Supported Configurations
Where to find system.yaml?
You can configure all your system settings using the system.yaml file located in the $JFROG_HOME/artifactory/var/etc folder.
Shared Configurations
Note: Make sure to edit the below yaml file according to your specific requirements. For example, remove unused database settings.
## JFROG ARTIFACTORY SYSTEM CONFIGURATION FILE
## HOW TO USE: comment-out any field and keep the correct yaml indentation by deleting only the leading '#' character.
configVersion: 1
## NOTE: JFROG_HOME is a place holder for the JFrog root directory containing the deployed product, the home directory for all JFrog products.
## Replace JFROG_HOME with the real path!
## For example, in RPM install, JFROG_HOME=/opt/jfrog
## NOTE: Sensitive information such as passwords and join key are encrypted on first read.
## NOTE: The provided commented key and value is the default.
## SHARED CONFIGURATIONS
## A shared section for keys across all services in this config
shared:
## Java 11 distribution to use
#javaHome: "JFROG_HOME/artifactory/app/third-party/java"
## Extra Java options to pass to the JVM. These values add to or override the defaults.
#extraJavaOpts: "-Xms512m -Xmx2g"
## Security Configuration
security:
## Set your own Join key (takes precedence over 'joinKeyFile')
#joinKey: "<Your joinKey>"
## Join key file location
#joinKeyFile: "<For example: JFROG_HOME/artifactory/var/etc/security/join.key>"
## Master key file location
## Generated by the product on first startup if not provided
#masterKeyFile: "<For example: JFROG_HOME/artifactory/var/etc/security/master.key>"
## Maximum time to wait for key files (master.key and join.key)
#bootstrapKeysReadTimeoutSecs: 120
## Logging Configuration (for non-java services)
## Artifactory/Access logging can be configured in the separate logback.xml file
logging:
consoleLog:
## If true, all service console logs will be redirected to a common console.log
#enabled: true
## Log rotation settings
rotation:
## The max file size at which enforce rotation
#maxSizeMb: 25
## The number of backup files to maintain
#maxFiles: 10
## Whether to compress the backup file
#compress: true
## Node Settings
node:
## A unique id to identify this node.
## Default: auto generated at startup.
#id: "art1"
## Default: auto resolved by startup script
#ip:
## Sets this node as primary in HA installation
#primary: true
## Sets this node as part of HA installation
#haEnabled: true
## Database Configuration
database:
## One of: mysql, oracle, mssql, postgresql, mariadb
## Default: Embedded derby
## Example for postgresql
#type: postgresql
#driver: org.postgresql.Driver
#url: jdbc:postgresql://<your db url, for example: localhost:5432>/artifactory
#username: artifactory
#password: password
## Example for mysql
#type: mysql
#driver: com.mysql.jdbc.Driver
#url: jdbc:mysql://<your db url, for example: localhost:3306>/artdb?characterEncoding=UTF-8&elideSetAutoCommits=true&useSSL=false
#username: artifactory
#password: password
## Example for oracle
#type: oracle
#driver: oracle.jdbc.OracleDriver
#url: jdbc:oracle:thin:@<your db server url, for example: localhost:1521>:ORCL
#username: artifactory
#password: password
## Example for mssql
#type: mssql
#driver: com.microsoft.sqlserver.jdbc.SQLServerDriver
#url: jdbc:sqlserver://<your db server url, for example: localhost:1433>;databaseName=artifactory;sendStringParametersAsUnicode=false;applicationName=Artifactory Binary Repository
#username: artifactory
#password: password
## Example for mariadb
#type: mariadb
#driver: org.mariadb.jdbc.Driver
#url: jdbc:mariadb://<your db server url, for example: localhost:3306>/artdb?characterEncoding=UTF-8&elideSetAutoCommits=true&useSSL=false
#username: artifactory
#password: password
## Script Configuration
## Parameters for the application startup scripts
script:
## The max time to wait for Tomcat to come up (START_TMO)
#serviceStartTimeout: 60
## Add any custom environment variables to be passed to all the services
## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
env:
#EXAMPLE_VAR: example-value
#LD_LIBRARY_PATH: /usr/lib64
Artifactory Operational Microservices
## ARTIFACTORY TEMPLATE
artifactory:
#port: 8081
## Database settings for overriding shared.database and adding connection pool parameters
## Same format as under shared.database
database:
