How to create a Docker repository in Artifactory

Artifactory supports multiple repository types, Docker is one of them. To create a new Docker repository in Artifactory

Set the Custom Base URL of the Artifactory server

From the Artifactory documentation at https://www.jfrog.com/confluence/display/RTF/Configuring+NGINX

“When using an HTTP proxy, the links produced by Artifactory, as well as certain redirects contain the wrong port and use the http instead of https”

  1. On the left side select Admin,
  2. Under Configuration on the General page enter the actual URL you use to access the Artifactory server and click the Save button.

Create one virtual Docker repository for all of your Docker repositories

As recommended by the Artifactory documentation at https://www.jfrog.com/confluence/display/RTF/Configuring+a+Reverse+Proxy#ConfiguringaReverseProxy-DockerReverseProxySettings
create one virtual Docker repository to aggregate all other Docker repositories, so only this repository has to be set up on the reverse proxy server.

  1. On the left side select Admin,
  2. In the Repositories section on the Virtual page click New,
  3. Select the Docker package type,
  4. Enter a name for the repository,
  5. Command-click (CTRL-click on Windows) the configure reverse proxy link to open it in a new tab and generate the script to set up the reverse proxy server,

Create the reverse proxy script

  1. In the Configuration section on the Reverse Proxy page fill out the form. If the reverse proxy server will be installed on the Artifactory server, write localhost in the Internal Hostname field.

    If you use a load balancer in front of the Artifactory server that also contains the SSL certificate you don’t need to enable the HTTPS protocol. If you use wildcard certificate you can select the Sub Domain reverse proxy method.

Save the Virtual repository

  1. On the New Virtual repository tab click Next at the bottom of the page,
  2. The Advanced tab shows the name of the Docker Registry
  3. Click the Save & Finish button to create the repository.

Create the Docker local repository

The local Docker repository will store the Docker images

  1. On the left side select Admin,
  2. In the Repositories section on the Local page click New,
  3. Select the Docker package type,
  4. Enter a name for the repository and click Next,
  5. The Advanced tab shows the address of the repository using the reverse proxy,
  6. Click the Save & Finish button to create the repository.

 

Set up the Artifactory repository authentication

To secure Artifactory repositories follow the steps below

  1. Log into Artifactory as an administrator
  2. On the left select Admin

Add users

  1. In the Security menu select Users
  2. In the upper right select New

  3. Create users for admin, writer, and reader. Make sure the Can Update Profile checkbox is NOT checked, so if someone logs in with the service account credentials cannot change the account settings.

    1. REPOSITORY-NAME_admin,
    2. REPOSITORY-NAME_writer,
    3. REPOSITORY-NAME_reader.

Create security groups and add the new users to the groups

  1. In the Admin menu select Security and Groups
  2. On the Group Management page select New
  3. Create groups for admins, writers, and readers. Add “s” to the name of the group to differentiate it from the user.
    1. REPOSITORY-NAME_admins,
    2. REPOSITORY-NAME_writers,
    3. REPOSITORY-NAME_readers.
  4. In the Users section add the appropriate user to the group

Create permissions and add the groups to the permissions

  1. In the Security menu select Permissions
  2. In the upper right corner select New
  3. Create permissions to administer, write, and read the repository
    1. REPOSITORY-NAME_administer,
    2. REPOSITORY-NAME_write,
    3. REPOSITORY-NAME_read.
      1. Select the repository, click the green arrow to add the repository to the Selected Repositories list, and click Next
      2. Click the arrow next to the name of the group to add it to the list of groups
      3. Select the appropriate check boxes
        1. For writers select Delete/Overwrite, Deploy/Cache, Annotate, and Read
      4. Click the Save & Finish button.

To allow anonymous read access to the repository

To allow everyone to read the repository without authentication, add the anonymous user to the REPOSITORY-NAME_readers group.