I was using docker-compose to deploy artifactory 5.3.1 and nginx. I read the instructions for : "Artifactory Pro with Derby and Nginx for https support" and I ran :
$ sudo ./prepareHostEnv.sh -t pro -c
Since I wanted reverse-proxy (I'm using artifactory for docker images as well) I also created my certs on the same box :
root@ip-10-0-0-96:/data/nginx/ssl# ls -asl
total 16
4 drwxr-xr-x 2 syslog crontab 4096 May 26 19:24 .
4 drwxr-xr-x 6 syslog crontab 4096 May 28 14:40 ..
4 -rw-r--r-- 1 syslog crontab 3272 May 26 19:24 art5.key
4 -rw-r--r-- 1 syslog crontab 1805 May 26 19:24 art5.pem
and I created my keys this way in the /data/nginx/ssl directory :
openssl req -nodes -x509 -newkey rsa:4096 -keyout art5.key -out art5.pem -days 356 -subj "/C=US/CN=mymachine.mydomain.com"
I then ran "docker-compose -f artifactory-pro-nginx-derby.yml up -d" and the artifactory and nginx containers startup.
From another machine I connect to http://mymachine.mydomain.com:8081 and I see artifactory starting up. I then tell the setup to create my admin user, and create a docker repo (which gets called docker-local which is ok cause I'm learning) and I make sure admin is allowed to read the "docker-local" repo. Nginx also allows http://mymachine.mydomain.com/ and https://mymachine.mydomain.com to work. The fun starts there ... from the cli on another machine I issue :
docker login mymachine.mydomain.com
username: admin
password:
Error response from daemon: Get https://mymachine.mydomain.com/v1/users/: x509: certificate signed by unknown authority
https through nginx is working :
curl -I -k -v https://mymachine.mydomain.com
- Rebuilt URL to: https://mymachine.mydomain.com/
- Trying 4.7.3.2...
- Connected to mymachine.mydomain.com (4.7.3.2) port 443 (#0)
- TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- Server certificate: mymachine.mydomain.com
HEAD / HTTP/1.1
Host: mymachine.mydomain.com
User-Agent: curl/7.43.0
Accept: /
< HTTP/1.1 302 Moved Temporarily
HTTP/1.1 302 Moved Temporarily
< Server: nginx/1.11.10
Server: nginx/1.11.10
< Date: Sun, 28 May 2017 14:56:33 GMT
Date: Sun, 28 May 2017 14:56:33 GMT
< Content-Type: text/html
Content-Type: text/html
< Content-Length: 162
Content-Length: 162
< Location: https://mymachine.mydomain.com/artifactory/webapp/
Location: https://mymachine.mydomain.com/artifactory/webapp/
< Connection: keep-alive
Connection: keep-alive
<
- Connection #0 to host mymachine.mydomain.com left intact
docker -v
Docker version 17.03.0-ce, build 3a232c8
docker-compose --version
docker-compose version 1.13.0, build 1719ceb
uname -a
Linux ip-10-0-0-96 4.4.0-78-generic #99-Ubuntu SMP Thu Apr 27 15:29:09 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS"
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
35e36b270575 docker.bintray.io/jfrog/nginx-artifactory-pro:5.3.1 "/bin/sh -c /entry..." 43 hours ago Up 43 hours 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp nginx
e3f27bc62fd3 docker.bintray.io/jfrog/artifactory-pro:5.3.1 "/bin/sh -c /entry..." 43 hours ago Up 43 hours 0.0.0.0:8081->8081/tcp artifactory
Not using HTTPS requires Docker clients to add an --insecure-registry flag to DOCKER_OPTS ... but I HTTPS is obviously working cause I can get through in my web browser. Are there additional options I need to set on artifactory and/or from the machine I'm running 'docker login mymachine.mydomain.com' from ?