[RTFACT-16130] In some cases Access to Access in HA will not work with Tomcat and/or Network (reverse proxies) configurations Created: 15/Mar/18  Updated: 28/Aug/18

Status: Open
Project: Artifactory Binary Repository
Component/s: Access Server, HA, Reverse Proxy Configuration Generator
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Normal
Reporter: Andrei Komarov Assignee: Unassigned
Resolution: Unresolved Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relationship
Support Tickets:

Klarna Bank AB - Support Case, N26 Bank GmbH - Support Case, Jet Propulsion Laboratory - Support Case, Citrix Systems Research & Development Ltd. - Support Case, Centene - Support Case

Product Comments: 26-Mar-2018: Product, Andrei and RnD to follow-up with Noam
8-May-2018: support to validate

 Description   

emphasized textGoing from 5.6.0, Access runs on its own connector and/or can be access via Artifactory connector with the /access context.

This can cause issues when:

1. A reverse proxy is used behind each Artifactory node, a the context.url (under ha-node.properties) could, and is, binded to the Reverse proxy (e.g. Nginx) Virtualhost/listener port; e.g.:

context.url=192.168.59.2:80/artifactory

And, since by default, Artifactory's snippet generator is not taking care of the access servlet.

This can be handled by adding another directive that would make the reverse proxy forward requests to the Access context, e.g. with Nginx use the location directive for /access/ (same as /artifactory/):

location /access/ {

        proxy_read_timeout  900;

        proxy_pass_header   Server;

        proxy_cookie_path   ~*^/.* /;

        if ( $request_uri ~ ^/access/(.*)$ ) {

            proxy_pass          http://artifactory/access/$1;

        }

        proxy_pass          http://artifactory/access/;

        proxy_next_upstream http_503 non_idempotent;

        proxy_set_header    X-Artifactory-Override-Base-Url https://$host/access;

        proxy_set_header    X-Forwarded-Port  443;

        proxy_set_header    X-Forwarded-Proto https;

        proxy_set_header    Host              $host;

        proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;

    }

2. Artifactory runs on the ROOT virtual listener of Tomcat:

https://jfrog.com/knowledge-base/how-do-i-setup-artifactory-to-run-as-the-root-application-in-tomcat/



 Comments   
Comment by Ariel Kabov [ 30/Apr/18 ]

This issue seems to also affect whoever configures Artifactory to run as ROOT on Tomcat:

https://jfrog.com/knowledge-base/how-do-i-setup-artifactory-to-run-as-the-root-application-in-tomcat/

In this case, the workaround is to use this special Artifactory ha-node.properties property:

access.context.url=http://[ARTIFACTORY_HOST]:8040/access

Generated at Mon Dec 16 11:41:04 UTC 2019 using JIRA 7.6.16#76018-sha1:9ed376192612a49536ac834c64177a0fed6290f5.