Supported Configurations
Where to find system.yaml?
You can configure all your system settings using the system.yaml file located in the $JFROG_HOME/artifactory/var/etc folder.
Edit the yaml file below according to your specific requirements. For example, remove unused database settings.
Artifactory System YAML
## @formatter:off
## JFROG ARTIFACTORY SYSTEM CONFIGURATION FILE
## HOW TO USE: comment-out any field and keep the correct yaml indentation by deleting only the leading '#' character.
configVersion: 1
## NOTE: JFROG_HOME is a place holder for the JFrog root directory containing the deployed product, the home directory for all JFrog products.
## Replace JFROG_HOME with the real path!
## For example, in RPM install, JFROG_HOME=/opt/jfrog
## NOTE: Sensitive information such as passwords and join key are encrypted on first read.
## NOTE: The provided commented key and value is the default.
## SHARED CONFIGURATIONS
## A shared section for keys across all services in this config
shared:
## Java 11 distribution to use
#javaHome: "JFROG_HOME/artifactory/app/third-party/java"
## Extra Java options to pass to the JVM. These values add to or override the defaults.
#extraJavaOpts: "-Xms512m -Xmx2g"
## Security Configuration
security:
## Join key value for joining the cluster (takes precedence over 'joinKeyFile')
#joinKey: "<Your joinKey>"
## Join key file location
#joinKeyFile: "<For example: JFROG_HOME/artifactory/var/etc/security/join.key>"
## Master key file location
## Generated by the product on first startup if not provided
#masterKeyFile: "<For example: JFROG_HOME/artifactory/var/etc/security/master.key>"
## Maximum time to wait for key files (master.key and join.key)
#bootstrapKeysReadTimeoutSecs: 120
## Logging Configuration
logging:
consoleLog:
## If true, all service console logs will be redirected to a common console.log
#enabled: true
## Log rotation settings
rotation:
## The max file size at which enforce rotation
#maxSizeMb: 25
## The number of backup files to maintain
#maxFiles: 10
## Whether to compress the backup file
#compress: true
## Node Settings
node:
## A unique id to identify this node.
## Default: auto generated at startup.
#id: "art1"
## Default: auto resolved by startup script
#ip:
## Default: auto resolved by startup script
#name: ""
## Sets this node as part of HA installation
#haEnabled: true
## One of:
## 'any' - allow running any kind of background job on this node such as the Artifactory Garbage Collector,
## Scheduled Replication, Backup, etc.
## 'none' - no background jobs are allowed to run on this node (except for a select group of system jobs)
## This attribute and the 'primary' attribute are mutually exclusive. When both are set, only the Primary node can
## execute jobs in the cluster.
## Default: any
#taskAffinity: any
## Deprecated: sets this node as primary in HA installation. This attribute and taskAffinity are mutually exclusive
#primary: true
## Database Configuration
database:
## One of: mysql, oracle, mssql, postgresql, mariadb
#Default: Embedded derby
## Example for postgresql
#type: postgresql
#driver: org.postgresql.Driver
#url: "jdbc:postgresql://<your db url, for example: localhost:5432>/artifactory"
#username: artifactory
#password: password
## Example for mysql
#type: mysql
#driver: com.mysql.jdbc.Driver
#url: "jdbc:mysql://<your db url, for example: localhost:3306>/artdb?characterEncoding=UTF-8&elideSetAutoCommits=true&useSSL=false"
#username: artifactory
#password: password
## Example for oracle
#type: oracle
#driver: oracle.jdbc.OracleDriver
