The reason why a reverse proxy is required before Artifactory is due to the Docker client limitation - you cannot use the context path when providing the registry path, for example sdpvvrwm812.ib.tor.company.com:8081/ artifactory / api / docker / docker-images .
The Docker client assumes that you are working with one large registry for all images, while Artifactory allows you to manage multiple registries (repositories) on a single server.
To overcome this problem, you must configure a reverse proxy server that allows the Docker client to send requests to the root context and redirect these requests to the correct repository path in Artifactory. For example, forwarding requests from sdpvvrwm812.ib.tor.company.com:8888/ to sdpvvrwm812.ib.tor.company.com:8081/artifactory/api/docker/docker-images
The Artifactory documentation contains configuration examples for NginX , Apache, and HAProxy .
Note that there are various configurations for the Docker v1 and v2 APIs.
After setting up the reverse proxy server, the Docker client must use the proxy server to access Artifactory.
If you use the -insecure-registry flag, there is no need to configure an SSL certificate. With older versions of Docker, before this flag was introduced (Docker 1.3.2), this was a prerequisite.
Dror Bereznitsky
source share