Access to Nexus Container Registry behind AWS Load Balancer

Up until now, access to our Nexus Container Registry on port 5400 has been handled by going through a Classic Load Balancer on AWS cloud. The server is running on an EC2 instance, using Docker Compose. Port 5400 on the EC2 host is mapped to the Nexus container. The CLB has an SSL listener on port 5400.

Recently we decided to consolidate our services, using an Application Load Balancer to handle a few services that are up to now handled by dedicated CLBs, one of which is Nexus.

So we setup a HTTPS listener on port 5400 of the ALB, and configured a host-header-based rule to send all HTTPS requests to port 5400 of the ALB to the host that is hosting the Nexus server.

Telnet to port 5400 is working, the port is responding. However we see that the “docker login” command fails like this:

$ docker login Authenticating with existing credentials… Login did not succeed, error: Error response from daemon: login attempt to failed with status: 502 Bad Gateway

Now, I see in the AWS docs that “Application Load Balancers do not support SSL renegotiation for client or target connections.”

Could this be the reason for our problem? Any other suggestions?