Skip to main content Skip to complementary content

Enable SSL for Artifactory


  1. Generate a CA certificate request.
    ➜ zhengshu openssl req -new-key local.key -out local.csr
    req: Unrecognized flag new-key
    req: Use -help for summary.
    ➜ zhengshu openssl req -new -key local.key -out local.csr
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    Country Name (2 letter code) [AU]:FR
    State or Province Name (full name) [Some-State]:FR
    Locality Name (eg, city) []:Surness
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Talend
    Organizational Unit Name (eg, section) []:Developer
    Common Name (e.g. server FQDN or YOUR name) []:RD
    Email Address []
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:tacadmin
    An optional company name []:tac

    The local.csr file is generated.

  2. Configure nginx to use HTTP or HTTPS.
    ## add ssl entries when https has been set in config
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_certificate      /etc/nginx/ssl/;
    ssl_certificate_key  /etc/nginx/ssl/;
    ssl_session_cache shared:SSL:1m;
    ssl_prefer_server_ciphers   on;
    ## server configuration
    server {
        listen 443 ssl;
        listen 80 ;
        if ($http_x_forwarded_proto = '') {
            set $http_x_forwarded_proto  $scheme;
        ## Application specific logs
        ## access_log /var/log/nginx/ timing;
        ## error_log /var/log/nginx/;
        rewrite ^/$ /ui/ redirect;
        rewrite ^/ui$ /ui/ redirect;
        chunked_transfer_encoding on;
        client_max_body_size 0;
        location / {
            proxy_read_timeout  2400s;
            proxy_pass_header   Server;
            proxy_cookie_path   ~*^/.* /;
            proxy_pass          http://<artifactory-ip>:8082;
            proxy_next_upstream error timeout non_idempotent;
            proxy_next_upstream_tries    1;
            proxy_set_header    X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
            proxy_set_header    X-Forwarded-Port  $server_port;
            proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
            proxy_set_header    Host              $http_host;
            proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
            location ~ ^/artifactory/ {
                proxy_pass    http://<artifactory-ip>:8081;

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!