How to configure Artifactory as a Docker registry with F5 (BIG-IP) and HTTPS?

How to configure Artifactory as a Docker registry with F5 (BIG-IP) and HTTPS?

AuthorFullName__c
Kfir Avraham
articleNumber
000004318
ft:sourceType
Salesforce
FirstPublishedDate
2018-11-01T17:25:20Z
lastModifiedDate
2021-05-03
VersionNumber
7
 

Please note, following breaking changes introduced in Artifactory version 7.x, below there are the required iRule configurations for both, Artifactory versions below version 7.x and for Artifactory versions 7.x and above to be used accordingly.


The Repository Path method:

From Artifactory version 5.8 it is possible to work with Artifactory as a Docker registry with the Repository Path method, with this method it is possible to work with Artifactory without the need of a reverse proxy configuration.
If you would like to use the Repository Path method and have an HTTPS connection, it is possible achieve it by configuring a reverse proxy in front Artifactory. 
Furthermore, in case the reverse proxy is Nginx or Apache, you may simply generate the required configuration for the proxy from Artifactory UI.


Otherwise, in case F5's BIG-IP  is configured to work with secure connection in front of Artifactory it will be required to add the following iRule to the F5's BIG-IP Virtual Server configuration:

For Artifactory versions below 7.x:

when HTTP_REQUEST {
     set ARTI_PROTO https
     set ARTI_HOST <server-name>
         HTTP::header insert X-Artifactory-Override-Base-Url "$ARTI_PROTO://$ARTI_HOST/artifactory"
         HTTP::header insert X-Forwarded-Proto "$ARTI_PROTO"
}


For Artifactory versions 7.x and above:

when HTTP_REQUEST {
    set ARTI_PROTO https
    set ARTI_HOST <server-name>
        HTTP::header insert X-JFrog-Override-Base-Url $ARTI_PROTO://$ARTI_HOST
        HTTP::header insert X-Forwarded-Proto "$ARTI_PROTO"
}

 

The Subdomain method:

To configure F5's BIG-IP in order to work with Artifactory as a Docker registry with the Subdomain method and HTTPS connection, it will be required to add the following iRule to the F5's BIG-IP Virtual Server configuration:

For Artifactory versions below 7.x:
 

when HTTP_REQUEST {
    if { [HTTP::host] contains "docker" && [HTTP::uri] starts_with "/v2/" } {
        set ARTI_PROTO https
        set ARTI_HOST <server-name>
            scan [HTTP::host] %\[^.\].%\[^.\].%\[^.\].%\[^.\].%s REPO APP ENV DOMAIN TLD
            HTTP::uri /artifactory/api/docker/$REPO[HTTP::uri]
            HTTP::header insert X-Forwarded-Proto "$ARTI_PROTO"
            HTTP::header insert X-Artifactory-Override-Base-Url "$ARTI_PROTO://$ARTI_HOST/artifactory"
       }
    }

 

For Artifactory versions 7.x and above:
 

when HTTP_REQUEST {
    if { [HTTP::host] contains "docker" && [HTTP::uri] starts_with "/v2/" } {
        set ARTI_PROTO https
        set ARTI_HOST <server-name>
            scan [HTTP::host] %\[^.\].%\[^.\].%\[^.\].%\[^.\].%s REPO APP ENV DOMAIN TLD
            HTTP::uri /artifactory/api/docker/$REPO[HTTP::uri]
            HTTP::header insert X-Forwarded-Proto "$ARTI_PROTO"
            HTTP::header insert X-JFrog-Override-Base-Url $ARTI_PROTO://$ARTI_HOST
      }
}

 

The Port method:

To configure F5's BIG-IP in order to work with Artifactory as a Docker registry with the Port method and HTTPS connection, it will be required to add the following iRule to the F5's BIG-IP Virtual Server configuration:

For Artifactory versions below 7.x:
 

when HTTP_REQUEST {
    if {[HTTP::uri] starts_with "/v2/" } {
        set ARTI_PROTO https 
        set ARTI_PORT <port>
        set ARTI_HOST <server-name>
            HTTP::uri /artifactory/api/docker/<repository-name>[HTTP::uri]
            HTTP::header insert X-Forwarded-Proto $ARTI_PROTO
            HTTP::header insert X-Forwarded-Port $ARTI_PORT
            HTTP::header insert X-Artifactory-Override-Base-Url $ARTI_PROTO://$ARTI_HOST:$ARTI_PORT/artifactory
    }
}

 

For Artifactory versions 7.x and above:
 

when HTTP_REQUEST {
    if {[HTTP::uri] starts_with "/v2/" } {
        set ARTI_PROTO https 
        set ARTI_PORT <port>
        set ARTI_HOST<server-name>
            HTTP::uri /artifactory/api/docker/<repository-name>[HTTP::uri]
            HTTP::header insert X-Forwarded-Proto $ARTI_PROTO
            HTTP::header insert X-Forwarded-Port $ARTI_PORT
            HTTP::header insert X-JFrog-Override-Base-Url $ARTI_PROTO://$ARTI_HOST:$ARTI_PORT
    }
}


*Please refer to our wiki page about Getting Started with Artifactory as a Docker Registry for more information.