Using a Self-signed SSL Certificate
You can use self-signed SSL certificates with
docker push/pull commands, however for this to work, you need to specify the
--insecure-registry daemon flag for each insecure registry.
For full details see Docker documentation.
For example, if you are running Docker as a service, edit the
/etc/default/docker file, and append the
--insecure-registry flag with your registry URL to the DOCKER_OPTS variable as in the following example:
Edit the DOCKER_OPTS variable
DOCKER_OPTS="-H unix:///var/run/docker.sock --insecure-registry artprod.company.com"
For this to take effect, you need to restart the Docker service.
If you are using Boot2Docker, refer to the Boot2Docker documentation for Insecure Registry.
If you do not make the required modifications to the
--insecure-registry daemon flag, you should get the following error:
v2 ping attempt failed with error: Get https://artprod.company.com/v2/: x509: cannot validate certificate for artprod.company.com because it doesn't contain any IP SANs
Using Your Own Certificate
The NGINX configuration provided with Artifactory out-of-the-box references the internally bundled certificate and key which you may replace with your own certificate and key.
For details, see Managing TLS Certificates.
Setting Your Credentials Manually
If you are unable to log in to Docker, you may need to set your credentials manually.
Authenticating via OAuth
Artifactory supports authentication of the Docker client using OAuth through the default GitHub OAuth provider. When authenticating using OAuth you will not need to provide additional credentials to execute
docker login with Artifactory.
To set up OAuth authentication for your Docker client, execute the following steps:
Under General OAuth Settings, make sure Auto Create Users is selcted to make sure a user record is created for you the first time you log in to Artifactory with OAuth.
Log in to Artifactory with OAuth using your Git Enterprise account
Once you are logged in to Artifactory through your Git Enterprise OAuth account, your Docker client will automatically detect this and use OAuth for authentication, so you do not need to provide additional credentials.