I have been trying to setup private docker repositories on a nexus, hosted on a digital ocean droplet, with an nginx in front of it. It appears that nexus and the maven repositories are working just fine but the docker repositories are not. The most related answer I could find was this SO answer but it got me nowhere.
My docker-compose file is configured as following:
version: "3.5"
services:
nexus:
image: sonatype/nexus3:${NEXUS_VERSION}
restart: always
container_name: nexus
ports:
- "8081:8081"
- "8090:8090"
- "8091:8091"
volumes:
- ./nexus/data:/nexus-data
- ./nexus/logs:/opt/sonatype/sonatype-work/nexus3/log
nginx:
image: nginx:${NGINX_VERSION}
container_name: nginx
restart: always
ports:
- "80:80"
- "8092:8092"
- "8093:8093"
- "443:443"
volumes:
- ./nginx/:/etc/nginx/conf.d/:ro
- ./nginx/certs:/etc/nginx/ssl/:ro
- ./nginx/logs:/var/log/nginx/
My nginx.config:
proxy_send_timeout 120;
proxy_read_timeout 300;
proxy_buffering off;
tcp_nodelay on;
client_max_body_size 0;
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
server {
listen 443 ssl;
location / {
proxy_pass http://nexus:8081/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 8092 ssl;
location / {
proxy_pass http://nexus:8090/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
access_log /var/log/nginx/access-docker-group.log;
}
}
server {
listen 8093 ssl;
location / {
proxy_pass http://nexus:8091/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
access_log /var/log/nginx/access-docker-private.log;
}
}
The output sudo lsof -i -P -n | grep LISTEN in the droplet:
docker-pr 137657 root 4u IPv4 1088073 0t0 TCP *:8091 (LISTEN)
docker-pr 137664 root 4u IPv6 1088080 0t0 TCP *:8091 (LISTEN)
docker-pr 137679 root 4u IPv4 1088811 0t0 TCP *:8090 (LISTEN)
docker-pr 137684 root 4u IPv6 1088814 0t0 TCP *:8090 (LISTEN)
docker-pr 137698 root 4u IPv4 1088831 0t0 TCP *:8081 (LISTEN)
docker-pr 137704 root 4u IPv6 1088834 0t0 TCP *:8081 (LISTEN)
docker-pr 144216 root 4u IPv4 1108464 0t0 TCP *:8093 (LISTEN)
docker-pr 144222 root 4u IPv6 1109509 0t0 TCP *:8093 (LISTEN)
docker-pr 144237 root 4u IPv4 1108483 0t0 TCP *:8092 (LISTEN)
docker-pr 144244 root 4u IPv6 1109530 0t0 TCP *:8092 (LISTEN)
docker-pr 144257 root 4u IPv4 1109551 0t0 TCP *:443 (LISTEN)
docker-pr 144262 root 4u IPv6 1109554 0t0 TCP *:443 (LISTEN)
docker-pr 144276 root 4u IPv4 1109575 0t0 TCP *:80 (LISTEN)
docker-pr 144281 root 4u IPv6 1109578 0t0 TCP *:80 (LISTEN)
But whenever I try to perform a docker login I get the following:
Error response from daemon: Get "https://<domain>:8092/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Both docker access logs are empty so I am guessing my nginx config is wrong but I just don't see it.
CodePudding user response:
It turned out that my setup was correct. The docker login succeeded when I used the IP of the droplet rather then the domain. This hinted to the fact that the custom https ports were somehow blocked. So it occurred to me that cloudflare might be imposing port restrictions. And voila, I found their network ports reference page and changed the ports in my docker-compose and managed to get the docker login to work with my domain.
HTTPS ports supported by Cloudflare
- 443
- 2053
- 2083
- 2087
- 2096
- 8443
Hope this helps.