Cloud customer?
 Upgrade in MyJFrog >

Search





Overview

In many cases, an organization may provide access to Artifactory through a reverse proxy such as NGINX or Apache. In some cases, for example with Artifactory as Docker registry, this set up is even mandatory. To simplify configuring a reverse proxy, Artifactory provides a Reverse Proxy Configuration Generator screen in which you can fill in a set of fields to generate the required configuration snippet which you can then download and install directly in the corresponding directory of your reverse proxy server. You can also use the REST API to manage reverse proxy configuration.

For best security, when using Artifactory behind a reverse proxy, it must be co-located on the same machine as the web server, and Artifactory should be explicitly and exclusively bound to localhost.

We also recommend that you set your Custom Base URL to match your Public Server Name.

Page Contents

 


Reverse Proxy Settings

To configure a reverse proxy, in the Administration module, select Artifactory  | HTTP Settings.

Add your settings, save and click Download to generate your reverse proxy snippet. Place the configuration file in the right place under your reverse proxy server installation and reload the configuration. 

Using NGINX? Note these requirements.

To use NGINX as a reverse proxy to work with Docker, you need NGINX v1.3.9 or higher. The NGINX configuration file should be placed under the sites-enabled directory.

For more details, please refer to Configuring NGINX.

Using Apache? Note these requirements.

Some features in the Apache configuration are only supported from Apache HTTP Server v2.4.

To use Apache as your reverse proxy server, make sure you have the following modules installed and activated:

  • proxy_http
  • rewrite
  • deflate
  • headers
  • proxy_balancer
  • proxy_connect
  • proxy_html
  • ssl
  • lbmethod_byrequests
  • slotmem_shm
  • proxy

Best practice

When using a reverse proxy, it is recommended to pass the X-JFrog-Override-Base-Url header as follows:

For NGINX:

proxy_set_header X-JFrog-Override-Base-Url  $http_x_forwarded_proto://$<host>:<server port>

For Apache:
RewriteCond %{REQUEST_SCHEME} (.*)
RewriteRule (.*) - [E=my_scheme:%1]
[...]
RequestHeader set X-JFrog-Override-Base-Url %{my_scheme}://<server_name>

Server Provider
Set the server provider type: Embedded Tomcat, Nginx and Apache.
Internal Hostname
The internal server name for Artifactory which will be used by the web server to access the Artifactory machine.
If the web server is installed on the same machine as Artifactory you can use localhost, otherwise use the IP or hostname.
Internal Artifactory Port
Direct access to Artifactory for REST API and downloads. This can be configured from the Artifactory System YAML file.
Internal Router Port
Access to the JFrog Platform services REST API and web UI. This can be configured from the Artifactory System YAML file.
Public Server Name
The server name which will be publicly used to access Artifactory within the organization.
Use HTTP
When set, Artifactory will be accessible via HTTP at the corresponding port that is set.
Use HTTPS
When set, Artifactory will be accessible via HTTPS at the corresponding port that is set.
HTTP Port
The port for access via HTTP. The default value is 80.
HTTPS Port
The port for access via HTTPS. The default value is 443.



Docker Reverse Proxy Settings

When using Artifactory as an on-prem private Docker registry, the Docker client can access Artifactory through a reverse proxy or directly through Artifactory's embedded Tomcat.

JFrog Artifactory Cloud Docker Registries

 Note that accessing an Artifactory Docker registry on a JFrog Artifactory Cloud installation does not use a reverse proxy since it is external to your organization.

Using a Reverse Proxy

The Docker client can access Artifactory through a reverse proxy using the Subdomain Method(recommended) or through the Ports Method.

For each of these methods, your Docker repositories must be configured with the corresponding Reverse Proxy settings in the Docker Repository Configuration Advanced tabThe Reverse Proxy Configuration screen also sets up your Docker Repository configuration.

Configuring Artifactory as your Docker Registry

This section describes how to obtain your reverse proxy configuration according whether you are using the subdomain method or port bindings. 

Using Subdomain

If you select Subdomain as the Reverse Proxy Method, when configuring a Docker Repository, the Registry Name in the Docker Repository Configuration Advanced tab will be set automatically to the required value, and will use the Repository Key as the Subdomain.

Wildcard certificate

Using the Subdomain method requires a Wildcard certificate such as.*.myservername.org. You also need to ensure that the certificate you use supports the number of levels used in your subdomain.

Docker Settings in HTTP SettingsCorresponding HTTP Settings in Docker Repository Advanced Configuration

Using Port Bindings

If you select Port as the Reverse Proxy Method, when configuring a Docker Repository, you will need to set the Registry Port in the Docker Repository Configuration Advanced tab. Together with the Public Server Name, this is the port the Docker client will use to pull images from and push images to the repository. Note that in order for all of your Docker repositories to be included in your reverse proxy configuration, first you need to set the port for each Docker repository defined in your system, and only then generate the reverse proxy configuration. Note also that each repository must be bound to a unique port

Best Practice

We recommend creating a Virtual Docker Repository which aggregates all of your other Docker repositories, and use that to pull and push images. This way you only need to set up the NGINX configuration for that virtual repository.

Docker Settings in HTTP SettingsCorresponding HTTP Settings in Docker Repository Advanced Configuration


Using Direct Access

To access your Docker repositories Without a Reverse Proxy, you should select Repository Path as the Docker Access Method in the Docker Setting Panel of the HTTP Settings screen. 

Docker Settings in HTTP SettingsCorresponding HTTP Settings in Docker Repository Advanced Configuration



REST API

Artifactory also supports managing reverse proxy configuration through the REST API using the following endpoints:

Get Reverse Proxy Configuration
Retrieves the reverse proxy configuration JSON.
Update Reverse Proxy Configuration
Updates the reverse proxy configuration.
Get Reverse Proxy Snippet
Gets the reverse proxy configuration snippet in text format.
Copyright © 2020 JFrog Ltd.