Artifactory 7.x behind nginx issue

Question

I have a fresh installation of Artifactory 7.2.1(docker based)which is working fine, but I want to access it via nginx proxy, and that's not working. my artifactory is running under http://192.168.211.207:8082/ Custom base URL is set to: http://192.168.211.207:8081/artifactory ->which is redirecting me to http://192.168.211.207:8082/

Now, I have an nginx server which is running on the same server, also via docker.

When I try to access:

http://192.168.211.207 -> redirects me to https://192.168.211.207/artifactory + 502 Bad Gateway

https://192.168.211.207 ->redirects me to https://192.168.211.207/ui + 502 Bad Gateway

http://192.168.211.207/artifactory -> redirects to https + 502 Bad Gateway

https://192.168.211.207/artifactory -> 502 Bad Gateway

I do not really understand what is behind port 8081 since I am not able to use it in any circumstances. The port 8082 is working, but not behind a nginx proxy.

Here is my docker-compose file:

version: '2'
    services:
      artifactory:
        image: docker.bintray.io/jfrog/artifactory-pro:7.2.1
        container_name: artifactory
        ports:
         - 8081:8081
         - 8082:8082
        volumes:
         - /data/artifactory:/var/opt/jfrog/artifactory
        restart: always
        ulimits:
          nproc: 65535
          nofile:
            soft: 32000
            hard: 40000
      nginx:
        image: docker.bintray.io/jfrog/nginx-artifactory-pro:7.2.1
        container_name: nginx
        ports:
         - 80:80
         - 443:443
        depends_on:
         - artifactory
        links:
         - artifactory
        volumes:
         - /data/nginx:/var/opt/jfrog/nginx
        environment:
         - ART_BASE_URL=http://localhost:8081/artifactory
         - SSL=true
         # Set SKIP_AUTO_UPDATE_CONFIG=true to disable auto loading of NGINX conf
         #- SKIP_AUTO_UPDATE_CONFIG=true
        restart: always
        ulimits:
          nproc: 65535
          nofile:
            soft: 32000
            hard: 40000

and here is my nginx config file:

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate  /var/opt/jfrog/nginx/ssl/example.crt;
ssl_certificate_key  /var/opt/jfrog/nginx/ssl/example.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers   on;
## server configuration
server {
  listen 443 ssl;
  listen 80 ;
  server_name ~(?<repo>.+)\.artifactory artifactory;

  if ($http_x_forwarded_proto = '') {
    set $http_x_forwarded_proto  $scheme;
  }
  ## Application specific logs
  ## access_log /var/log/nginx/artifactory-access.log timing;
  ## error_log /var/log/nginx/artifactory-error.log;
  if ( $repo != "" ){
    rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2;
  }
 rewrite ^/$ /ui/ redirect;
    rewrite ^/ui$ /ui/ redirect;
    proxy_buffer_size          128k;
    proxy_buffers              4 256k;
    proxy_busy_buffers_size    256k;
    chunked_transfer_encoding on;
    client_max_body_size 0;
    location / {
    proxy_read_timeout  2400s;
    proxy_pass_header   Server;
    proxy_cookie_path   ~*^/.* /;
    proxy_pass          http://localhost:8082;
    proxy_set_header    X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
    proxy_set_header    X-Forwarded-Port  $server_port;
    proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
    proxy_set_header    Host              $http_host;
    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;

        location ~ ^/artifactory/ {
            proxy_pass    http://localhost:8082;
        }
    }
}

I can't figure out what I am doing wrong here, but is possible to miss something since I am not an nginx expert.

Does someone spot the issue? Does someone have an example config file for nginx and artifactory 7.x?

Answer 1

Here is my Nginx reverse proxy configuration with AWS NLB in front of the Nginx reverse proxy

ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate  /var/opt/jfrog/nginx/ssl/tls.crt;
ssl_certificate_key  /var/opt/jfrog/nginx/ssl/tls.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers   on;
## server configuration

server {
  listen 443 ssl;
  listen 80;
  server_name ~(?<repo>.+)\.artifactory artifactory;

  if ($http_x_forwarded_proto = '') {
    set $http_x_forwarded_proto  $scheme;
  }
  ## Application specific logs
  ## access_log /var/log/nginx/artifactory-access.log timing;
  ## error_log /var/log/nginx/artifactory-error.log;
  rewrite ^/$ /ui/ redirect;
  rewrite ^/ui$ /ui/ redirect;
  rewrite ^/artifactory/?$ / redirect;
  if ( $repo != "" ) {
    rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2 break;
  }
  chunked_transfer_encoding on;
  client_max_body_size 0;

  location / {
    proxy_read_timeout  2400;
    proxy_pass_header   Server;
    proxy_cookie_path   ~*^/.* /;
    proxy_buffer_size 128k;
    proxy_buffers 40 128k;
    proxy_busy_buffers_size 128k;
    proxy_pass          http://artifactory:8082/;
    proxy_set_header    X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host;
    proxy_set_header    Host              $http_host;
    add_header Strict-Transport-Security always;

    location /artifactory/ {
      if ( $request_uri ~ ^/artifactory/(.*)$ ) {
        proxy_pass       http://artifactory:8081/artifactory/$1;
      }
      proxy_pass         http://artifactory:8081/artifactory/;
    }
  }
}

Answer 2

Thank you all for the answers. I have been able to get in touch with support, and after talking with a specialist they confirmed that in the version 7.x they don't support webcontext anymore, therefore in my case, the only way to run two artifactory was to create separate subdomains.

---

In order to be clear for future visitors of this topic, the jFrog Support confirmed me that starting with version 7.0 and newer, Artifactory does not support /webcontext feature anymore, and they don't plan to support it.

Therefore mydomain.com/artifactory-one and mydomain.com/artifactory-two is not anymore possible, you have to do it using subdomains.

mydomain.com/artifactory-one -> artifactory-one.mydomain.com mydomain.com/artifactory-two -> artifactory-two.mydomain.com

Answer 3

try this

       location ~ ^/artifactory/ {
            proxy_pass    http://127.0.0.1:8081;
        }

Answer 4

Probably the issue is here. As you are running it in docker container nginx in container doesn't correctly process this - >proxy_pass http://localhost:8082; Use IP instead. It worked for me