Comments (4)
Hi @EvertonSA
It was a pleasure to work with you and I'm glad we managed to resolve the issue.
I will ask R&D to work on this issue and provide a permanent solution soon.
Problem Description:
Following changing Nginx internal Ports to 8080/8443 in Artifactory Helm Charts, the value of Wrong X-JFrog-Override-Base-Url/X-Forwarded-Port which is based on β$server_portβ changed when "nginx.service.ssloffload" is false (default)
https://github.com/jfrog/charts/blob/master/stable/artifactory/values.yaml#L1630
{{- if .Values.nginx.service.ssloffload}}
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host;
{{- else }}
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
{{- end }}
As a result, clients like Docker will redirect the requests to $host:$server_port while the "server_port" will reflect the internal port (8443/8080) which is not accessible as it is different from the external port (80/443)
What is the expected behavior?
The internal port should not impact the value of these headers.
Workaround:
Add the whole artifactoryConf section to your custom values.yaml and replace the if-else-end section with:
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host;
from charts.
when trying to set the ports back to the same ports it was using before,
nginx:
http:
internalPort: 80
https:
internalPort: 443
we get the following error:
Using deprecated password for user _internal.
2024-02-11 09:31:46 [169 entrypoint-nginx.sh] Preparing to run Nginx in Docker
2024-02-11 09:31:46 [14 entrypoint-nginx.sh] Dockerfile for this image can found inside the container.
2024-02-11 09:31:46 [15 entrypoint-nginx.sh] To view the Dockerfile: 'cat /docker/nginx-artifactory-pro/Dockerfile.nginx'.
2024-02-11 09:31:46 [19 entrypoint-nginx.sh] Setting up directories if missing
2024-02-11 09:31:46 [160 entrypoint-nginx.sh] Generating ssl example.key and example.crt
2024-02-11 09:31:46 [83 entrypoint-nginx.sh] Artifactory configuration already in /var/opt/jfrog/nginx/conf.d/artifactory.conf
mkdir: can't create directory '/var/opt/jfrog/nginx/logrotate': File exists
2024-02-11 09:31:46 [92 entrypoint-nginx.sh] Adding logrotate to crontab
2024-02-11 09:31:46 [187 entrypoint-nginx.sh] Starting updateConf.sh in the background
Using deprecated password for user _internal.
2024-02-11 09:31:46 [192 entrypoint-nginx.sh] Starting nginx daemon...
nginx: [emerg] bind() to 0.0.0.0:443 failed (13: Permission denied)
from charts.
after trying to rollback only nginx tag to 7.71.11,
nginx:
http:
internalPort: 80
https:
internalPort: 443
image:
tag: 7.71.11
we get the following:
Using deprecated password for user _internal.
2024-02-11 10:03:18 [210 entrypoint-nginx.sh] Preparing to run Nginx in Docker
2024-02-11 10:03:18 [14 entrypoint-nginx.sh] Dockerfile for this image can found inside the container.
2024-02-11 10:03:18 [15 entrypoint-nginx.sh] To view the Dockerfile: 'cat /docker/nginx-artifactory-pro/Dockerfile.nginx'.
2024-02-11 10:03:18 [71 entrypoint-nginx.sh] Setting up directories if missing
2024-02-11 10:03:18 [135 entrypoint-nginx.sh] Artifactory configuration already in /var/opt/jfrog/nginx/conf.d/artifactory.conf
2024-02-11 10:03:18 [30 entrypoint-nginx.sh] SSL is set. Setting up SSL certificate and key
2024-02-11 10:03:18 [64 entrypoint-nginx.sh] /var/opt/jfrog/nginx/ssl does not exist. Creating it
2024-02-11 10:03:18 [19 entrypoint-nginx.sh] Copying auto generated SSL keys
2024-02-11 10:03:18 [24 entrypoint-nginx.sh] Copying...
cp: can't create '/var/opt/jfrog/nginx/ssl/example.key': Read-only file system
2024-02-11 10:03:18 [38 38 functions.sh] ERROR: Failed copying /etc/tls/private/example.key to /var/opt/jfrog/nginx/ssl
2024-02-11T10:03:18.757438995Z
from charts.
for the reference, the good colleagues from support helped me to figure out and it seems to be related to this line
charts/stable/artifactory/values.yaml
Line 1633 in c4bad2b
I will leave this issue open, but the i'm closing the ticket. please feel free to close this issue.
from charts.
Related Issues (20)
- [FATAL] Cluster join: Failed resolving join key: failed resolving 'shared.security.joinKey' key; file does not exist: /opt/jfrog/router/var/etc/security/join.key HOT 1
- NGINX pod wont start after applying the latest Helm chart HOT 3
- 2024-03-08T12:01:49.328Z [36m[jfrou][0m [34m[INFO ][0m [6c11dd5ef278b11f] [security_keys.go:185 ] [main ] [] - Cluster join: Join key is missing. Pending for 150 seconds with 5m0s timeout Terminate signal received, attempting a graceful shutdown (264) HOT 1
- Configuring a Postgresql External Database results in an infinite wait for the master key until CrashLoopBackOff HOT 2
- Can you tell me to access through s3, then where should I fill in my ak and sk HOT 4
- Invalid Stateful set label created if using non-default image registry port
- Option for persistentVolumeClaimRetentionPolicy
- Install Jfrog pipelines with a pre-existing Vault is failing during init phase HOT 3
- StatefulSet artifactory-ha-jfrog-deployme-artifactory-ha-member failed. Not found: "gcpcreds-json" HOT 2
- Circle of Trust certificates gets deleted after the pods are up HOT 2
- Question: Jfrog-Platform chart for Artifactory 7.77.11
- wrong copy-circle-of-trust-certificates imagePullPolicy configuration HOT 6
- Shouldn't fullname be used for the new artifactory-unified-secret? HOT 3
- Artifactory HA broken on 7.84.10 release HOT 3
- Help with artifactory-oss installation on k3s HOT 14
- PersistentVolumeClaim size cannot be increased via Statefullset HOT 3
- Request for Feature Enhancement to Allow Individual Changes in Artifactory Readiness Probes Configuration HOT 1
- Pre-upgrade migration hook terminates unsuccessfully HOT 2
- Malformed bootstrap.creds string prevents Artifactory from starting HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from charts.