#url: "jdbc:oracle:thin:@<your db server url, for example: localhost:1521>:ORCL"
#username: artifactory
#password: password
## Example for mssql
#type: mssql
#driver: com.microsoft.sqlserver.jdbc.SQLServerDriver
#url: "jdbc:sqlserver://<your db server url, for example: localhost:1433>;databaseName=artifactory;sendStringParametersAsUnicode=false;applicationName=Artifactory Binary Repository"
#username: artifactory
#password: password
## Example for mariadb
#type: mariadb
#driver: org.mariadb.jdbc.Driver
#url: "jdbc:mariadb://<your db server url, for example: localhost:3306>/artdb?characterEncoding=UTF-8&elideSetAutoCommits=true&useSSL=false"
#username: artifactory
#password: password
## Script Configuration
## Parameters for the application startup scripts
script:
## The max time to wait for Tomcat to come up (START_TMO)
#serviceStartTimeout: 60
## Add any custom environment variables to be passed to all the services
## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
env:
#EXAMPLE_VAR: example-value
#LD_LIBRARY_PATH: /usr/lib64
## Run as a given user and group
## Note : This is only considered in linux archive installation which is installed as a service
## Make sure to change ownership of JFROG_HOME/artifactory/app and JFROG_HOME/artifactory/var directory, if this is modified after install
#user: artifactory
#group: artifactory
## Metrics configuration
metrics:
## Settings for pushing metrics to Insight
filebeat:
## If enabled, Filebeat will be started and metrics will be pushed to Elasticsearch
#enabled: false
## Configuration settings for log files of filebeat
log:
#enabled: false
## Log level for filebeat. Possible values: debug, info, warning, or error.
#level: "info"
## Elasticsearch details for filebeat to connect
elasticsearch:
#url: "Elasticsearch url where JFrog Mission Control is installed For example, http://<ip_address>:8082"
#username: ""
#password: ""
## ARTIFACTORY TEMPLATE
artifactory:
#port: 8081
## Database settings for overriding shared.database and adding connection pool parameters
## Same format as under shared.database
database:
## Max connections to the database the main connection pool can consume
#maxOpenConnections: 100
## Max connection to keep idle
#maxIdleConnections: 10
## Min connection to keep idle
#minIdleConnections: 1
## Connection pool manager. Either tomcat-jdbc or hikari
#poolType: "tomcat-jdbc"
## Node NFS storage settings. Used in HA setup only!
node:
## Data directory
#haDataDir:
## Backup directory
#haBackupDir:
## Artifactory Tomcat connector customization on the Artifactory port
tomcat:
## Artifactory connector settings
connector:
#maxThreads: 200
## An extra configuration to add to the Artifactory connector
#extraConfig: ""
maintenanceConnector:
## This port is dedicated for the maintenance requests
## Currently, it is going to be used by Router to issue a health check requests
#port: 8091
#maxThreads: 5
#acceptCount: 5
## An extra configuration to add to the maintenance connector
#extraConfig: ""
## Set up an HTTPS connector for artifactory. This opens a port
## in addition to the default HTTP connector. All relevant
## properties configured for the HTTP connector are applied also
## for this connector (e.g. "maxThreads")
httpsConnector:
## Enable connector with SSL/TLS
#enabled: false
## Port to use for the HTTPS connector
#port: 8443
## Certificate file to use
#certificateFile: "$JFROG_HOME/artifactory/var/etc/artifactory/security/ssl/server.crt"
## Certificate key file to use.
#certificateKeyFile: "$JFROG_HOME/artifactory/var/etc/artifactory/security/ssl/server.key"
