Try JFrog
Guides
Contact SupportTry JFrog
Start typing to search…
  1. Subscription and Usage
  2. MyJFrog for Cloud

Manage Custom Domain Names in MyJFrog

📘

Subscription Information

This feature is supported on Cloud (SaaS) platform, with an Enterprise X or Enterprise+ license.

❗️

Important

  • By uploading an SSL certificate and associating it with a JPD, you confirm that you are the lawful owner or authorized representative of f the domain.
  • If it is discovered or reported that a domain associated with your SSL certificate does not belong to you or that you lack the necessary rights, or if we have reasonable belief of the existence of any of the foregoing, we reserve the right to revoke or suspend, at our sole discretion, any association of yours with the applicable domain(s) without notice.
  • It is your responsibility to comply with applicable laws and regulations regarding domain ownership.
  • Contact our Support team for any concerns or questions.

The custom domain name feature allows you to provision, manage, deploy and renew a secure canonical name (CNAME) for your JPDs. For REST API documentation, see Custom Domain Name REST APIs. This means that you can allocate a custom URL to point to your JPDs. You can set up a custom domain name through MyJFrog: to learn which users can use this feature, see User Roles.

Domain names are assessed against the standards outlined in RFC1034, Section 3, and RFC1123, Section 2.1. Any domain names that do not adhere to these standards will be deemed invalid and therefore unusable.

To get started, you will need to provide a valid SSL certificate, since JFrog requires an HTTPS protocol to serve traffic over your custom domain name. After adding the certificate, you will be able to select the relevant domains under the SSL certificate and point them to the selected JPDs.

📘

Note

There is a limit of 30 SSL objects per subscription, meaning that each subscription can define up to 30 SSL certificates with up to 100 associated domains under each. If you have special cases or specific requests which exceed this limit, please reach out to our Support team for further assistance.

Certificate Requirements

Verify that your SSL certificate matches the following prerequisites:

  • Verify that your SSL certificate is in a valid PEM format and that the private key is generated using either the RSA or ECDSA algorithm.

  • The certificate must have at least one of the following extended key usages (EKUs):

    • TLS Web Client Authentication
    • TLS Web Server Authentication.

  • The certificate is currently valid and must have at least 30 days left for expiration.

  • If your certificate is signed by an external authority (for example, GoDaddy), ensure to include the full certificate chain. This ensures proper validation of your SSL certificate.

  • Make sure the certificate body is associated with the public key (same public key on both).

  • Private keys meet the following requirements:

    Encrypted (password-protected) private keys are not supported.

    RSA keys:

    • Minimum 2048 bits (recommended 3072+ for new keys)
    • Supported formats: RSA PKCS#1, PKCS#8

    ECDSA keys:

    • Minimum 256 bits (P-256 curve), maximum 521 bits (P-521 curve)
    • Supported formats: SEC#1 (EC PRIVATE KEY), PKCS#8
    • Supported curves: P-256 (secp256r1), P-384 (secp384r1), P-521 (secp521r1)

Create a New Custom Domain Name in MyJFrog

To create a new custom domain name:

  1. In the Settings page, go to the Custom Domain Name tab, and click + Create New.

  2. Enter your SSL certificate details: your certificate name, body, private key, and certificate chain, if applicable. When you are done, click Next.

  3. Define domain.

    Select a JPD from the drop-down menu and define the domain name you wish to associate to it (correlated to the domains defined under the SSL certificate). Click + Define Domain to add multiple domains.

    If you have docker subdomains, you will be requested to select for each domain whether it is a platform base URL or subdomain.

    If necessary, select Docker Subdomain with Repo Override Name to define an explicit repository name (not derived from the configured domain name). Note that we do not recommend this as it is not a best practice.

📘

Note

To use Docker subdomains, make sure that your certificate contains a subdomain for the domain you are defining. For example: artifactory.com should contain either a specific subdomain per repository name (docker-local.artifactory.com), or a wildcard to cover all Docker repositories (*.artifactory.com). Note that Docker Subdomain with Repo Override Name does not support wildcard domain selection; Please define a domain name.

Examples

*.my.company.com - API to the any docker repository. The name of the repository is substituted by *.

docker.my.company.com - API to the docker repository called docker.

Docker Override Name

myoverride.my.company.com - Docker override name with a value of docker-local.

API to the docker repository called docker-local with an override domain myoverride.my.company.com.

📘

Note

For each domain, you can only assign one JPD per provider’s region.

When you are satisfied with your selection, click Done.

  1. Once the record appears on the dashboard as Active, access your DNS provider platform’s settings and add the CNAME records to your domain as follows:

Manage Domains in MyJFrog

To manage the domains or JPDs that are associated with a specific SSL certificate:

  1. Go to Settings > Custom Domain Name. Click the option menu (three dots) next to the certificate name and select Manage Domains.

  2. Add, delete, or edit the domain and associated JPDs. When you are satisfied, click Done.

Renew an SSL Certificate in MyJFrog

To renew an expired certificate:

  1. Click Renew SSL next to the certificate status.

  2. Edit your SSL certificate details: your certificate name (optional), body, private key, and certificate chain. You may change all or some of these fields. When you are done, click Next.

  3. Set up the domain: your current domains can not be edited, only removed, or you can add new domains and edit the JPDs associated with your domains. When you are satisfied, click Done.

📘

Note

  • Your new certificate must be valid for at least 30 days to process the renewal.
  • Make sure the new SSL covers the defined domains under the existing SSL, or delete the redundant domains.

Delete an SSL Certificate in MyJFrog

To delete a certificate:

  1. Click the option menu (three dots) next to the certificate name and select Delete.

  2. In the popup screen, type “I agree” and click Confirm.

📘

Note

When deleting a certificate, all domains associated with it are removed and all JPD links are blocked.


Updated 2 months ago