How to configure SSL on Artifactory Virtual Machine on Azure Marketplace

Here are steps for configuring Artifactory Virtual Machine in Azure Marketplace.


<STEP 1: Install SSL certificate on Nginx>

Artifactory Virtual Machine (VM) in Azure Marketplace come preconfigured with nginx. The nginx comes pre-configured with SSL on port 443, and it has a sample certificate for example.com. Here is the default configuration for port 443 (as part of /etc/nginx/conf.d/default.conf)

server {  listen 443 ssl;  server_name _;  ssl_certificate      /etc/nginx/ssl/demo.pem;  ssl_certificate_key  /etc/nginx/ssl/demo.key;  ssl_session_cache shared:SSL:1m;  ssl_session_timeout  5m;  ssl_ciphers  HIGH:!aNULL:!MD5;  ssl_prefer_server_ciphers   on;  client_max_body_size 0; # disable any limits to avoid HTTP 413  chunked_transfer_encoding on; # to avoid HTTP 411  location /artifactory {    proxy_pass          http://localhost:8081/artifactory;    proxy_read_timeout  900;    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;    proxy_set_header Host $http_host;    proxy_set_header X-Real-IP $remote_addr;    proxy_set_header X-Forwarded-Ssl on;    proxy_set_header X-Forwarded-Proto $scheme;  }}

You may replace the demo.pem and demo.key with your own certificate (and you need to update DNS for Azure – see instruction below). Please contact your Certificate Authority (e.g. Symantec, Entrust, GoDaddy) for more information on how to get a certificate.

Or, just for proof of concept purpose, you can use hosts table to route your local traffic for example.com to point to your Azure Virtual Machine’s external IP address using steps below.
1. Get your Artifactory Azure virtual machine’s external IP address
Azure portal (https://portal.azure.com) => Virtual machines => Public IP address
2. Edit your local machine’s hosts file (e.g. sudo vi /etc/hosts) 
    e.g. 123.456.789.123   example.com
3. If you are using this method, then you DO NOT need to update DNS for Azure (See Step 3 below)


<STEP 2: Add SSL port to Security Rule>

Next, you will need to ensure that the SSL is enabled at your Artifactory Azure VM’s Security rule. You may verify this at: 

Network Interface => Select the interface that your VM uses => Network Security Group => Select the Security group that your interface uses => Settings => Inbound security rules => Ensure that 443 (or anything that you want to use) is there

<STEP 3: Change DNS>

Change your VM’s DNS, so it uses your Domain name providers DNS servers. It can be changed at Azure Portal => Virtual machines => your Artifactory VM => Virtual network/subnet => your Virtual network => All settings => DNS servers => Custom DNS => Enter Primary DNS server and Secondary DNS server information that your domain name provider provided for you. 


<STEP 4: Verify your settings>

You can verify your settings by accessing Artifactory via the Subject name that is specified in your certificate (which should match your Domain name) (e.g. https://example.com/artifactory/webapp/#/home )