## Max connections to the database the main connection pool can consume
#maxOpenConnections: 100
# Max connection to keep idle
#maxIdleConnections: 10
# Connection pool manager. Either tomcat-jdbc or hikari
#poolType: "tomcat-jdbc"
## Artifactory Tomcat connector customization on the Artifactory port
tomcat:
## Artifactory connector settings
connector:
#maxThreads: 200
## Extra configuration to add to the Artifactory connector
#extraConfig: "acceptCount='30' compression='off' connectionLinger='-1' connectionTimeout='1500000' acceptorThreadCount='2'"
maintenanceConnector:
## This port is dedicated for the maintenance requests
## Currently, it is going to be used by Router to issue a health check requests
#port: 8091
#maxThreads: 5
#acceptCount: 5
## An extra configuration to add to the maintenance connector
#extraConfig: ""
## Set up an HTTPS connector for artifactory. This opens a port
## in addition to the default HTTP connector. All relevant
## properties configured for the HTTP connector are applied also
## for this connector (e.g. "maxThreads")
httpsConnector:
## Enable connector with SSL/TLS
#enabled: false
## Port to use for the HTTPS connector
#port: 8443
## Certificate file to use
#certificateFile: "$JFROG_HOME/artifactory/var/etc/artifactory/security/ssl/server.crt"
## Certificate key file to use.
#certificateKeyFile: "$JFROG_HOME/artifactory/var/etc/artifactory/security/ssl/server.key"
## Extra configuration for the HTTPS connector.
## Example:
## extraConfig: "SSLProtocol='TLSv1+TLSv1.1+TLSv1.2'"
#extraConfig: ""
## Add any custom environment variables to be passed to this service
## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
env:
#EXAMPLE_VAR: example-value
#LD_LIBRARY_PATH: /usr/lib64
## ACCESS TEMPLATE
access:
## http port
http:
#port: 8040
## grpc port
grpc:
#port: 8045
## Database settings for overriding shared.database
## Same format as under shared.database. Default embedded database is derby
database:
#username: "username"
#password: "password"
#type: "derby"
#url: "jdbc:derby:<DERBY_DB_HOME_PLACE_HOLDER>;create=true"
#driver: "org.apache.derby.jdbc.EmbeddedDriver"
#maxOpenConnections: 100
# Max connection to keep idle
#maxIdleConnections: 10
# Connection pool manager. Either tomcat-jdbc or hikari
#poolType: "tomcat-jdbc"
## Tomcat connector customization on the Access port
tomcat:
## Access connector settings
connector:
#maxThreads: 50
## Extra configuration to add to the Access connector
#extraConfig: ""
## Add any custom environment variables to be passed to this service
## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
env:
#EXAMPLE_VAR: example-value
#LD_LIBRARY_PATH: /usr/lib64
## EVENT TEMPLATE
event:
## Service http port
#port: 8061
## Service grpc port
#grpcPort: 8062
## Access token cache setting
tokenCache:
## Duration for keeping the access token validation result in memory cache
#timeout: "1m"
## Artifactory client settings
artifactoryClient:
## HTTP request settings
request:
## Http timeout in seconds
#timeout: 5
## Artifactory proxy cache setting
proxyCache:
## Time between two proxies gatherings
#interval: 5m
## Profiling Related Settings
profiling:
## Enable profiling endpoint for event service
#enabled: false
metrics:
## If true, enable metrics gathering in this service
#enabled: false
#interval: "10s"
## Excluded providers from metrics
#exclude:
## Logging settings
logging:
application:
## Log file name
#filePath: "event-service.log"
## If true, app logs will also be written to standard out
#console: true
## The log level: error, warn, info, debug, trace
## This value is configurable during runtime
#level: "info"
## The log format: jftext, json
#format: "jftext"
## Whether to include the caller information (runtime frame)
#caller: false
## Log rotation setting
rotation:
#compress: true
#maxSizeMb: 25
#maxAgeDays: 365
#maxFiles: 10
## Web server request log settings
request:
#filePath: "event-request.log"
## If true, request logs will also be written to standard out
#console: false
## Log rotation setting
rotation:
#compress: true
#maxSizeMb: 25
#maxAgeDays: 365
#maxFiles: 10
## Metrics log settings
metrics:
#filePath: "event-metrics.log"
#console: false
## Log rotation setting
rotation:
#compress: true
#maxSizeMb: 25
#maxAgeDays: 365
#maxFiles: 10
## Rate limite settings
rateLimit:
