Relevant versions: This information pertains to Artifactory version 6.x.
Here’s a sample set up for an Nginx server, which has been configured to serve two different Docker repositories (e.g., a local and remote repository):
server {
listen 443;
server_name artprod2.company.com;
ssl on;
#ssl_certificate /etc/ssl/certs/artprod2.company.com.crt;
#ssl_certificate_key /etc/ssl/private/artprod2.company.com.key;
ssl_certificate /home/idan/Documents/Docker/docker-registry.com.crt;
ssl_certificate_key /home/idan/Documents/Docker/docker-registry.com.key;
access_log /var/log/nginx/artprod2.company.com.access.log;
error_log /var/log/nginx/artprod2.company.com.error.log;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Original-URI $request_uri;
proxy_read_timeout 900;
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
chunked_transfer_encoding on;
location /v2 {
# Do not allow connections from docker 1.5 and earlier
# docker pre-1.6.0 did not properly set the user agent on ping, catch “Go *” user agents
if ($http_user_agent ~ “^(docker/1.(3|4|5(?!.[0-9]-dev))|Go ).*$” ) {
return 404;
}
proxy_pass https://artprod2.company.com:8085/artifactory/api/docker/docker-remote/v2;
}
}
server {
listen 444;
server_name artprod2.company.com;
ssl on;
#ssl_certificate /etc/ssl/certs/artprod2.company.com.crt;
#ssl_certificate_key /etc/ssl/private/artprod2.company.com.key;
ssl_certificate /home/idan/Documents/Docker/docker-registry.com.crt;
ssl_certificate_key /home/idan/Documents/Docker/docker-registry.com.key;
access_log /var/log/nginx/artprod2.company.com.access.log;
error_log /var/log/nginx/artprod2.company.com.error.log;
proxy_set_header Host $host:444;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Original-URI $request_uri;
proxy_read_timeout 900;
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
chunked_transfer_encoding on;
location /v2 {
# Do not allow connections from docker 1.5 and earlier
# docker pre-1.6.0 did not properly set the user agent on ping, catch “Go *” user agents
if ($http_user_agent ~ “^(docker/1.(3|4|5(?!.[0-9]-dev))|Go ).*$” ) {
return 404;
}
proxy_pass https://artprod2.company.com:8085/artifactory/api/docker/docker-local2/v2;
}
}
Note: The 444 port is deploying artifacts to the local repository, named docker-local2, while the 443 port has been configured to work with the remote repository, docker-remote. Thereafter, the images that should be pushed to docker-local2 (via the 444 port) must be tagged with the port itself:
docker tag nginx artprod2.company.com:444/nginx
This requires adding the appropriate credentials to this port’s dockercfg file:
curl -u{user}:{password} “https://{server_name}/{version-Docker}/auth”
For example:
curl -uadmin:password “https://artprod2.company.com/v2/auth“
The output of this command needs to be added to the dockercfg file:
{
“https://artprod2.company.com” : {
“auth” : “YWRtaW46QVA4dlZWUWp2Z0M2NjFuVHNxcUoxUGdrR1Zq”,
“email” : “”
},
“https://artprod2.company.com:444” : {
“auth” : “dGVzdDpBUDROcTlSMnhaTW1yR3JY”,
“email” : “”
}
}
After completing these configuration steps, you can push your image to Artifactory, as follows:
- For the repository configured for the 444 port:
docker push artprod2.company.com:444/nginx
- For the repository configured for the 443 port:
docker push artprod2.company.com/nginx