation
    #primary: true

    ## Sets this node as part of HA installation
    #haEnabled: true

  ## Database Configuration
  database:
    ## One of: mysql, oracle, mssql, postgresql, mariadb
    ## Default: Embedded derby

    ## Example for postgresql
    #type: postgresql
    #driver: org.postgresql.Driver
    #url: jdbc:postgresql://<your db url, for example: localhost:5432>/artifactory
    #username: artifactory
    #password: password

    ## Example for mysql
    #type: mysql
    #driver: com.mysql.jdbc.Driver
    #url: jdbc:mysql://<your db url, for example: localhost:3306>/artdb?characterEncoding=UTF-8&elideSetAutoCommits=true&useSSL=false
    #username: artifactory
    #password: password

    ## Example for oracle
    #type: oracle
    #driver: oracle.jdbc.OracleDriver
    #url: jdbc:oracle:thin:@<your db server url, for example: localhost:1521>:ORCL
    #username: artifactory
    #password: password

    ## Example for mssql
    #type: mssql
    #driver: com.microsoft.sqlserver.jdbc.SQLServerDriver
    #url: jdbc:sqlserver://<your db server url, for example: localhost:1433>;databaseName=artifactory;sendStringParametersAsUnicode=false;applicationName=Artifactory Binary Repository
    #username: artifactory
    #password: password

    ## Example for mariadb
    #type: mariadb
    #driver: org.mariadb.jdbc.Driver
    #url: jdbc:mariadb://<your db server url, for example: localhost:3306>/artdb?characterEncoding=UTF-8&elideSetAutoCommits=true&useSSL=false
    #username: artifactory
    #password: password

  ## Script Configuration
  ## Parameters for the application startup scripts
  script:
    ## The max time to wait for Tomcat to come up (START_TMO)
    #serviceStartTimeout: 60

  ## Add any custom environment variables to be passed to all the services
  ## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
  env:
    #EXAMPLE_VAR: example-value
    #LD_LIBRARY_PATH: /usr/lib64


Artifactory Operational Microservices

## ARTIFACTORY TEMPLATE
artifactory:
  #port: 8081

  ## Database settings for overriding shared.database and adding connection pool parameters
  ## Same format as under shared.database
  database:
    ## Max connections to the database the main connection pool can consume
    #maxOpenConnections: 100
    # Max connection to keep idle
    #maxIdleConnections: 10
    # Connection pool manager. Either tomcat-jdbc or hikari
    #poolType: "tomcat-jdbc"

  ## Artifactory Tomcat connector customization on the Artifactory port
  tomcat:
    ## Artifactory connector settings
    connector:
      #maxThreads: 200
      ## Extra configuration to add to the Artifactory connector
      #extraConfig: "acceptCount='30' compression='off' connectionLinger='-1' connectionTimeout='1500000' acceptorThreadCount='2'"
    maintenanceConnector:
      ## This port is dedicated for the maintenance requests
      ## Currently, it is going to be used by Router to issue a health check requests
      #port: 8091

      #maxThreads: 5
      #acceptCount: 5

      ## An extra configuration to add to the maintenance connector
      #extraConfig: ""

    ## Set up an HTTPS connector for artifactory. This opens a port 
    ## in addition to the default HTTP connector. All relevant 
    ## properties configured for the HTTP connector are applied also
    ## for this connector (e.g. "maxThreads")
    httpsConnector:
      ## Enable connector with SSL/TLS
      #enabled: false

      ## Port to use for the HTTPS connector
      #port: 8443

      ## Certificate file to use
      #certificateFile: "$JFROG_HOME/artifactory/var/etc/artifactory/security/ssl/server.crt"

      ## Certificate key file to use.
      #certificateKeyFile: "$JFROG_HOME/artifactory/var/etc/artifactory/security/ssl/server.key"
   
      ## Extra configuration for the HTTPS connector.
      ## Example: 
      ## extraConfig: "SSLProtocol='TLSv1+TLSv1.1+TLSv1.2'"
      #extraConfig: ""



  ## Add any custom environment variables to be passed to this service
  ## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
  env:
    #EXAMPLE_VAR: example-value
    #LD_LIBRARY_PATH: /usr/lib64