## Extra configuration for the HTTPS connector.
## For example extraConfig: "SSLProtocol='TLSv1+TLSv1.1+TLSv1.2'"
#extraConfig: ""
## Add any custom environment variables to be passed to this service
## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
env:
#EXAMPLE_VAR: example-value
#LD_LIBRARY_PATH: /usr/lib64
## Metrics configuration
metrics:
## If enabled is true, metrics will be collected and written to artifactory-metrics or
## artifactory-metrics_events.log files
#enabled: true
## Interval to collect metrics
#interval: 60
## Excluded providers from metrics
#exclude:
## ACCESS TEMPLATE
access:
## http port
http:
#port: 8040
## grpc port
grpc:
#port: 8045
## Database settings for overriding shared.database
## Same format as under shared.database. Default embedded database is derby
database:
#username: "username"
#password: "password"
#type: "derby"
#url: "jdbc:derby:<DERBY_DB_HOME_PLACE_HOLDER>;create=true"
#driver: "org.apache.derby.jdbc.EmbeddedDriver"
#maxOpenConnections: 100
## Max connection to keep idle
#maxIdleConnections: 10
## Min connection to keep idle
#minIdleConnections: 1
## Connection pool manager. Either tomcat-jdbc or hikari
#poolType: "tomcat-jdbc"
## Tomcat connector customization on the Access port
tomcat:
## Access connector settings
connector:
#maxThreads: 50
## Extra configuration to add to the Access connector
#extraConfig: ""
## Add any custom environment variables to be passed to this service
## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
env:
#EXAMPLE_VAR: example-value
#LD_LIBRARY_PATH: /usr/lib64
## Skip creating default admin user on startup
#startUpSkipDefaultAdmin: false
## FRONTEND TEMPLATE
frontend:
#port: 8070
## Session settings
session:
## After how much time the frontend token need to be refreshed
#timeMinutes: '30'
## Logging settings
logging:
application:
## The log level: error, warning, info, debug, trace
#level: info
## Log rotation settings
rotation:
#maxSizeMb: 10
#maxFiles: 10
request:
## Log rotation settings
rotation:
#maxSizeMb: 10
#maxFiles: 10
## Add any custom environment variables to be passed to this service
## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
env:
#EXAMPLE_VAR: example-value
#LD_LIBRARY_PATH: /usr/lib64
featureToggler:
## Enable Projects functionality
commonProjects: true
## METADATA TEMPLATE
metadata:
#port: 8086
## Database settings for overriding shared.database
## Same format as under shared.database. Default embedded database is sqlite
database:
## Max connections to the database the main connection pool can consume
#maxOpenConnections: 100
## Disable applicative prepared statement cache
#disablePreparedStatementCache: false
## Logging Settings
logging:
application:
## The log level: error, warn, info, debug
#level: info
## If console value is true, application logs will also be written to standard out
#console: true
## Specific internal packages to set with a different log level
packages:
common:
#level: debug
daos:
#level: warn
## Log rotation settings
rotation:
## Maximum duration in days to retain old log files
#maxAgeDays: 365
## Maximum number of old log files to retain. Will be overridden by maxAgeDays
#maxFiles: 100
## Maximum size in megabytes of the log file before it will get rotated
#maxSizeMb: 25
## If compress is true, gzip compression will be applied while rotating log files
#compress: true
## If compress is true, the number of archived files to be left uncompressed
#keepLastDecompressed: 1
request:
## If requestConsole value is true, request logs will also be written to standard out
#console: false
## Log rotation settings
rotation:
## Maximum duration in days to retain old log files
#maxAgeDays: 365
## Maximum number of old log files to retain. Will be overridden by maxAgeDays
#maxFiles: 100
## Maximum size in megabytes of the log file before it will get rotated
#maxSizeMb: 25
## If compress is true, gzip compression will be applied while rotating log files
#compress: true
## If compress is true, the number of archived files to be left uncompressed
#keepLastDecompressed: 1
## Profiling Related Settings
profiling:
## Enable profiling endpoints for metadata
#enabled: false
## Add any custom environment variables to be passed to this service
## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
env:
#EXAMPLE_VAR: example-value
#LD_LIBRARY_PATH: /usr/lib64
tokenCache:
#timeout: 115s
## ROUTER TEMPLATE
router:
## Profiling Related Settings
profiling:
## Enable profiling endpoints
#enabled: true
## Corporate Proxy Related Settings
proxy:
## Proxy url for all outgoing http requests
#httpUrl: ""
## Proxy url for all outgoing https requests
#httpsUrl: ""