## Mean number of events per second that can be sent to webhook targets.
#frequency: 1000.0
## Maximum number of events that can be sent as fast as possible. Once this threshold is reached, new events are sent at the exact defined frequency.
#burstSize: 10000
## Maximum number of events that can be sent concurrently. When this threshold is reached, new events that are received are rejected.
#maxConcurrentHandlers: 50000
## WebHook handler settings
webhooks:
## timeout specifies a time limit for requests.
## The timeout includes connection time, any redirects, and reading the response body.
## The timer remains running after request return and will interrupt reading of the response body.
## A timeout of zero means no timeout.
#timeout: 30
## Controls the maximum number of idle (keep-alive) connections across all hosts.
## Zero means no limit
#maxIdleConnections: 100
## If non-zero, controls the maximum idle (keep-alive) connections to keep per-host.
## 0 means system default (2).
#maxIdleConnectionsPerHost: 100
## Controls whether a client verifies the server's certificate chain and host name.
## If true, TLS accepts any certificate presented by the server and any host name
## in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks.
## This should be used only for testing.
#tlsInsecure: false
## Number of retry that will be done when event service is unable to send the request or when it receives an error
## (>= 500) from the server. The first try count as one
#retryCount: 5
## Time in second event service will wait between 2 retries
#retryWait: 10
## FRONTEND TEMPLATE
frontend:
#port: 8070
## Session settings
session:
## After how much time the frontend token need to be refreshed
#timeMinutes: '30'
## Logging settings
logging:
application:
## The log level: error, warning, info, debug, trace
#level: info
## Log rotation settings
rotation:
#maxSizeMb: 10
#maxFiles: 10
request:
## Log rotation settings
rotation:
#maxSizeMb: 10
#maxFiles: 10
## Add any custom environment variables to be passed to this service
## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
env:
#EXAMPLE_VAR: example-value
#LD_LIBRARY_PATH: /usr/lib64
startup:
# Pinging artifactory on startup settings
ping:
#intervalMS : 1000
#retries : 180
## METADATA TEMPLATE
metadata:
#port: 8086
## Database settings for overriding shared.database
## Same format as under shared.database. Default embedded database is sqlite
database:
## Max connections to the database the main connection pool can consume
#maxOpenConnections: 50
## Logging Settings
logging:
application:
## The log level: error, warn, info, debug
#level: info
## If console value is true, application logs will also be written to standard out
#console: true
## Specific internal packages to set with a different log level
packages:
#- name: common
# level: debug
#- name: daos
# level: warn
## Log rotation settings
rotation:
## Maximum duration in days to retain old log files
#maxAgeDays: 365
## Maximum number of old log files to retain. Will be overridden by maxAgeDays
#maxFiles: 100
## Maximum size in megabytes of the log file before it will get rotated
#maxSizeMb: 25
## If compress is true, gzip compression will be applied while rotating log files
#compress: true
request:
## If requestConsole value is true, request logs will also be written to standard out
#console: false
## Log rotation settings
rotation:
## Maximum duration in days to retain old log files
#maxAgeDays: 365
## Maximum number of old log files to retain. Will be overridden by maxAgeDays
#maxFiles: 100
## Maximum size in megabytes of the log file before it will get rotated
#maxSizeMb: 25
## If compress is true, gzip compression will be applied while rotating log files
#compress: true
## Profiling Related Settings
profiling:
## Enable profiling endpoints for metadata
#enabled: true
## Add any custom environment variables to be passed to this service
## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
env:
#EXAMPLE_VAR: example-value
#LD_LIBRARY_PATH: /usr/lib64
tokenCache:
#timeout: 115s
## ROUTER TEMPLATE
router:
## Profiling Related Settings
profiling:
## Enable profiling endpoints
#enabled: true
## Corporate Proxy Related Settings
proxy:
## Proxy url for all outgoing http requests
#httpUrl: ""
## Proxy url for all outgoing https requests
#httpsUrl: ""
