Have a question? Want to report an issue? Contact JFrog support

Skip to end of metadata
Go to start of metadata

Setting Up the NGINX Server

You can use Artifactory behind an nginx server.

When setting up nginx as a front end to Artifactory it is recommended to use HTTP or HTTPS.

Using HTTP or HTTPS

You must set the base URL in Artifactory itself so that the links in the user interface appear correctly.

In the example below, the configuration assumes that the Tomcat HTTP connector runs on port 8081.

Page Contents



Page Contents

Seeing timeouts on large file uploads?

Up-to-date versions of Nginx have 'proxy_request_buffering' enabled by default. With request buffering enabled, Nginx buffers the entire client payload prior to sending it to the Artifactory upstream. As a result, you might see a certain stall that could range from several seconds to several minutes depending on your network performance, after the client finishes transmitting all the bytes to Nginx, as Nginx would be busy tranmitting all the bytes to the Artifactory upstream at once. If this stall ranges more than a few seconds, you may start seeing client request timeouts depending on which client is used. If you are seeing timeouts, consider turning off proxy_request_buffering with the following directives:

proxy_request_buffering off;

proxy_http_version 1.1;

Configuring nginx to use HTTP or HTTPS
## add ssl entries when https has been set in config
ssl_certificate      /etc/nginx/ssl/docker.jfrog.com.crt;
ssl_certificate_key  /etc/nginx/ssl/docker.jfrog.com.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers   on;
## server configuration
server {
    listen 443 ssl;
    listen 80 ;
    
    server_name artifactory.jfrog.com;
    if ($http_x_forwarded_proto = '') {
        set $http_x_forwarded_proto  $scheme;
    }
    ## Application specific logs
    ## access_log /var/log/nginx/artifactory.jfrog.com-access.log timing;
    ## error_log /var/log/nginx/artifactory.jfrog.com-error.log;
    rewrite ^/$ /artifactory/webapp/ redirect;
    rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
	chunked_transfer_encoding on;
    client_max_body_size 0;
    location / {
    proxy_read_timeout  900;
    proxy_pass_header   Server;
    proxy_cookie_path   ~*^/.* /;
    if ( $request_uri ~ ^/artifactory/(.*)$ ) {
        proxy_pass          http://<rproxy_artifactory>:8081/artifactory/$1;
    }
    proxy_pass         http://rproxy_artifactory:8081/artifactory/;
    proxy_set_header   X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/<public context>;
    proxy_set_header    X-Forwarded-Port  $server_port;
    proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
    proxy_set_header    Host              $http_host;
    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
    }
}

Internal Proxies

Regular expression (using java.util.regex) that a proxy's IP address must match to be considered an internal proxy. Internal proxies that appear in the remoteIpHeader are trusted and do not appear in the proxiesHeader value.

If not specified, the default value of 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3} is used.

Configuring a Custom URL Base in Artifactory

When using an HTTP proxy, the links produced by Artifactory, as well as certain redirects contain the wrong port and use the http instead of https.  

Therefore, you must configure a custom base URL as follows:

  1. On the Admin tab select Configuration | General Custom URL Base field.
  2. Set the Custom URL Base field to the value used to contact Artifactory on Apache
    For example: https://artifactory.yourdomain.com/artifactory

Please refer to General Configuration for more details about configuring the base URL.

Advanced Tomcat Configuration

On Tomcat you may modify your HTTP connector configuration to support advanced capabilities, for example:

Configuring the HTTP connector
<Connector port="8081" protocol="HTTP/1.1"
 maxThreads="500" minSpareThreads="20"
 enableLookups="false" disableUploadTimeout="true"
 backlog="100"/> 

HTTP connector location

By default, the HTTP Connector can be found in $CATALINA_HOME/conf/server.xml

  • No labels