Skip to content

Advanced Configuration and Best Practices

admonition:tip Always test any system.yaml, database, or Java changes in a non-production environment first!

Production-Grade Database Setup

Use external managed DBs (cloud) or cluster-grade DBs (on-prem)
Secure database traffic with TLS/SSL if available

Example system.yaml database config:

shared:
  database:
    type: postgresql
    driver: org.postgresql.Driver
    url: jdbc:postgresql://dbhost:5432/artifactory
    username: artifactory
    password: <secure-password>

JVM & System Performance

Tune heap size (-Xms, -Xmx) for at least 4–8G in production
Enable G1GC garbage collector: -XX:+UseG1GC

Storage

NFS: Enterprise-grade, redundant NFS/EFS for on-prem/HA
Object Storage: Use S3, Azure Blob, or GCP Storage for cloud/HA
Snapshot & backup strategies; test restores regularly

Security

Run Artifactory under a non-root user
Keep OS and JFrog software patched
Require HTTPS for all user-facing endpoints
Restrict admin UI to VPN or trusted networks where possible

Monitoring & Alerts

Enable and configure monitoring:
JFrog Xray
Cloud-native logging (e.g., CloudWatch, Stackdriver)
Filebeat/Logstash to ship logs centrally
Set up proactive alerts/notifications for low disk, high CPU, failed backups

Upgrades, Rollbacks, and Backups

Perform backups before upgrades
Stage upgrades on test nodes before production
Maintain fallback complete VM/application snapshots for rollback

LDAP & SSO

Integrate with your enterprise LDAP/AD or SSO provider for RBAC
Audit access and optimize user/group roles

admonition:warning Never make direct changes to Artifactory system tables in the database. Use the web UI or REST API for all supported changes.