Reputation: 19388
Artifactory pro server behind an nginx frontend
I am trying to set up ssl for our artifactory server. For this I wish to configure nginx as the reverse proxy. So far I have done the following
-- Installed artifactory pro using its docker image
docker run --name artifactory-registry -p 8081:8081 -v $ARTIFACTORY_HOME/data -v $ARTIFACTORY_HOME/logs -v $ARTIFACTORY_HOME/backup -v $ARTIFACTORY_HOME/etc jfrog-docker-reg2.bintray.io/jfrog/artifactory-pro:latest
-- Insatlled nginx using sudo apt-get install nginx
I have the webapp accessible at http://localhost:8081/artifactory/webapp/#/home and teh following config file under $ARTIFACTORY_HOME/tomcat/conf/server.xml
<Service name="Catalina">
<Connector port="8081"/>
<!-- This is the optional AJP connector -->
<Connector port="8019" protocol="AJP/1.3"/>
<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps"/>
</Engine>
</Service>
From sources found online, the following configuration is needed for the nginx to act as a reverse proxy
server {
listen 80;
server_name yourdomain.com;
root /etc/tomcat7/webapps/apple;
proxy_cache one;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/;
}
}
What should be the 'server_name' and 'root' in this path? Also how do I test the reverse proxiness of this setup?
Upvotes: 2
Views: 3907
Answers (1)
Reputation: 1312
Usually you will configure SSL on it's default HTTPs port (443). Take a look at this page for configuring nginx with SSL.
The server_name is the host from which you will connect to your nginx (from the browser for example). Usually you will have a DNS address from your company (like artifactory.mycompany.com) and you will use that, but if everything is local you can just put localhost instead.
Here is a working SSL configuration on port 443:
server {
listen 443;
server_name artifactory.mycompany.com;
access_log /var/log/nginx/artifactory.access.log;
error_log /var/log/nginx/artifactory.error.log;
ssl on;
ssl_certificate /etc/nginx/ssl/artifactory.crt;
ssl_certificate_key /etc/nginx/ssl/artifactory.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location /artifactory {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8081;
proxy_pass_header Server;
proxy_read_timeout 90;
}
}
Simply put your SSL certificates at the configured locations and you are good to go.
Connecting to https://artifactory.mycompany.com from your browser should now work (or https://localhost if you used that for server_name).
Upvotes: 5
Related Questions
- Artifactory in Docker redirecting to different Port
- Artifactory 7.x behind nginx issue
- Status 405 - docker - artifactory
- Using a multidomain certificate for artifactory docker repo
- Configuring a docker repository as a subdomain in artifactory
- Tunnel Connection Failed error when logging into artifactory docker registry
- Artifactory host name resolution to docker registry
- Unable to push docker images to artifactory
- How to push docker images through reverse proxy to artifactory
- Putting Artifactory behind SSL