Nginx with TLS

JFrog Installation & Setup Documentation
Content Type
Installation & Setup
ft:sourceType
Paligo

The following sections explain how to disble HTTP and terminate TLS with custom certificate.

Disable HTTP

By default, our Nginx is configured to handle both HTTP and HTTPS requests, so no changes are required for HTTPS to work. However, you may want to disable HTTP since the Router will only accept HTTPS requests. To accomplish this, add the following to Artifactory’s values.yaml:

nginx:
  http:
    enabled: false

If you only want to terminate TLS at the load balancer level and do not need to enable TLS from Artifactory, you must keep this option enabled. This allows Nginx to terminate SSL and pass requests to Artifactory using HTTP.

Terminate TLS with Custom Certificate

To handle HTTPS requests out of the box, we generate certificates on startup (artifactory.gen-certs in our _helpers.tpl) and use them to terminate TLS at the Nginx level. However, your load balancer may need to trust Nginx for this to work correctly.

In this case, you can provide a custom certificate for Nginx to use instead of the generated certificates.

  1. Create a TLS secret using kubectl in the same namespace as Artifactory.

    kubectl create secret tls nginx-tls-secret --cert=your-cert --key=your-key -n your-namespace

  2. Apply it in your values.yaml using the following command.

    nginx:
  tlsSecretName: nginx-tls-secret

    This makes Nginx use your own certificate and private key.