Setting up isolation protection for production use
Does anyone have an idea of setting up Artifacts Domain Isolation on docker-based TeamCity running for production use?
Problem: If Enable isolation protection: :white_check_mark: Then our artifacts like coverage reports and getting downloaded on the user's desktop. If Enable isolation protection: :negative_squared_cross_mark: then it will work and open within the same window.
As per documentation: "For a TeamCity server used by an organization, a new DNS name, or a CNAME, should be registered either for the machine where the server is installed or for a reverse proxy server if TeamCity is accessible through the proxy. The URL with this new hostname should be specified in the artifacts' URL. No extra configuration on the proxy side is required."
But I am not able to understand or maybe not clear to me some steps.
What I did :
`CNAME` created :
xyz.example.com ---> teamcity.example.com
Entered URL in artifacts URL: http://xyz.example.com.
But still not working.
Environment :
Linux
Teamcity is running inside the docker
Teamcity running behind the niginx-proxy-server docker image.
it is throwing an error site can't be reached.
Do we have to set up the extra configuration in proxy?
Please sign in to leave a comment.
Hello Gaurav,
Normally it should work the other way - if Enable domain isolation option is turned on, then TeamCity allows to open artifact contain inline (because it is safe).
Speaking of your setup, are you able to ping the xyz.example.com? If it goes through, can you check if there are any errors on the nginx server logs while trying to access xyz.example.com? Is it configured to route any incoming HTTPS requests to TeamCity, or does it do any domain-based filtering?