Home > OS >  sonatype nexus behind nginx proxy returns 401 unauthorized
sonatype nexus behind nginx proxy returns 401 unauthorized

Time:04-06

I have a Sonatype Nexus docker container running and together with it, I am using nginx as the reverse proxy. After setting everything up and trying to connect using the docker login command. I am getting 401 in my log

docker login -u test -p test123 https://nexux.mydomain.net:28080

Output from console

Get "https://nexus.mydomain.net:28080/v2/": error parsing HTTP 404 response body: invalid character '<' looking for beginning of value: "\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n  <title>404 - Nexus Repository Manager</title>\n  <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\"/>\n\n\n  <!--[if lt IE 9]>\n  <script>(new Image).src=\"../favicon.ico?3.38.1-01\"</script>\n  <![endif]-->\n  <link rel=\"icon\" type=\"image/png\" href=\"../favicon-32x32.png?3.38.1-01\" sizes=\"32x32\">\n  <link rel=\"mask-icon\" href=\"../safari-pinned-tab.svg?3.38.1-01\" color=\"#5bbad5\">\n  <link rel=\"icon\" type=\"image/png\" href=\"../favicon-16x16.png?3.38.1-01\" sizes=\"16x16\">\n  <link rel=\"shortcut icon\" href=\"../favicon.ico?3.38.1-01\">\n  <meta name=\"msapplication-TileImage\" content=\"../mstile-144x144.png?3.38.1-01\">\n  <meta name=\"msapplication-TileColor\" content=\"#00a300\">\n\n  <link rel=\"stylesheet\" type=\"text/css\" href=\"../static/css/nexus-content.css?3.38.1-01\"/>\n</head>\n<body>\n<div class=\"nexus-header\">\n  <a href=\"..\">\n    <div class=\"product-logo\">\n      <img src=\"../static/rapture/resources/icons/x32/nexus-white.png?3.38.1-01\" alt=\"Product logo\"/>\n    </div>\n    <div class=\"product-id\">\n      <div class=\"product-id__line-1\">\n        <span class=\"product-name\">Nexus Repository Manager</span>\n      </div>\n      <div class=\"product-id__line-2\">\n        <span class=\"product-spec\">OSS 3.38.1-01</span>\n      </div>\n    </div>\n  </a>\n</div>\n\n<div class=\"nexus-body\">\n  <div class=\"content-header\">\n    <img src=\"../static/rapture/resources/icons/x32/exclamation.png?3.38.1-01\" alt=\"Exclamation point\" aria-role=\"presentation\"/>\n    <span class=\"title\">Error 404</span>\n    <span class=\"description\">Not Found</span>\n  </div>\n  <div class=\"content-body\">\n    <div class=\"content-section\">\n      Not Found\n    </div>\n  </div>\n</div>\n</body>\n</html>\n\n"

log output from nginx

192.168.10.200 - - [05/Apr/2022:09:09:15  0000] "GET /v2/ HTTP/1.1" 401 113 "-" "Docker-Client/20.10.14 (linux)"
192.168.10.200 - test [05/Apr/2022:09:09:15  0000] "GET /v2/token?account=test&client_id=docker&offline_token=true&service=https://nexus.mydomain.net/v2/token HTTP/1.1" 404 730 "-" "Docker-Client/20.10.14 (linux)"

nginx virtualhost config

server {                                                                         
    listen 443 ssl;                     
    server_name nexus.mydomain.net;                                             
                                        
    ssl_certificate /etc/nginx/certs/nexus.crt; 
    ssl_certificate_key /etc/nginx/certs/nexus.key;                              
                                                                                 
    # allow large uploads of files                                               
    client_max_body_size 1G;                                                     
                                        
    location / {                                                                 
        # Internal host name/FQDN                                                
        proxy_pass http://10.0.0.4:8081; 

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

server {
    listen 28080 ssl;
    server_name nexus.mydomain.net;

    ssl_certificate /etc/nginx/certs/nexus.crt; 
    ssl_certificate_key /etc/nginx/certs/nexus.key;

    # allow large uploads of files
    client_max_body_size 1G;

    location / {
        # Internal host name/FQDN
        proxy_pass http://10.0.0.4:18080;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

I have both the Docker Bearer Token realm and RUT realm enabled.

What else am I missing here?

CodePudding user response:

You need to set the port in the host header so the response sent by Nexus will include it:

proxy_set_header Host $host:$server_port

I'd also suggest forwarding directly to the repository, there is no need to use a connector port on the docker repository.

    proxy_pass http://10.0.0.4:8081/repository/docker-repo-name;

Creating connector ports adds considerable overhead to the instance, and there is no need for it in this case.

CodePudding user response:

The solution was simply to use

proxy_set_header      Host $http_host;

And everything worked.

Page link:https//www.codepudding.com/os/362081.html

Prev:Delphi XML ChildNodes.FindNode does not work with CDATA
Next:'Access-Control-Allow-Credentials' header in the response is '' which must be &#
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding