Cloud customer?
Start for Free >
Upgrade in MyJFrog >
What's New in Cloud >






Skip to end of metadata
Go to start of metadata

In corporate environments it is often required to go through a proxy server to access remote resources.

JPD supports several types of network proxy including NTLMv2 (if running on Linux you may use NTLMv2 only with CNTLM).

Page Contents

Defining Proxies

To create a new proxy definition, access the Administration module go to Proxies | Configuration | Proxy Configuration and click New.
Fields that are not required by the proxy may be left blank (for example, if you are not using authentication credentials or with an NTLM proxy you may leave the Username and Password fields blank).

Proxy Key
The unique ID of the proxy.
Default proxy

The service(s) to define the proxy for.

Host
The name of the proxy host.
Port
The proxy port number.
Username
The proxy username when authentication credentials are required.
Password
The proxy password when authentication credentials are required.
NT Host
The computer name of the machine (the machine connecting to the NTLM proxy).
NT Domain
The proxy domain/realm name.
Redirecting Proxy target Hosts

An optional list of newline or comma separated host names to which this proxy may redirect requests.
The credentials defined for the proxy are reused by requests redirected to all of these hosts.

Using proxies

Artifactory only accesses a remote repository through a proxy if one is selected in the Network section of the Advanced settings for a remote repository.

Whether this has been set manually, or by setting a Default Proxy as a Platform Default or for Artifactory, you can override this by removing the Proxy setting for any specific repository.
In this case, Artifactory will access the specific repository without going through a proxy.

Configuring an NTLM Proxy

NTLM Authorization Proxy Server (APS) is a proxy software that allows you to authenticate via a Microsoft Proxy Server using the proprietary NTLM protocol. 

NTLM is supported by running an ad-hoc CNTLM container like https://hub.docker.com/r/robertdebock/docker-cntlm/

Configure an NTLM Proxy

  1. Run the container to hash the NTML credentials.

    docker run robertdebock/docker-cntlm /bin/sh -c "echo Password <PASSWORD> > /etc/cntlm.conf; \
 /usr/sbin/cntlm -H -u <USERNAME> -d <DOMAIN>"

    The following output is generated:

    PassLM 1AD35398BE6565DDB5C4EF70C0593492
PassNT 77B9081511704EE852F94227CF48A793
PassNTLMv2 B78FD04127AEDF090C1F7121ED002A4D # Only for user 'username', domain 'domain'

  2. Run the container with the hashed credentials.

    docker run -e "USERNAME=username" -e "DOMAIN=mydomain" -e "PASSNTLMV2=B78FD04127AEDF090C1F7121ED002A4D" \
 -e "PROXY=<PROXY_URL:PORT" -p 3128:3128 -d robertdebock/docker-cntlm

Setting Exclusions to the Default Proxy

To exclude interfaces, IPs, and addresses from the default proxy, you will need to specify the addresses to be excluded from the NO_PROXY environment variable.

For example, setting NO_PROXY="host1.xyz.com, host2.xyz.com," will ensure that Mission Control will not use any proxy configured while communicating with host1 and host2.

Copyright © 2023 JFrog Ltd.