Question

我正在使用版本4.7.0的artifactory，并按如下方式配置了docker虚拟存储库

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
    ## server configuration
## add ssl entries when https has been set in config
ssl_certificate      /etc/ssl/certs/artcert.pem;
ssl_certificate_key  /etc/ssl/certs/artkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers   on;
## server configuration
server {
    listen 443 ssl;
    listen 80 ;

    server_name localhost;
    if ($http_x_forwarded_proto = '') {
        set $http_x_forwarded_proto  $scheme;
    }
    ## Application specific logs
    ## access_log /var/log/nginx/localhost-access.log timing;
    ## error_log /var/log/nginx/localhost-error.log;
    rewrite ^/$ /artifactory/webapp/ redirect;
    rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
    location /artifactory/ {
    proxy_read_timeout  900;
    proxy_pass_header   Server;
    proxy_cookie_path ~*^/.* /;
    proxy_pass         http://localhost:8081/artifactory/;
    proxy_set_header   X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
    proxy_set_header    X-Forwarded-Port  $server_port;
    proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
    proxy_set_header    Host              $http_host;
    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
    }
}

## server configuration
server {
    listen 6555 ssl;


    server_name localhost;
    if ($http_x_forwarded_proto = '') {
        set $http_x_forwarded_proto  $scheme;
    }
    ## Application specific logs
    ## access_log /var/log/nginx/localhost-access.log timing;
    ## error_log /var/log/nginx/localhost-error.log;
    rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/docker-virtual/$1/$2;
    client_max_body_size 0;
    chunked_transfer_encoding on;
    location /artifactory/ {
    proxy_read_timeout  900;
    proxy_pass_header   Server;
    proxy_cookie_path ~*^/.* /;
    proxy_pass         http://localhost:8081/artifactory/;
    proxy_set_header   X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
    proxy_set_header    X-Forwarded-Port  $server_port;
    proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
    proxy_set_header    Host              $http_host;
    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
    }
}


}

我使用以下命令来psuh并提取存储库

docker pull localhost:6555/<my-image>:latest
docker login localhost:6555
docker push localhost:6555/<my-image>:latest

有没有办法可以隐藏用户的端口号并实现以下功能

docker pull localhost/<my-image>:latest
docker login localhost
docker push localhost/<my-image>:latest

我知道我可以将存储库配置为子域并删除端口，但这需要一个当前不是选项的通配符证书。我可以配置nginx来隐藏端口吗？

Answer 1

您已经在顶层配置上使用端口443（这是隐式SSL端口），为什么不将它用于Docker和web-ui访问？

您需要做的就是添加以下行：

 rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/docker-virtual/$1/$2;

也是443服务器块。 6555配置和443配置之间的唯一区别是重写规则，但这些实际上可以共存于同一服务器块上。一旦你这样做，你甚至可以摆脱6555。

如果使用端口443，则无需使用docker命令指定端口。

从神器中隐藏docker repos端口

1 个答案: