Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ansible/artifactory] Bugfix when enabling artifactory_docker_registry_subdomain #359

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

bbaassssiiee
Copy link
Contributor

PR Checklist

[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]

  • Title of the PR starts with installer/product name (e.g. [ansible/artifactory])
  • CHANGELOG.md updated
  • Variables and other changes are documented in the README.md

What this PR does / why we need it:
Amends server_name to create a repo variable in Nginx config. That is needed for the rewrite rule when artifactory_docker_registry_subdomain is true.

 {% if artifactory_docker_registry_subdomain %}rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2;{% endif %}

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #353

Special notes for your reviewer:

@bbaassssiiee
Copy link
Contributor Author

Compare the generated config of Artifactory with /ui/admin/artifactory/configuration/reverse_proxy

###########################################################
## this configuration was generated by JFrog Artifactory ##
###########################################################

## add ssl entries when https has been set in config
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate      /etc/pki/tls/certs/cert.pem;
ssl_certificate_key  /etc/pki/tls/private/cert.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers   on;
## server configuration
server {
    listen 443 ssl;
    
    server_name ~(?<repo>.+)\.artifactory.example.com artifactory.example.com;
    
    if ($http_x_forwarded_proto = '') {
        set $http_x_forwarded_proto  $scheme;
    }
    ## Application specific logs
    ## access_log /var/log/nginx/artifactory.example.com-access.log timing;
    ## error_log /var/log/nginx/artifactory.example.com-error.log;
    rewrite ^/$ /ui/ redirect;
    rewrite ^/ui$ /ui/ redirect;
    rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2;
    chunked_transfer_encoding on;
    client_max_body_size 0;
    location / {
    proxy_read_timeout  2400s;
    proxy_pass_header   Server;
    proxy_cookie_path   ~*^/.* /;
    proxy_buffer_size 128k;
    proxy_buffers 40 128k;
    proxy_busy_buffers_size 128k;
    proxy_pass          http://artifactory.example.com:8082;
    proxy_set_header    X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
    proxy_set_header    X-Forwarded-Port  $server_port;
    proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
    proxy_set_header    Host              $http_host;
    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Strict-Transport-Security always;

        location ~ ^/artifactory/ {
            proxy_pass    http://artifactory.example.com:8081;
        }
    }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[ansible/artifactory] support for subdomains in Nginx (for docker repositories)
1 participant