ARTIFACTORY: Configuring Nginx and Docker to Work with Multiple Artifactory Repositories

JFrog Support
2023-01-22 11:07

Relevant versions: This information pertains toArtifactory version 6.x.

Here’s a sample set up for an Nginx server, which has been configured to servetwodifferentDocker repositories(e.g., a local and remote repository):

server {

listen 443;

server_name artprod2.company.com;

ssl on;

#ssl_certificate /etc/ssl/certs/artprod2.company.com.crt;

#ssl_certificate_key /etc/ssl/private/artprod2.company.com.key;

ssl_certificate /home/idan/Documents/Docker/docker-registry.com.crt;

ssl_certificate_key /home/idan/Documents/Docker/docker-registry.com.key;

access_log /var/log/nginx/artprod2.company.com.access.log;

error_log /var/log/nginx/artprod2.company.com.error.log;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Original-URI $request_uri;

proxy_read_timeout 900;

client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads

# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)

chunked_transfer_encoding on;

location /v2 {

# Do not allow connections from docker 1.5 and earlier

# docker pre-1.6.0 did not properly set the user agent on ping, catch “Go *” user agents

if ($http_user_agent ~ “^(docker/1.(3|4|5(?!.[0-9]-dev))|Go ).*$” ) {

return 404;

}

proxy_pass https://artprod2.company.com:8085/artifactory/api/docker/docker-remote/v2;

}

}

server {

listen 444;

server_name artprod2.company.com;

ssl on;

#ssl_certificate /etc/ssl/certs/artprod2.company.com.crt;

#ssl_certificate_key /etc/ssl/private/artprod2.company.com.key;

ssl_certificate /home/idan/Documents/Docker/docker-registry.com.crt;

ssl_certificate_key /home/idan/Documents/Docker/docker-registry.com.key;

access_log /var/log/nginx/artprod2.company.com.access.log;

error_log /var/log/nginx/artprod2.company.com.error.log;

proxy_set_header Host $host:444;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Original-URI $request_uri;

proxy_read_timeout 900;

client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads

# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)

chunked_transfer_encoding on;

location /v2 {

# Do not allow connections from docker 1.5 and earlier

# docker pre-1.6.0 did not properly set the user agent on ping, catch “Go *” user agents

if ($http_user_agent ~ “^(docker/1.(3|4|5(?!.[0-9]-dev))|Go ).*$” ) {

return 404;

}

proxy_pass https://artprod2.company.com:8085/artifactory/api/docker/docker-local2/v2;

}

}

Note: The444 portis deploying artifacts to the local repository, nameddocker-local2, while the443 porthas been configured to work with the remote repository,docker-remote. Thereafter, the images that should be pushed to docker-local2 (via the 444 port) must betaggedwith the port itself:

docker tag nginx artprod2.company.com:444/nginx

This requires adding the appropriate credentials to this port’sdockercfgfile:

curl -u{user}:{password} “https://{server_name}/{version-Docker}/auth”

For example:

curl -uadmin:password “https://artprod2.company.com/v2/auth“

Theoutputof this command needs to be added to thedockercfgfile:

{

“https://artprod2.company.com” : {

“auth” : “YWRtaW46QVA4dlZWUWp2Z0M2NjFuVHNxcUoxUGdrR1Zq”,

“email” : “”

},

“https://artprod2.company.com:444” : {

“auth” : “dGVzdDpBUDROcTlSMnhaTW1yR3JY”,

“email” : “”

}

}

After completing these configuration steps, you canpush你的图像Artifactory, as follows:

  • For the repository configured for the 444 port:

docker push artprod2.company.com:444/nginx

  • For the repository configured for the 443 port:

docker push artprod2.company.com/nginx