## List of target hosts to communicate with directly, bypassing the proxy.
## "localhost" will always be added to this list automatically.
#ignoredHosts:
#- "ignore.me.com"
#- "ignore.me2.com"
## Router Entry Points
entrypoints:
## The internal port, used by local services to communicate with the router and any other service (local and external)
#internalPort: 8046
## The external port, registered in the service registry, used by external services to communicate with services in this node
#externalPort: 8082
## An internal port used for internal Traefik (and Router) REST API
#traefikApiPort: 8049
## An internal port used for Router's gRPC API
#grpcPort: 8047
## Service Registry (Access) Communication Settings
serviceRegistry:
## Service registry (Access) TLS verification skipped if enabled
#insecure: false
## Service registry (Access) request timeout
#requestTimeout: 15s
## Skip the connectivity test step of the Service registry join flow
## This may be required for restrictive network setups, where insecure communication is not allowed
#skipJoinConnectivityTest: false
## Topology Settings
topology:
## Local topology settings
local:
## Settings for checking the health of the local services
healthCheck:
## Duration between health checks
#interval: 5s
## Health check request timeout
#requestTimeout: 5s
## The number of consecutive successful health checks that must occur before declaring an instance healthy
#healthyThreshold: 2
## The number of consecutive failed health checks that must occur before declaring an instance unhealthy
#unhealthyThreshold: 2
## External topology settings
external:
## Settings for refreshing the router with external topology from the service registry
refresh:
## Refresh interval
#interval: 3s
## The maximum duration a service can be considered as healthy since its last heartbeat
#maxStaleHeartbeat: 30s
## Support Bundle Aggregation Settings
supportBundle:
## The maximum duration support bundle aggregation is allowed before it is automatically cancelled
#aggregationTimeout: 1h
## Logging Settings
logging:
## Router log settings
application:
## The log level: error, warning, info, debug, trace
## This value is configurable during runtime
#level: "info"
## The log format: jftext, json
#format: "jftext"
## Whether to include the caller information (runtime frame)
#caller: false
## Whether to print the log also to stdout
#console: true
## Log rotation settings
rotation:
#compress: true
#maxSizeMb: 25
#maxAgeDays: 0
#maxFiles: 10
## Traefik log settings
traefik:
## The log level: error, warning, info, debug, trace
#level: "info"
## The log format: jftext, json
#format: "jftext"
## Whether to include the caller information (runtime frame)
#caller: false
## Whether to print the log also to stdout
#console: true
## Log rotation settings
rotation:
#compress: true
#maxSizeMb: 25
#maxAgeDays: 0
#maxFiles: 10
## Request log settings
request:
## If true, request log will contain additional information
## This may result in a slight performance overhead
#verbose: false
## Log rotation settings
rotation:
#compress: true
#maxSizeMb: 100
#maxAgeDays: 0
#maxFiles: 10
## Add any custom environment variables to be passed to this service
## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
env:
#EXAMPLE_VAR: example-value
#LD_LIBRARY_PATH: /usr/lib64
## REPLICATOR TEMPLATE
replicator:
## Set to true if using an Enterprise Plus license
#enabled: false
#port: 8048
## Logging settings
logging:
application:
#level: info
## TLS settings
tls:
## If true will allow self signed certificates for tls
#skipVerifyCertificate: false
profiling:
#port: 8041
#enabled: true
#allowedHost: "localhost"
txDir:
## clean up old parts which have not been fully replicated in this time, default 1 month
#cleanUpAgeSecs: 2592000
## intervals to check for old parts which haven't been replicated
#cleanUpIntervalSecs: 3600
## Add any custom environment variables to be passed to this service
## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
env:
#EXAMPLE_VAR: example-value
#LD_LIBRARY_PATH: /usr/lib64