Artifactory OSS Setup on Bare Metal Ubuntu 24.04 with PostgreSQL 16

By /

Overview

ComponentDescription
OSUbuntu Server 24.04
Artifactory OSSInstalled via official APT repo
DatabasePostgreSQL 16 (from PGDG repo)
JDBC DriverPostgreSQL 42.7.8
DB ConnectionTCP (127.0.0.1:5432)
  1. Install PostgreSQL 16

I don’t repeat the PostgreSQL installation steps here anymore. Follow my PostgreSQL install guide and install PostgreSQL 16 on Ubuntu 24.04 (either from Ubuntu’s default repo, or via PGDG if you prefer that workflow):

How to Install PostgreSQL on Ubuntu 24.04 (Ubuntu Repo vs PostgreSQL Repo)
  1. Set Up PostgreSQL for Artifactory
sudo su - postgres
psql

CREATE USER artifactory WITH PASSWORD 'StrongPassw0rd!';
CREATE DATABASE artifactory WITH OWNER=artifactory ENCODING='UTF8';
GRANT ALL PRIVILEGES ON DATABASE artifactory TO artifactory;
\q
  1. Install Artifactory OSS via APT
wget -qO - https://releases.jfrog.io/artifactory/api/gpg/key/public | sudo gpg --dearmor -o /usr/share/keyrings/jfrog.gpg
echo "deb [signed-by=/usr/share/keyrings/jfrog.gpg] https://releases.jfrog.io/artifactory/artifactory-debs noble main" | sudo tee /etc/apt/sources.list.d/jfrog.list
sudo apt update
sudo apt install -y jfrog-artifactory-oss
  1. Configure Artifactory to Use PostgreSQL
sudo vi /opt/jfrog/artifactory/var/etc/system.yaml

shared:
  database:
    type: postgresql
    driver: org.postgresql.Driver
    url: "jdbc:postgresql://localhost:5432/artifactory"
    username: artifactory
    password: StrongPassw0rd!
  1. Install PostgreSQL JDBC Driver
cd /opt/jfrog/artifactory/var/bootstrap/artifactory/tomcat/lib
sudo curl -LO https://jdbc.postgresql.org/download/postgresql-42.7.8.jar
  1. Start and Enable Artifactory
sudo systemctl enable artifactory
sudo systemctl restart artifactory
  1. Install NGINX and Certbot
sudo apt update
sudo apt install certbot python3-certbot-nginx nginx
  1. Create Initial NGINX Config
sudo vi /etc/nginx/sites-available/artifactory

server {
    listen 80;
    server_name artifactory.maksonlee.com;

    location ^~ /.well-known/acme-challenge/ {
        root /var/www/html;
    }

    return 301 https://$host$request_uri;
}

Enable the config and reload NGINX:

sudo ln -s /etc/nginx/sites-available/artifactory /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
  1. Request and Install SSL Certificate
sudo certbot --nginx -d artifactory.maksonlee.com

Certbot will:

  • Use the HTTP block to validate the domain
  • Add listen 443 ssl; server block with SSL config
  1. Update the HTTPS Block for Reverse Proxy to Artifactory

Edit the same config again:

sudo vi /etc/nginx/sites-available/artifactory

Make it look like the following:

server {
    server_name artifactory.maksonlee.com;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/artifactory.maksonlee.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/artifactory.maksonlee.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    rewrite ^/$ /ui/ redirect;
    rewrite ^/ui$ /ui/ redirect;
    chunked_transfer_encoding on;
    client_max_body_size 0;
    location / {
        proxy_read_timeout  2400s;
        proxy_pass_header   Server;
        proxy_cookie_path   ~*^/.* /;
        proxy_pass          http://127.0.0.1:8082;
        proxy_next_upstream error timeout non_idempotent;
        proxy_next_upstream_tries    1;
        proxy_set_header    X-JFrog-Override-Base-Url https://$host;
        proxy_set_header    X-Forwarded-Port  443;
        proxy_set_header    X-Forwarded-Proto https;
        proxy_set_header    Host              $host;
        proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;

        location ~ ^/artifactory/ {
            proxy_pass    http://127.0.0.1:8081;
        }
    }

    location ^~ /.well-known/acme-challenge/ {
        root /var/www/html;
    }
}

server {
    if ($host = artifactory.maksonlee.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name artifactory.maksonlee.com;
    return 404; # managed by Certbot
}

After making these changes, test the NGINX configuration for syntax errors:

sudo nginx -t

If the test is successful, reload NGINX to apply the changes:

sudo systemctl reload nginx
  1. Set Custom Base URL in Artifactory
  • Log in to Artifactory.
  • Navigate to: Admin > Configuration > General.
  • Set the Custom Base URL to https://artifactory.maksonlee.com.
  • Save the changes.

This ensures that Artifactory generates correct URLs when behind a reverse proxy.

Known Issue on 7.125.x – JFConnect Blocks Login (No MyJFrog / No License)

On Artifactory OSS 7.125.x, I ran into a subtle problem:

  • Service is running.
  • I have no MyJFrog account, no JPD, and no commercial license configured.
  • I just want a standalone, OSS-style Artifactory.
  • With no jfconnect section at all in system.yaml, the web UI login fails.
  • If I explicitly set jfconnect.enabled: true in this environment, Artifactory fails to start.

For this particular version (7.125.x), the workaround that made the instance usable was to explicitly disable JFConnect.

What is JFConnect in this context?

Very short version:

  • JFConnect is the bridge between your self-hosted Artifactory and JFrog’s cloud side (MyJFrog / JPD).
  • It handles entitlements and “platform” features when you’re connected to JFrog’s SaaS / centralized license management.
  • If you are not using MyJFrog or JPD, and you have no license, you’re basically running a standalone, OSS-style lab instance.

In that case, having JFConnect in a half-configured state on 7.125.x caused login issues for me.

Symptom in the logs

After a fresh install, even without any jfconnect config, I saw logs like:

JFCON entitlements are disabled. jfconnect.enabled and jflink.enabled are false or undefined

and repeated router entries attempting to call JFConnect endpoints.

At the same time, I could not log in via the UI, even though the service was up.

Fix: Explicitly disable JFConnect on 7.125.x

If you are:

  • On 7.125.x
  • Using Artifactory in an OSS-style, standalone way
  • Not using MyJFrog / JPD / cloud entitlements

you can add this to /opt/jfrog/artifactory/var/etc/system.yaml:

jfconnect:
  enabled: false

After this change on 7.125.x:

  • The logs show jfconnect.enabled (File): false
  • The instance starts cleanly
  • The UI login works again in a local, no-MyJFrog, no-license environment

Important note

  • This section describes behavior observed specifically on 7.125.x in a lab-style OSS setup.
  • Future versions may change how JFConnect behaves when you have no license / no MyJFrog.
  • If you are using MyJFrog / JPD or a commercial license, you should follow JFrog’s official documentation for JFConnect instead of disabling it.

Did this guide save you time?

Support this site

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top