How to configure HTTPS with Nginx for Artifactory 7.x

How to configure HTTPS with Nginx for Artifactory 7.x

AuthorFullName__c
Shani Attias
articleNumber
000004876
ft:sourceType
Salesforce
FirstPublishedDate
2020-10-12T13:00:41Z
lastModifiedDate
2024-03-10T07:43:50Z
VersionNumber
7

 In this article you will find basic HTTP and HTTPS Nginx configuration for two setups:

  1. Artifactory and Nginx each installed on a different instance

  2. Artifactory and Nginx are installed on the same instance

 

 

1. Artifactory and Nginx each installed on a different instance 
 

## add ssl entries when https has been set in config
##ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate      /etc/ssl/certs/domain.crt;
ssl_certificate_key  /etc/ssl/private/domain.key;
ssl_session_cache shared:SSL:1m;
##ssl_prefer_server_ciphers   on;
## server configuration
server {
    listen 443 ssl;
    listen 8082;
    listen 8081;
 
    server_name <Server_Name>;
    if ($http_x_forwarded_proto = '') {
        set $http_x_forwarded_proto  $scheme;
    }
    ## Application specific logs
    ## access_log /var/log/nginx/<Server_Name>-access.log timing;
    ## error_log /var/log/nginx/<Server_Name>-error.log;
    rewrite ^/$ /ui/ redirect;
    rewrite ^/ui$ /ui/ redirect;
    chunked_transfer_encoding on;
    client_max_body_size 0;
    location / {
    proxy_read_timeout  2400s;
    proxy_pass_header   Server;
    proxy_cookie_path   ~*^/.* /;
    proxy_buffer_size 128k;
    proxy_buffers 40 128k;
    proxy_busy_buffers_size 128k;
    proxy_pass          http://<Artifactory_IP>:8082;
    proxy_set_header    X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
    proxy_set_header    X-Forwarded-Port  $server_port;
    proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
    proxy_set_header    Host              $http_host;
    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
 
        location ~ ^/artifactory/ {
            proxy_pass    http://<Artifactory_IP>:8081;
        }
    }
}


 

 

2. Artifactory and Nginx are installed on the same instance


Since both Artifactory and Nginx installed on the same machine, Nginx HTTP port cannot be 8082, therefore you should choose any other open port for HTTP. In the example below I have used the 8080 port as the Nginx HTTP port.

(If you have configured Artifactory microservice to run on a different port then the default 8081 port, the redirection from http://<Artifactory_IP>:<Artifactory_new_port> to http://<Artifactory_IP>:8082/ui will fail unless there’s a Custom Base URL configured).
 

## add ssl entries when https has been set in config
##ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate      /etc/ssl/certs/domain.crt;
ssl_certificate_key  /etc/ssl/private/domain.key;
ssl_session_cache shared:SSL:1m;
##ssl_prefer_server_ciphers   on;
## server configuration
server {
    listen 443 ssl;
    listen 8080;
 
    server_name <Server_Name>;
    if ($http_x_forwarded_proto = '') {
        set $http_x_forwarded_proto  $scheme;
    }
    ## Application specific logs
    ## access_log /var/log/nginx/<Server_Name>-access.log timing;
    ## error_log /var/log/nginx/<Server_Name>-error.log;
    rewrite ^/$ /ui/ redirect;
    rewrite ^/ui$ /ui/ redirect;
    chunked_transfer_encoding on;
    client_max_body_size 0;
    location / {
    proxy_read_timeout  2400s;
    proxy_pass_header   Server;
    proxy_cookie_path   ~*^/.* /;
    proxy_buffer_size 128k;
    proxy_buffers 40 128k;
    proxy_busy_buffers_size 128k;
    proxy_pass          http://<Artifactory_IP>:8082;
    proxy_set_header    X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
    proxy_set_header    X-Forwarded-Port  $server_port;
    proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
    proxy_set_header    Host              $http_host;
    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
 
        location ~ ^/artifactory/ {
            proxy_pass    http://<Artifactory_IP>:8081;
        }
    }
}