JFrog


    Cloud customer?
    Start for Free>
    Upgrade in MyJFrog >
    What's New in Cloud >





    Working with an older version?JFrog Artifactory 6.x|JFrog Xray 2.x|JFrog Mission Control 3.x|JFrog Distribution 1.x|


    Skip to end of metadata
    Go to start of metadata

    In corporate environments it is often required to go through a proxy server to access remote resources.

    JPD supports several types of network proxy including NTLMv2 (if running on Linux you may use NTLMv2 only with CNTLM).

    Page Contents

    Defining Proxies

    To create a new proxy definition, access theAdministrationmodule go toProxies | Configuration | Proxy Configurationand clickNew.
    Fields that are not required by the proxy may be left blank (for example, if you are not using authentication credentials or with an NTLM proxy you may leave theUsernameandPasswordfields blank).

    Proxy Key
    		 The unique ID of the proxy.
    Default proxy

    The service(s) to define the proxy for.
    Host
    		 The name of the proxy host.
    Port
    		 The proxy port number.
    Username
    		 The proxy username when authentication credentials are required.
    Password
    		 The proxy password when authentication credentials are required.
    NT Host
    		 The computer name of the machine (the machine connecting to the NTLM proxy).
    NT Domain
    		 The proxy domain/realm name.
    Redirecting Proxy target Hosts

    An optional list of newline or comma separated host names to which this proxy may redirect requests.
    The credentials defined for the proxy are reused by requests redirected to all of these hosts.

    Using proxies

    Artifactory only accesses a remote repository through a proxy if one is selected in theNetworksectionof theAdvancedsettings for a remote repository.

    Whether this has been set manually, or by setting aDefault Proxyas aPlatform Defaultor forArtifactory,you can override this by removing theProxysetting for any specific repository.
    In this case, Artifactory will access the specific repository without going through a proxy.

    Configuring an NTLM Proxy

    NTLMAuthorizationProxyServer (APS) is aproxy软件允许s you to authenticate via a MicrosoftProxyServer using the proprietaryNTLMprotocol.

    NTLM is supported by running an ad-hoc CNTLM container likehttps://hub.docker.com/r/robertdebock/docker-cntlm/.

    Configure an NTLM Proxy

    1. Run the container to hash the NTML credentials.

      docker run robertdebock/docker-cntlm /bin/sh -c "echo Password  > /etc/cntlm.conf; \ /usr/sbin/cntlm -H -u  -d "

      The following output is generated:

      PassLM 1AD35398BE6565DDB5C4EF70C0593492 PassNT 77B9081511704EE852F94227CF48A793 PassNTLMv2 B78FD04127AEDF090C1F7121ED002A4D # Only for user 'username', domain 'domain'

    2. Run the container with the hashed credentials.

      docker run -e "USERNAME=username" -e "DOMAIN=mydomain" -e "PASSNTLMV2=B78FD04127AEDF090C1F7121ED002A4D" \ -e "PROXY=

    Setting Exclusions to the Default Proxy

    To exclude interfaces, IPs, and addresses from the default proxy, you will need to specify the addresses to be excluded fromtheNO_PROXYenvironment variable.

    For example, settingNO_PROXY="host1.xyz.com, host2.xyz.com,"willensure that Mission Control willnotuse any proxy configured while communicating with host1 and host2.

    Copyright © 2022 JFrog Ltd.