一、概念
1. 承上启下
JFrog Artifactory 系列1 --- 安装与配置
2. 配置方式
如果希望通过Https访问JFrog Artifactory,有三种配置方式:
(1) 代理HTTPS方式:在代理软件(负载均衡软件)处配置TLS,代理软件与JFrog Artifactory的通信采用Http方式;
(2) 全HTTPS方式:在代理软件(负载均衡软件)和Artifactory处均配置TLS,代理软件与JFrog Artifactory的通信采用Https方式;
本文采用第一种配置方式。
二、Nginx + Https
1. Nginx的安装
2. Nginx的配置
(1) 创建配置文件
sudo vi /etc/nginx/conf.d/artifactory.conf
(2) 初始化配置文件
server { listen 80; server_name artifactory.lionlea.com; rewrite ^(.*)$ https://${server_name}$1 permanent; } server { listen 443 ssl; listen [::]:443 ssl ipv6only=on; server_name .artifactory.lionlea.com; if ($http_x_forwarded_proto = '') { set $http_x_forwarded_proto $scheme; } ssl_certificate /etc/nginx/ssl/artifactory.lionlea.com.crt.pem; ssl_certificate_key /etc/nginx/ssl/artifactory.lionlea.com.key.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:1m; ssl_session_tickets on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5'; ssl_prefer_server_ciphers on; access_log /var/log/nginx/artifactory.example.com-access.log timing; error_log /var/log/nginx/artifactory.example.com-error.log; rewrite ^/$ /ui/ redirect; rewrite ^/ui$ /ui/ redirect; chunked_transfer_encoding on; client_max_body_size 0; location / { proxy_read_timeout 2400s; proxy_pass_header Server; proxy_cookie_path ~*^/.* /; proxy_pass http://<artifactory-ip>:8082; proxy_next_upstream error timeout non_idempotent; proxy_next_upstream_tries 1; proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location ~ ^/artifactory/ { proxy_pass http://<artifactory-ip>:8081; } } }
(3) 创建证书和密钥
(4) 开放端口并启动服务
3. 测试
访问 https://artifactory.example.com
三、参考
1. 官方
https://jfrog.com/help/r/jfrog-artifactory-documentation/http-settings
https://jfrog.com/help/r/jfrog-artifactory-documentation/configuring-nginx
https://jfrog.com/knowledge-base/artifactory-how-to-enable-tls-within-the-jfrog-platform/
标签:JFrog,Artifactory,---,ssl,EECDH,proxy,server,com,artifactory From: https://www.cnblogs.com/eagle6688/p/17375559.html