ARTIFACTORY: Bypass proxy from router service

ARTIFACTORY: Bypass proxy from router service

AuthorFullName__c
Jayanth Suresh
articleNumber
000005502
ft:sourceType
Salesforce
FirstPublishedDate
2022-12-14T15:54:19Z
lastModifiedDate
2023-01-22T11:07:25Z
VersionNumber
2
Problem statement: In a few cases, the Artifactory server will be configured with a proxy like zscaler,etc. So that all the requests from the server go via the proxy. In that case the Router services will have an issue and throw the below message for router health or router ping endpoints, even if we add the host IP address in the HTTP/HTTPS no_proxy.
Here the proxy configured in the Artifactory host will block the requests and sometimes the Artifactory UI is accessible but the monitoring screen in the Artifactory UI will show all services as stale:

Below message in the router health or router ping endpoint:

Command:
curl -s http://ip-address:8082/router/api/v1/system/ping

Or:
curl -s http://localhost:8082/router/api/v1/system/ping

Output:
Routing mechanism unavailable on entrypoints: external (:8082): Head "http://ip-address:8082/router/api/v1/system/ping": context deadline

Below message in the router health or router ping endpoint:

Command:
curl -s http://ip-address:8082/router/api/v1/system/health

Or:
curl -s http://localhost:8082/router/api/v1/system/health

Output: 
"router": {
		"node_id": "art",
		"state": "UNHEALTHY",
		"message": "Routing mechanism unavailable on entrypoints: external (:8082): Head \"http://ip-address:8082/router/api/v1/system/ping\": context deadline exceeded"
	},

Below message in the router service logs:
2022-11-08T09:37:03.528Z [jfrou] [WARN ] [4c1af60fceddf46a] [ernal_topology_verifier.go:105] [main        ] - Failed pinging external node 'art1' at address 'http://ip-address:8082': Get "http://ip-address0:8082/router/api/v1/system/ping": context deadline exceeded

Cause: This is due to the router ping/health REST API request are getting failed with the above message.

Solution:
So to overcome this issue we need to add the list of target hosts IP-address to communicate directly to the hosts bypassing the proxy. We need to add the below configuration in the system.yaml file ($JFROG_HOME/var/etc location) and perform an Artifactory restart.
router:
   proxy:
       ignoredHosts:
       - "<current-node-private-IP-address>"
       - "<other-node-private-IP-address>"

Note: "localhost" will always be added to this list automatically.