How to configure HTTPS with Nginx for Artifactory 7.x

Shani Attias
2020-10-12 13:00

 In this article you will find basic HTTP and HTTPS Nginx configuration for two setups:

  1. Artifactory and Nginx each installed on a different instance

  2. Artifactory and Nginx are installed on the same instance

 

 

1. Artifactory and Nginx each installed on a different instance 

## add ssl entries when https has been set in config
##ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate /etc/ssl/certs/domain.crt;
ssl_certificate_key /etc/ssl/private/domain.key;
ssl_session_cache shared:SSL:1m;
##ssl_prefer_server_ciphers on;
## server configuration
server {
listen 443 ssl;
listen 8082;
listen 8081;

server_name <Server_Name>;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
## access_log /var/log/nginx/<Server_Name>-access.log timing;
## error_log /var/log/nginx/<Server_Name>-error.log;
rewrite ^/$ /ui/ redirect;
rewrite ^/ui$ /ui/ redirect;
chunked_transfer_encoding on;
client_max_body_size 0;
location / {
proxy_read_timeout 2400s;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_buffer_size 128k;
proxy_buffers 40 128k;
proxy_busy_buffers_size 128k;
proxy_pass http://<Artifactory_IP>:8082;
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

location ~ ^/artifactory/ {
proxy_pass http://<Artifactory_IP>:8081;
}
}
}

 

 

2. Artifactory and Nginx are installed on the same instance

Since both Artifactory and Nginx installed on the same machine, Nginx HTTP port cannot be 8082, therefore you should choose any other open port for HTTP. In the example below I have used the 8080 port as the Nginx HTTP port.

(If you have configured Artifactory microservice to run on a different port then the default 8081 port, the redirection from http://<Artifactory_IP>:<Artifactory_new_port> to http://<Artifactory_IP>:8082/ui will fail unless there’s a Custom Base URL configured).

## add ssl entries when https has been set in config
##ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate /etc/ssl/certs/domain.crt;
ssl_certificate_key /etc/ssl/private/domain.key;
ssl_session_cache shared:SSL:1m;
##ssl_prefer_server_ciphers on;
## server configuration
server {
listen 443 ssl;
listen 8080;

server_name <Server_Name>;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
## access_log /var/log/nginx/<Server_Name>-access.log timing;
## error_log /var/log/nginx/<Server_Name>-error.log;
rewrite ^/$ /ui/ redirect;
rewrite ^/ui$ /ui/ redirect;
chunked_transfer_encoding on;
client_max_body_size 0;
location / {
proxy_read_timeout 2400s;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_buffer_size 128k;
proxy_buffers 40 128k;
proxy_busy_buffers_size 128k;
proxy_pass http://<Artifactory_IP>:8082;
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

location ~ ^/artifactory/ {
proxy_pass http://<Artifactory_IP>:8081;
}
}
}