Git Product home page Git Product logo

Comments (4)

gitta-jfrog avatar gitta-jfrog commented on June 12, 2024 1

Hi @EvertonSA
It was a pleasure to work with you and I'm glad we managed to resolve the issue.
I will ask R&D to work on this issue and provide a permanent solution soon.

Problem Description:

Following changing Nginx internal Ports to 8080/8443 in Artifactory Helm Charts, the value of Wrong X-JFrog-Override-Base-Url/X-Forwarded-Port which is based on β€œ$server_port” changed when "nginx.service.ssloffload" is false (default)

https://github.com/jfrog/charts/blob/master/stable/artifactory/values.yaml#L1630

        {{- if .Values.nginx.service.ssloffload}}
        proxy_set_header    X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host;
        {{- else }}
        proxy_set_header    X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
        proxy_set_header    X-Forwarded-Port  $server_port;
        {{- end }}

As a result, clients like Docker will redirect the requests to $host:$server_port while the "server_port" will reflect the internal port (8443/8080) which is not accessible as it is different from the external port (80/443)

What is the expected behavior?

The internal port should not impact the value of these headers.

Workaround:

Add the whole artifactoryConf section to your custom values.yaml and replace the if-else-end section with:

proxy_set_header    X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host;

from charts.

EvertonSA avatar EvertonSA commented on June 12, 2024

when trying to set the ports back to the same ports it was using before,

nginx:
    http:
        internalPort: 80
    https:
        internalPort: 443

we get the following error:

Using deprecated password for user _internal.
2024-02-11 09:31:46 [169 entrypoint-nginx.sh] Preparing to run Nginx in Docker
2024-02-11 09:31:46 [14 entrypoint-nginx.sh] Dockerfile for this image can found inside the container.
2024-02-11 09:31:46 [15 entrypoint-nginx.sh] To view the Dockerfile: 'cat /docker/nginx-artifactory-pro/Dockerfile.nginx'.
2024-02-11 09:31:46 [19 entrypoint-nginx.sh] Setting up directories if missing
2024-02-11 09:31:46 [160 entrypoint-nginx.sh] Generating ssl example.key and example.crt
2024-02-11 09:31:46 [83 entrypoint-nginx.sh] Artifactory configuration already in /var/opt/jfrog/nginx/conf.d/artifactory.conf
mkdir: can't create directory '/var/opt/jfrog/nginx/logrotate': File exists
2024-02-11 09:31:46 [92 entrypoint-nginx.sh] Adding logrotate to crontab
2024-02-11 09:31:46 [187 entrypoint-nginx.sh] Starting updateConf.sh in the background
Using deprecated password for user _internal.
2024-02-11 09:31:46 [192 entrypoint-nginx.sh] Starting nginx daemon...
nginx: [emerg] bind() to 0.0.0.0:443 failed (13: Permission denied)

from charts.

EvertonSA avatar EvertonSA commented on June 12, 2024

after trying to rollback only nginx tag to 7.71.11,

nginx:
    http:
        internalPort: 80
    https:
        internalPort: 443
    image:
        tag: 7.71.11

we get the following:

Using deprecated password for user _internal.
2024-02-11 10:03:18  [210 entrypoint-nginx.sh] Preparing to run Nginx in Docker
2024-02-11 10:03:18   [14 entrypoint-nginx.sh] Dockerfile for this image can found inside the container.
2024-02-11 10:03:18   [15 entrypoint-nginx.sh] To view the Dockerfile: 'cat /docker/nginx-artifactory-pro/Dockerfile.nginx'.
2024-02-11 10:03:18   [71 entrypoint-nginx.sh] Setting up directories if missing
2024-02-11 10:03:18  [135 entrypoint-nginx.sh] Artifactory configuration already in /var/opt/jfrog/nginx/conf.d/artifactory.conf
2024-02-11 10:03:18   [30 entrypoint-nginx.sh] SSL is set. Setting up SSL certificate and key
2024-02-11 10:03:18   [64 entrypoint-nginx.sh] /var/opt/jfrog/nginx/ssl does not exist. Creating it
2024-02-11 10:03:18   [19 entrypoint-nginx.sh] Copying auto generated SSL keys
2024-02-11 10:03:18   [24 entrypoint-nginx.sh] Copying...
cp: can't create '/var/opt/jfrog/nginx/ssl/example.key': Read-only file system
2024-02-11 10:03:18   [38 38 functions.sh] ERROR: Failed copying /etc/tls/private/example.key to /var/opt/jfrog/nginx/ssl
2024-02-11T10:03:18.757438995Z

from charts.

EvertonSA avatar EvertonSA commented on June 12, 2024

for the reference, the good colleagues from support helped me to figure out and it seems to be related to this line

charts/stable/artifactory/values.yaml

Line 1633 in c4bad2b

proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;

I will leave this issue open, but the i'm closing the ticket. please feel free to close this issue.

from charts.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.