Search


Cloud customer?
Upgrade in MyJFrog >


Working with an older version?

JFrog Artifactory 6.x
JFrog Xray 2.x
JFrog Mission Control 3.x
JFrog Distribution 1.x
JFrog Enterprise+ (Pre-Platform Release)




Setting Up the NGINX Server

You can use Artifactory behind an Nginx server. When setting up Nginx as a front end to Artifactory it is recommended to use HTTP or HTTPS.

Page Contents


Using HTTP or HTTPS

You must set the base URL in Artifactory itself so that the links in the user interface appear correctly.

In the example below, the configuration assumes that the Tomcat HTTP connector runs on port 8081.

Seeing timeouts on large file uploads?

Up-to-date versions of Nginx have proxy_request_buffering enabled by default. With request buffering enabled, Nginx buffers the entire client payload prior to sending it to the Artifactory upstream.

As a result, you might see a certain stall that could range from several seconds to several minutes depending on your network performance, after the client finishes transmitting all the bytes to Nginx, as Nginx would be busy transmitting all the bytes to the Artifactory upstream at once. If this stall ranges more than a few seconds, you may start seeing client request timeouts depending on which client is used. If you are seeing timeouts, consider turning off proxy_request_buffering with the following directives:

proxy_request_buffering off;

proxy_http_version 1.1;

Configuring nginx to use HTTP or HTTPS
## add ssl entries when https has been set in config
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate      /etc/nginx/ssl/yourdomain.com.crt;
ssl_certificate_key  /etc/nginx/ssl/yourdomain.com.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers   on;
## server configuration
server {
    listen 443 ssl;
    listen 80 ;
     
    server_name yourdomain.com;

    if ($http_x_forwarded_proto = '') {
        set $http_x_forwarded_proto  $scheme;
    }
    ## Application specific logs
    ## access_log /var/log/nginx/yourdomain.com-access.log timing;
    ## error_log /var/log/nginx/yourdomain.com-error.log;
    rewrite ^/$ /ui/ redirect;
    rewrite ^/ui$ /ui/ redirect;
    chunked_transfer_encoding on;
    client_max_body_size 0;
    location / {
        proxy_read_timeout  2400s;
        proxy_pass_header   Server;
        proxy_cookie_path   ~*^/.* /;
        proxy_pass          http://<artifactory-ip>:8082;
        proxy_next_upstream error timeout non_idempotent;
        proxy_next_upstream_tries    1;
        proxy_set_header    X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
        proxy_set_header    X-Forwarded-Port  $server_port;
        proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
        proxy_set_header    Host              $http_host;
        proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;

        location ~ ^/artifactory/ {
            proxy_pass    http://<artifactory-ip>:8081;
        }
    }
}

Internal Proxies

Regular expression (using java.util.regex) that a proxy's IP address must match to be considered an internal proxy. Internal proxies that appear in the remoteIpHeader are trusted and do not appear in the proxiesHeader value.

If not specified, the default value of 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3} is used.

Configuring a Custom Base URL in Artifactory

When using an HTTP proxy, the links produced by Artifactory, as well as certain redirects contain the wrong port and use the http instead of https.  

Therefore, you must configure a custom base URL as follows:

  1. On the Admin tab select Configuration | General Custom Base URL field.
  2. Set the Custom Base URL field to the value used to contact Artifactory
    For example: https://yourdomain.com

Please refer to General Configuration for more details about configuring the base URL.


Copyright © 2020 JFrog Ltd.