## List of target hosts to communicate with directly, bypassing the proxy.
## "localhost" will always be added to this list automatically.
#ignoredHosts:
#- "ignore.me.com"
#- "ignore.me2.com"
## Router Entry Points
entrypoints:
## The internal port, used by local services to communicate with the router and any other service (local and external)
#internalPort: 8046
## The external port, registered in the service registry, used by external services to communicate with services in this node
#externalPort: 8082
## An internal port used for internal Traefik (and Router) REST API
#traefikApiPort: 8049
## An internal port used for Router's gRPC API
#grpcPort: 8047
## Service Registry (Access) Communication Settings
serviceRegistry:
## Service registry (Access) TLS verification skipped if enabled
#insecure: false
## Service registry (Access) request timeout
#requestTimeout: 15s
## Skip the connectivity test step of the Service registry join flow
## This may be required for restrictive network setups, where insecure communication is not allowed
#skipJoinConnectivityTest: false
## Topology Settings
topology:
## Local topology settings
local:
## Settings for checking the health of the local services
healthCheck:
## Duration between health checks
#interval: 5s
## Health check request timeout
#requestTimeout: 5s
## The number of consecutive successful health checks that must occur before declaring an instance healthy
#healthyThreshold: 2
## The number of consecutive failed health checks that must occur before declaring an instance unhealthy
#unhealthyThreshold: 2
## External topology settings
external:
## Settings for refreshing the router with external topology from the service registry
refresh:
## Refresh interval
#interval: 3s
## The maximum duration a service can be considered as healthy since its last heartbeat
#maxStaleHeartbeat: 30s
## Support Bundle Aggregation Settings
supportBundle:
## The maximum duration support bundle aggregation is allowed before it is automatically cancelled
#aggregationTimeout: 1h
## Logging Settings
logging:
## Router log settings
application:
## The log level: error, warning, info, debug, trace
## This value is configurable during runtime
#level: "info"
## The log format: jftext, json
#format: "jftext"
## Whether to include the caller information (runtime frame)
#caller: false
## Whether to print the log also to stdout
#console: true
## Log rotation settings
rotation:
#compress: true
#keepLastDecompressed: 1
#maxSizeMb: 25
#maxAgeDays: 0
#maxFiles: 10
## Traefik log settings
traefik:
## The log level: error, warning, info, debug, trace
## This value is configurable during runtime
#level: "info"
## The log format: jftext, json
#format: "jftext"
## Whether to include the caller information (runtime frame)
#caller: false
## Whether to print the log also to stdout
#console: true
## Log rotation settings
rotation:
#compress: true
#keepLastDecompressed: 1
#maxSizeMb: 25
#maxAgeDays: 0
#maxFiles: 10
## Request log settings
request:
## If true, request log will contain additional information
## This may result in a slight performance overhead
## This value is configurable during runtime
#verbose: false
## Log rotation settings
rotation:
#compress: true
#keepLastDecompressed: 1
#maxSizeMb: 100
#maxAgeDays: 0
#maxFiles: 10
## Add any custom environment variables to be passed to this service
## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
env:
#EXAMPLE_VAR: example-value
#LD_LIBRARY_PATH: /usr/lib64
## REPLICATOR TEMPLATE
replicator:
## Set to true if using an Enterprise Plus license
#enabled: false
#port: 8048
## Logging settings
logging:
application:
#level: info
traffic:
#maxFileSizeMb: 25
#maxFiles: 10
## Set rotationIntervalSecs to a positive number to enable rotation by time, as well as by file size (maxFileSizeMb)
#rotationIntervalSecs: 0
#compress: true
## If compress is true, the number of archived files to be left uncompressed
#keepLastDecompressed: 1
## Traffic is aggregated and written to the log every intervalSecs seconds
#intervalSecs: 3
#eventsChannelSize: 1000
## TLS settings
tls:
## If true will allow self signed certificates for tls
#skipVerifyCertificate: false
profiling:
#port: 8041
#enabled: true
#allowedHost: "localhost"
txDir:
## clean up old parts which have not been fully replicated in this time, default 1 month
#cleanUpAgeSecs: 2592000
