Relevant versions: This information pertains to Artifactory version 6.x.
Here’s a sample set up for an Nginx server, which has been configured to serve two different Docker repositories (e.g., a local and remote repository):
server { listen 443; server_name artprod2.company.com; ssl on; #ssl_certificate /etc/ssl/certs/artprod2.company.com.crt; #ssl_certificate_key /etc/ssl/private/artprod2.company.com.key; ssl_certificate /home/idan/Documents/Docker/docker-registry.com.crt; ssl_certificate_key /home/idan/Documents/Docker/docker-registry.com.key; access_log /var/log/nginx/artprod2.company.com.access.log; error_log /var/log/nginx/artprod2.company.com.error.log; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Original-URI $request_uri; proxy_read_timeout 900; client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) chunked_transfer_encoding on; location /v2 { # Do not allow connections from docker 1.5 and earlier # docker pre-1.6.0 did not properly set the user agent on ping, catch “Go *” user agents if ($http_user_agent ~ “^(docker/1.(3|4|5(?!.[0-9]-dev))|Go ).*$” ) { return 404; } proxy_pass https://artprod2.company.com:8085/artifactory/api/docker/docker-remote/v2; } } server { listen 444; server_name artprod2.company.com; ssl on; #ssl_certificate /etc/ssl/certs/artprod2.company.com.crt; #ssl_certificate_key /etc/ssl/private/artprod2.company.com.key; ssl_certificate /home/idan/Documents/Docker/docker-registry.com.crt; ssl_certificate_key /home/idan/Documents/Docker/docker-registry.com.key; access_log /var/log/nginx/artprod2.company.com.access.log; error_log /var/log/nginx/artprod2.company.com.error.log; proxy_set_header Host $host:444; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Original-URI $request_uri; proxy_read_timeout 900; client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) chunked_transfer_encoding on; location /v2 { # Do not allow connections from docker 1.5 and earlier # docker pre-1.6.0 did not properly set the user agent on ping, catch “Go *” user agents if ($http_user_agent ~ “^(docker/1.(3|4|5(?!.[0-9]-dev))|Go ).*$” ) { return 404; } proxy_pass https://artprod2.company.com:8085/artifactory/api/docker/docker-local2/v2; } }
Note: The 444 port is deploying artifacts to the local repository, named docker-local2, while the 443 port has been configured to work with the remote repository, docker-remote. Thereafter, the images that should be pushed to docker-local2 (via the 444 port) must be tagged with the port itself:
docker tag nginx artprod2.company.com:444/nginx
This requires adding the appropriate credentials to this port’s dockercfg file:
curl -u{user}:{password} “https://{server_name}/{version-Docker}/auth”
For example:
curl -uadmin:password “https://artprod2.company.com/v2/auth“
The output of this command needs to be added to the dockercfg file:
{
“https://artprod2.company.com” : {
“auth” : “YWRtaW46QVA4dlZWUWp2Z0M2NjFuVHNxcUoxUGdrR1Zq”,
“email” : “”
},
“https://artprod2.company.com:444” : {
“auth” : “dGVzdDpBUDROcTlSMnhaTW1yR3JY”,
“email” : “”
}
}
After completing these configuration steps, you can push your image to Artifactory, as follows:
- For the repository configured for the 444 port:
docker push artprod2.company.com:444/nginx
- For the repository configured for the 443 port:
docker push artprod2.company.com/nginx