Enable TLS in Artifactory

JFrog Installation & Setup Documentation
Content Type
Installation & Setup
ft:sourceType
Paligo

  1. To enable TLS in Artifactory, in the Artifactory's values.yaml file, set security.tls to true under the accessConfig section.

    access:
  accessConfig:
    security:
      tls: true

  2. Add the name of the Artifactory service as a SAN to the Access certificate. You can use Helm templating to automate the process, eliminating the need to specify values based on your release name. The following is an example:

    access:
  accessConfig:
    security:
      tls: true
      tls-subject-alternative-names:
        - '{{ template "artifactory.fullname" . }}'

    The template above is set up in our _helpers.tpl file and serves as the Artifactory Service name. This ensures that you always get the correct Artifactory Service name, making automation easier and eliminating the need for hardcoded values.

    With the above configurations, Router and Access will now only accept HTTPS connections from external sources, including other JFrog products, when connecting to Artifactory via the service name. In this example, the release name is jfrog-platform:

    https://jfrog-platform-artifactory:8082

    Important

    The Access certificate requires the hostname IP, specified by the property shared.node.ip in the Artifactory system.yaml. This IP is automatically added to the Access certificate during startup when Access acts as the Certificate Authority (CA). While you can use a custom certificate as described in the Access TLS documentation, this is impractical in Kubernetes due to the dynamic nature of pod IPs. Instead, we recommend using a custom certificate with Nginx for TLS termination.