## intervals to check for old parts which haven't been replicated
#cleanUpIntervalSecs: 3600
## Add any custom environment variables to be passed to this service
## Environment variables starting with JF_ are not allowed, will be ignored with a warning if it is added
env:
#EXAMPLE_VAR: example-value
#LD_LIBRARY_PATH: /usr/lib64
### EVENT TEMPLATE
event:
## Service http port
#port: 8061
## Service grpc port
#grpcPort: 8062
## Access token cache setting
tokenCache:
## Duration for keeping the access token validation result in memory cache
#timeout: "1m"
## Artifactory client settings
artifactoryClient:
## HTTP request settings
request:
## Http timeout in seconds
#timeout: 5
## Access client settings
accessClient:
## Ping access timeout duration
#pingTimeout: 2m
## Join access timeout duration
#joinTimeout: 3m
## Support Bundle settings
supportBundle:
## Timeout for gathering support bundle for the event service
#aggregationTimeout: 1h
## Artifactory proxy cache setting
proxyCache:
## Time between two proxies gatherings
#interval: 5m
## Artifactory base URL cache setting
baseUrlCache:
## Time between two base URL gatherings
#interval: 5m
## Domain cache setting
domainCache:
## Time between two domain gatherings
#interval: 5m
## Profiling Related Settings
profiling:
## Enable profiling endpoint for event service
#enabled: false
metrics:
## If true, enable metrics gathering in this service
#enabled: false
#interval: "10s"
## Excluded providers from metrics
#exclude:
## Logging settings
logging:
application:
## Log file name
#filePath: "event-service.log"
## If true, app logs will also be written to standard out
#console: true
## The log level: error, warn, info, debug, trace
## This value is configurable during runtime
#level: "info"
## The log format: jftext, json
#format: "jftext"
## Whether to include the caller information (runtime frame)
#caller: false
## Package-specific logging
#packages:
#events:
#level: "info"
#authorization:
#level: warn
## Log rotation setting
rotation:
#compress: true
#keepLastDecompressed: 1
#maxSizeMb: 25
#maxAgeDays: 365
#maxFiles: 10
## Web server request log settings
request:
#filePath: "event-request.log"
## If true, request logs will also be written to standard out
#console: false
## Log rotation setting
rotation:
#compress: true
#keepLastDecompressed: 1
#maxSizeMb: 25
#maxAgeDays: 365
#maxFiles: 10
## Metrics log settings
metrics:
#filePath: "event-metrics.log"
#console: false
## Log rotation setting
rotation:
#compress: true
#keepLastDecompressed: 1
#maxSizeMb: 25
#maxAgeDays: 365
#maxFiles: 10
## Rate limite settings
rateLimit:
## Mean number of events per second that can be sent to webhook targets.
#frequency: 1000.0
## Maximum number of events that can be sent as fast as possible. Once this threshold is reached, new events are sent at the exact defined frequency.
#burstSize: 10000
## Maximum number of events that can be sent concurrently. When this threshold is reached, new events that are received are rejected.
#maxConcurrentHandlers: 50000
## WebHook handler settings
webhooks:
## timeout specifies a time limit for requests.
## The timeout includes connection time, any redirects, and reading the response body.
## The timer remains running after request return and will interrupt reading of the response body.
## A timeout of zero means no timeout.
#timeout: 30s
## Controls the maximum number of idle (keep-alive) connections across all hosts.
## Zero means no limit
#maxIdleConnections: 100
## If non-zero, controls the maximum idle (keep-alive) connections to keep per-host.
## 0 means system default (2).
#maxIdleConnectionsPerHost: 100
## Controls whether a client verifies the server's certificate chain and host name.
## If true, TLS accepts any certificate presented by the server and any host name
## in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks.
## This should be used only for testing.
#tlsInsecure: false
## Number of retry that will be done when event service is unable to send the request or when it receives an error
## (>= 500) from the server. The first try count as one
#retryCount: 5
## Time in second event service will wait between 2 retries
#retryWait: 10s
## when true private networks (loopback, RFC1918, RFC3927, and IPV6 unique local addresses) will not be allowed as
## webhook targets
#urlStrictPolicy: true