Setting up Nginx and Docker to work with multiple Artifactory repositories

JFrog Support
2016-10-06 13:38

Here is an example configuration of an NGINX server that is configured to serve two different repositories of Docker (for example: a local and remote repository):

 

server {

listen 443;

server_name artprod2.company.com;

 

ssl on;

#ssl_certificate /etc/ssl/certs/artprod2.company.com.crt;

#ssl_certificate_key /etc/ssl/private/artprod2.company.com.key;

ssl_certificate /home/idan/Documents/Docker/docker-registry.com.crt;

ssl_certificate_key /home/idan/Documents/Docker/docker-registry.com.key;

access_log /var/log/nginx/artprod2.company.com.access.log;

error_log /var/log/nginx/artprod2.company.com.error.log;

 

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Original-URI $request_uri;

proxy_read_timeout 900;

 

client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads

 

# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)

chunked_transfer_encoding on;

 

location /v2 {

# Do not allow connections from docker 1.5 and earlier

# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents

if ($http_user_agent ~ "^(docker/1.(3|4|5(?!.[0-9]-dev))|Go ).*$" ) {

return 404;

}

 

proxy_pass http://artprod2.company.com:8085/artifactory/api/docker/docker-remote/v2;

}

}

 

 server {

listen 444;

server_name artprod2.company.com;

 

ssl on;

#ssl_certificate /etc/ssl/certs/artprod2.company.com.crt;

#ssl_certificate_key /etc/ssl/private/artprod2.company.com.key;

ssl_certificate /home/idan/Documents/Docker/docker-registry.com.crt;

ssl_certificate_key /home/idan/Documents/Docker/docker-registry.com.key;

access_log /var/log/nginx/artprod2.company.com.access.log;

error_log /var/log/nginx/artprod2.company.com.error.log;

 

proxy_set_header Host $host:444;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Original-URI $request_uri;

proxy_read_timeout 900;

 

client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads

 

# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)

chunked_transfer_encoding on;

 

location /v2 {

# Do not allow connections from docker 1.5 and earlier

# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents

if ($http_user_agent ~ "^(docker/1.(3|4|5(?!.[0-9]-dev))|Go ).*$" ) {

return 404;

}

 

proxy_pass http://artprod2.company.com:8085/artifactory/api/docker/docker-local2/v2;

 

}

}

 

The 444 port is deploying artifacts to the local repository named “docker-local2” and the 443 port is configured to work with the remote repository “docker-remote”. After this configuration, the image itself that should be pushed to docker-local2 (using the 444 port) needs to be tagged with the port itself:

 

docker tag nginx artprod2.company.com:444/nginx

 

This requires adding the credentials to the dockercfg file for this port:

 

curl -u{user}:{password} "https://{server_name}/{version-Docker}/auth"

 

For example:

 

curl -uadmin:password "https://artprod2.company.com/v2/auth"

 

The output of this command needs to be added to the dockercfg file:

 

{

"https://artprod2.company.com" : {

"auth" : "YWRtaW46QVA4dlZWUWp2Z0M2NjFuVHNxcUoxUGdrR1Zq",

"email" : ""

},

"https://artprod2.company.com:444" : {

"auth" : "dGVzdDpBUDROcTlSMnhaTW1yR3JY",

"email" : ""

}

}

 

After completing these configuration steps you can push the image to Artifactory:


For the repository that is configured for the 444 port: 

docker push artprod2.company.com:444/nginx


For the repository that is configured for the 443 port:

docker push artprod2.company.com/nginx

This would push the image to the defined repository in Artifactory (in this example docker-local2 that is configured for the 444 port):