Advanced Topics

JFrog Artifactory Documentation

Using a Self-signed SSL Certificate

You can use self-signed SSL certificates with docker push/pull commands, however for this to work, you need to specify the --insecure-registry daemon flag for each insecure registry.

For full details see Docker documentation.

For example, if you are running Docker as a service, edit the /etc/default/docker file, and append the --insecure-registry flag with your registry URL to the DOCKER_OPTS variable as in the following example:

Edit the DOCKER_OPTS variable

DOCKER_OPTS="-H unix:///var/run/docker.sock --insecure-registry"

For this to take effect, you need to restart the Docker service.

If you are using Boot2Docker, refer to the Boot2Docker documentation for Insecure Registry.

If you do not make the required modifications to the --insecure-registry daemon flag, you should get the following error:

Error message

v2 ping attempt failed with error: Get x509: cannot validate certificate for because it doesn't contain any IP SANs
Using Your Own Certificate

The NGINX configuration provided with Artifactory out-of-the-box references the internally bundled certificate and key which you may replace with your own certificate and key.

For details, see Managing TLS Certificates.Manage TLS Certificates

Setting Your Credentials Manually

If you are unable to log in to Docker, you may need to set your credentials manually.

Authenticating via OAuth

Artifactory supports authentication of the Docker client using OAuth through the default GitHub OAuth provider. When authenticating using OAuth you will not need to provide additional credentials to execute docker login with Artifactory.

To set up OAuth authentication for your Docker client, execute the following steps:

  • Under General OAuth SettingsOAuth SSO, make sure Auto Create Users is selcted to make sure a user record is created for you the first time you log in to Artifactory with OAuth.

  • Log in to Artifactory with OAuth using your Git Enterprise account

Once you are logged in to Artifactory through your Git Enterprise OAuth account, your Docker client will automatically detect this and use OAuth for authentication, so you do not need to provide additional credentials.