In case SSL (HTTPS) connection to Artifactory is required, you can configure a reverse proxy such as Nginx or Apache in front of Artifactory. For Docker-Compose installation, you can find the Nginx Docker-Compose template in the “templates” folder under the extracted Docker-Compose folder. You can copy the template to the extracted folder as docker-compose.yaml. Please make sure to add port 443 under artifactory.ports.
version: '3' services: artifactory: image: ${DOCKER_REGISTRY}/jfrog/artifactory-pro:${ARTIFACTORY_VERSION} container_name: artifactory environment: - JF_ROUTER_ENTRYPOINTS_EXTERNALPORT=${JF_ROUTER_ENTRYPOINTS_EXTERNALPORT} ports: - ${JF_ROUTER_ENTRYPOINTS_EXTERNALPORT}:${JF_ROUTER_ENTRYPOINTS_EXTERNALPORT} # - 8081:8081 # for artifactory communication - 443:443 # for nginx volumes: - ${ROOT_DATA_DIR}/var:/var/opt/jfrog/artifactory - /etc/localtime:/etc/localtime:ro restart: always logging: driver: json-file options: max-size: "50m" max-file: "10" ulimits: nproc: 65535 nofile: soft: 32000 hard: 40000 nginx: image: ${DOCKER_REGISTRY}/jfrog/nginx-artifactory-pro:${ARTIFACTORY_VERSION} container_name: nginx depends_on: - artifactory network_mode: service:artifactory volumes: - ${ROOT_DATA_DIR}/var/data/nginx:/var/opt/jfrog/nginx - /etc/localtime:/etc/localtime:ro environment: - ART_BASE_URL=http://localhost:${JF_ROUTER_ENTRYPOINTS_EXTERNALPORT} - NGINX_LOG_ROTATE_COUNT=${NGINX_LOG_ROTATE_COUNT} - NGINX_LOG_ROTATE_SIZE=${NGINX_LOG_ROTATE_SIZE} - SSL=true restart: always logging: driver: json-file options: max-size: "50m" max-file: "10" ulimits: nproc: 65535 nofile: soft: 32000 hard: 40000
Sample NGINX template below:
########################################################### ## this configuration was generated by JFrog Artifactory ## ########################################################### ## add ssl entries when https has been set in config ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_certificate /etc/ssl/private/server.key; ssl_certificate_key /etc/ssl/private/server.crt; ssl_session_cache shared:SSL:1m; ssl_prefer_server_ciphers on; ## server configuration server { listen 443 ssl; listen 80 ; server_name ~(?<repo>.+)\.artifactory_host artifactory_host; if ($http_x_forwarded_proto = '') { set $http_x_forwarded_proto $scheme; } ## Application specific logs ## access_log /var/log/nginx/artifactory_host-access.log timing; ## error_log /var/log/nginx/artifactory_host-error.log; rewrite ^/$ /ui/ redirect; rewrite ^/ui$ /ui/ redirect; rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2; chunked_transfer_encoding on; client_max_body_size 0; location / { proxy_read_timeout 2400s; proxy_pass_header Server; proxy_cookie_path ~*^/.* /; proxy_buffer_size 128k; proxy_buffers 40 128k; proxy_busy_buffers_size 128k; proxy_pass http://localhost:8082; proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location ~ ^/artifactory/ { proxy_pass http://localhost:8081; } } }
Reverse proxies can also be configured to handle load balancing traffic between nodes. In NGINX’s case, you can add this snippet at the top:
upstream artifactory { server 10.150.0.222:8082; server <additional node IP>:8082; } upstream artifactory-direct { server 10.150.0.222:8081; server <additional node IP>:8081; }
Then, modify the proxy_pass lines to be
proxy_pass http://localhost:8082; → proxy_pass http://artifactory; proxy_pass http://localhost:8081; → proxy_pass http://artifactory-direct;
Otherwise you may use a dedicated load balancer to handle traffic balancing.
Note that to support docker requests, you’ll need a reverse proxy or load balancer to handle request rewrites. Also, if you are planning on having a load balancer terminating SSL, and a reverse proxy, you’ll need the below headers to be hard coded to the details of your load balancer:
For NGINX:
proxy_set_header X-JFrog-Override-Base-Url https://<LBHOST>:<LBPORT>; proxy_set_header X-Forwarded-Port <LBPORT> proxy_set_header X-Forwarded-Proto https