Let's break down your problems step by step and get your Artifactory proxy working correctly.

Core Issues Identified #

1. Container Communication Mistake: Your Nginx config uses localhost:8082 to reach Artifactory, but in Docker Compose, each container has its own network stack. localhost inside the Nginx container points to itself, not the Artifactory container. You need to use the service name artifactory instead.
2. Artifactory 7.x Port Changes: Artifactory 7.x consolidated most traffic (UI, API, repositories) to port 8082. Port 8081 is no longer used for external access, so mapping it in your docker-compose is unnecessary.
3. Incorrect Base URL Configuration: The ART_BASE_URL environment variable in your Nginx container points to the wrong internal address, and your Artifactory base URL setting is conflicting with the proxy setup.
4. SSL & Redirect Misconfiguration: Enabling SSL without proper internal proxy setup causes invalid redirects and 502 errors.

Step 1: Fix Docker Compose File #

Update your docker-compose.yml to remove unused ports and correct the base URL environment variable:

version: '2'
services:
  artifactory:
    image: docker.bintray.io/jfrog/artifactory-pro:7.2.1
    container_name: artifactory
    ports:
      - 8082:8082  # Only this port is needed for Artifactory 7.x
    volumes:
      - /data/artifactory:/var/opt/jfrog/artifactory
    restart: always
    ulimits:
      nproc: 65535
      nofile:
        soft: 32000
        hard: 40000
  nginx:
    image: docker.bintray.io/jfrog/nginx-artifactory-pro:7.2.1
    container_name: nginx
    ports:
      - 80:80
      - 443:443
    depends_on:
      - artifactory
    links:
      - artifactory
    volumes:
      - /data/nginx:/var/opt/jfrog/nginx
    environment:
      # Point to the Artifactory container's internal address
      - ART_BASE_URL=http://artifactory:8082/artifactory
      - SSL=true
      # Keep this commented unless you want to manage config manually
      #- SKIP_AUTO_UPDATE_CONFIG=true
    restart: always
    ulimits:
      nproc: 65535
      nofile:
        soft: 32000
        hard: 40000

Step 2: Corrected Nginx Configuration #

Replace your Nginx config with this Artifactory 7.x-compatible version. Key fixes include container network addressing and proper forwarded headers:

ssl_protocols TLSv1.2 TLSv1.3;  # Drop older TLS versions for security
ssl_certificate /var/opt/jfrog/nginx/ssl/example.crt;
ssl_certificate_key /var/opt/jfrog/nginx/ssl/example.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers on;

## server configuration
server {
    listen 443 ssl;
    listen 80;
    server_name 192.168.211.207;  # Use your actual server IP/domain

    # Redirect HTTP to HTTPS (optional but recommended)
    if ($scheme = http) {
        return 301 https://$host$request_uri;
    }

    ## Application specific logs
    # access_log /var/log/nginx/artifactory-access.log timing;
    # error_log /var/log/nginx/artifactory-error.log;

    # Docker repository rewrite rule
    if ($host ~* (?<repo>.+)\.192.168.211.207) {
        rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2;
    }

    rewrite ^/$ /ui/ redirect;
    rewrite ^/ui$ /ui/ redirect;

    proxy_buffer_size 128k;
    proxy_buffers 4 256k;
    proxy_busy_buffers_size 256k;
    chunked_transfer_encoding on;
    client_max_body_size 0;  # Allow unlimited upload size

    location / {
        proxy_read_timeout 2400s;
        proxy_pass_header Server;
        proxy_cookie_path ~*^/.* /;
        # Use Artifactory service name for container communication
        proxy_pass http://artifactory:8082;
        # Override base URL with external HTTPS address
        proxy_set_header X-JFrog-Override-Base-Url https://$host;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        location ~ ^/artifactory/ {
            proxy_pass http://artifactory:8082;
        }
    }
}

Step 3: Final Setup Steps #

1. Stop existing containers:

   docker-compose down
   

2. Update Artifactory Base URL:
   • Access Artifactory directly via http://192.168.211.207:8082
   • Go to Admin > General > Base URL
   • Set it to https://192.168.211.207/artifactory and save
3. Restart containers:

   docker-compose up -d
   

Why This Works #

• Container Communication: Using artifactory:8082 lets Nginx reach the Artifactory container via Docker's internal network.
• Proper Base URL: The X-JFrog-Override-Base-Url header tells Artifactory to generate correct links for external HTTPS access, preventing invalid redirects.
• Simplified Ports: We removed the unused 8081 port to avoid confusion.
• SSL Redirect: Optional HTTP-to-HTTPS redirect ensures users land on the secure endpoint.

内容的提问来源于stack exchange，提问作者user3581412