## ACCESS TEMPLATE
access:
  ## http port
  http:
    #port: 8040

  ## grpc port
  grpc:
    #port: 8045

  ## Database settings for overriding shared.database
  ## Same format as under shared.database. Default embedded database is derby
  database:
    #username: "username"
    #password: "password"
    #type: "derby"
    #url: "jdbc:derby:<DERBY_DB_HOME_PLACE_HOLDER>;create=true"
    #driver: "org.apache.derby.jdbc.EmbeddedDriver"
    #maxOpenConnections: 100
    # Max connection to keep idle
    #maxIdleConnections: 10
    # Connection pool manager. Either tomcat-jdbc or hikari
    #poolType: "tomcat-jdbc"

  ## Tomcat connector customization on the Access port
  tomcat:
    ## Access connector settings
    connector:
      #maxThreads: 50

      ## Extra configuration to add to the Access connector
      #extraConfig: ""

  ## Add any custom environment variables to be passed to this service
  ## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
  env:
    #EXAMPLE_VAR: example-value
    #LD_LIBRARY_PATH: /usr/lib64


## FRONTEND TEMPLATE
frontend:
  #port: 8070

  ## Session settings
  session:
    ## After how much time the frontend token need to be refreshed
    #timeMinutes: '30'

  ## Logging settings
  logging:
    application:
      ## The log level: error, warning, info, debug, trace
      #level: info

      ## Log rotation settings
      rotation:
        #maxSizeMb: 10
        #maxFiles: 10

    request:
      ## Log rotation settings
      rotation:
        #maxSizeMb: 10
        #maxFiles: 10

  ## Add any custom environment variables to be passed to this service
  ## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
  env:
    #EXAMPLE_VAR: example-value
    #LD_LIBRARY_PATH: /usr/lib64


## METADATA TEMPLATE
metadata:
  #port: 8086

  ## Database settings for overriding shared.database
  ## Same format as under shared.database. Default embedded database is sqlite
  database:
    ## Max connections to the database the main connection pool can consume
    #maxOpenConnections: 50

  ## Logging Settings
  logging:
    application:
      ## The log level: error, warning, info, debug
      #level: info

      ## If console value is true, application logs will also be written to standard out
      #console: true

      ## Specific internal packages to set with a different log level
      packages:
        #- name: common
        #  level: debug
        #- name: daos
        #  level: warning

      ## Log rotation settings
      rotation:
        ## Maximum duration in days to retain old log files
        #maxAgeDays: 365

        ## Maximum number of old log files to retain. Will be overridden by maxAgeDays
        #maxFiles: 100

        ## Maximum size in megabytes of the log file before it will get rotated
        #maxSizeMb: 25

        ## If compress is true, gzip compression will be applied while rotating log files
        #compress: true

    request:
      ## If requestConsole value is true, request logs will also be written to standard out
      #console: false

      ## Log rotation settings
      rotation:
        ## Maximum duration in days to retain old log files
        #maxAgeDays: 365

        ## Maximum number of old log files to retain. Will be overridden by maxAgeDays
        #maxFiles: 100

        ## Maximum size in megabytes of the log file before it will get rotated
        #maxSizeMb: 25

        ## If compress is true, gzip compression will be applied while rotating log files
        #compress: true

  ## Profiling Related Settings
  profiling:
    ## Enable profiling endpoints for metadata
    #enabled: true

  ## Add any custom environment variables to be passed to this service
  ## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
  env:
    #EXAMPLE_VAR: example-value
    #LD_LIBRARY_PATH: /usr/lib64
  tokenCache:
    #timeout: 115s


## ROUTER TEMPLATE
router:
  ## Profiling Related Settings
  profiling:
    ## Enable profiling endpoints
    #enabled: true

  ## Corporate Proxy Related Settings
  proxy:
    ## Proxy url for all outgoing http requests
    #httpUrl: ""

    ## Proxy url for all outgoing https requests
    #httpsUrl: ""

    ## List of target hosts to communicate with directly, bypassing the proxy.
    ## "localhost" will always be added to this list automatically.
    #ignoredHosts:
    #- "ignore.me.com"
    #- "ignore.me2.com"

  ## Router Entry Points
  entrypoints:
    ## The internal port, used by local services to communicate with the router and any other service (local and external)
    #internalPort: 8046

    ## The external port, registered in the service registry, used by external services to communicate with services in this node
    #externalPort: 8082

    ## An internal port used for internal Traefik (and Router) REST API
    #traefikApiPort: 8049

    ## An internal port used for Router's gRPC API
    #grpcPort: 8047

  ## Service Registry (Access) Communication Settings
  serviceRegistry:
    ## Service registry (Access) TLS verification skipped if enabled
    #insecure: false

    ## Service registry (Access) request timeout
    #requestTimeout: 15s

    ## Skip the connectivity test step of the Service registry join flow
    ## This may be required for restrictive network setups, where insecure communication is not allowed
    #skipJoinConnectivityTest: false

  ## Topology Settings
  topology:
    ## Local topology settings
    local:
      ## Settings for checking the health of the local services
      healthCheck:
        ## Duration between health checks
        #interval: 5s

        ## Health check request timeout
        #requestTimeout: 5s

        ## The number of consecutive successful health checks that must occur before declaring an instance healthy
        #healthyThreshold: 2

        ## The number of consecutive failed health checks that must occur before declaring an instance unhealthy
        #unhealthyThreshold: 2

    ## External topology settings
    external:
      ## Settings for refreshing the router with external topology from the service registry
      refresh:
        ## Refresh interval
        #interval: 3s

        ## The maximum duration a service can be considered as healthy since its last heartbeat
        #maxStaleHeartbeat: 30s

  ## Support Bundle Aggregation Settings
  supportBundle:
    ## The maximum duration support bundle aggregation is allowed before it is automatically cancelled
    #aggregationTimeout: 1h

  ## Logging Settings
  logging:
    ## Router log settings
    application:
      ## The log level: error, warning, info, debug, trace
      ## This value is configurable during runtime
      #level: "info"

      ## The log format: jftext, json
      #format: "jftext"

      ## Whether to include the caller information (runtime frame)
      #caller: false

      ## Whether to print the log also to stdout
      #console: true

      ## Log rotation settings
      rotation:
        #compress: true
        #maxSizeMb: 25
        #maxAgeDays: 0
        #maxFiles: 10

    ## Traefik log settings
    traefik:
      ## The log level: error, warning, info, debug, trace
      #level: "info"

      ## The log format: jftext, json
      #format: "jftext"

      ## Whether to include the caller information (runtime frame)
      #caller: false

      ## Whether to print the log also to stdout
      #console: true

      ## Log rotation settings
      rotation:
        #compress: true
        #maxSizeMb: 25
        #maxAgeDays: 0
        #maxFiles: 10

    ## Request log settings
    request:
      ## If true, request log will contain additional information
      ## This may result in a slight performance overhead
      #verbose: false

      ## Log rotation settings
      rotation:
        #compress: true
        #maxSizeMb: 100
        #maxAgeDays: 0
        #maxFiles: 10

  ## Add any custom environment variables to be passed to this service
  ## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
  env:
    #EXAMPLE_VAR: example-value
    #LD_LIBRARY_PATH: /usr/lib64


## REPLICATOR TEMPLATE
replicator:
  ## Set to true if using an Enterprise Plus license
  #enabled: false
  #port: 8048

  ## Logging settings
  logging:
    application:
      #level: info

  ## TLS settings
  tls:
    ## If true will allow self signed certificates for tls
    #skipVerifyCertificate: false

  profiling:
    #port: 8041
    #enabled: true
    #allowedHost: "localhost"

  txDir:
    ## clean up old parts which have not been fully replicated in this time, default 1 month
    #cleanUpAgeSecs: 2592000

    ## intervals to check for old parts which haven't been replicated
    #cleanUpIntervalSecs: 3600

  ## Add any custom environment variables to be passed to this service
  ## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
  env:
    #EXAMPLE_VAR: example-value
    #LD_LIBRARY_PATH: /usr/lib64
Copyright © 2020 JFrog Ltd.