I’m using nexus 3.14 on CentOS 6.9 for academic reasons and I came across a problem during config phase.
What I would like is to run this nexus repo on my local server via https, behind reverse proxy (i’m using apache 2.2) and my steps was:
create a self-signed cert by openssl (.crt and .key)
add this crt in keystore.jks
set up a new vhost in httpd.conf like this:
<VirtualHost :443>
** ServerName nexus.example.it*
** ServerAlias nexus.example.it**
** <Proxy >*
** Order deny,allow**
** Allow from all**
** **
I’ve added nocanon directive cause my endpoint have /nexus.
When I restart the httpd service, nexus give me some errors like this:
[warn] RSA server certificate CommonName (CN) `example’ does NOT match server name!?
First time i’ve thought that was an error in certificate’s directives (when i wrote his properties during openssl session) but CN = CommonName is correct.
I’ve read apache logs and I can’t get out yet so i come here to find someone who can help me.
Am I wrong about something in vhost?
PS.= I have not changed the jetty settings intentionally cause i need to enable https just by apache.
Yes, I think that the problem stay here.
Maybe, certs generated by openssl have some kind of incompatibility unlike creation by keytool.
Just to understand, when i wrote SAN to map my dnss I won’t add, for example (nexus.example.it/nexus) but just (nexus.example.it) and the console output will be like this:
-ext 'SAN=DNS:*.example.it,DNS:nexus.example.com’
also in the specification of the:
-dname 'CN=nexus.example.it
I’ll also add RequestHeader set X-Forwarded-Proto “https” so, let me try this way!
Thanks anyway…i’ll reply later
Hi Rich…
I’ve follow your advices and now https work fine so thanks a lot!
There is a little particular…you remember I’ve told you that my domain was nexus.example .it/nexus ok but, when I try to reach nexus.example.it (index page of my domain) I receive:
## HTTP ERROR 404
Problem accessing /. Reason:
Not Found
[Powered by Jetty:// 9.4.11.v20180605](http:// eclipse. org/jetty)
The cert was for nexus.example.it as I said above (CN and SAN). How it’s possible?
Finally, i want to redirect http over https so when I attempt to reach (http://nexus…) he must sends me under https…I’ve tryed to add this config but seems not work:
I’ve solved the http redir creating .htaccess file in nexus root folder (in my case apache don’t want to accept directives of redirect or rewrite also with mod enabled).
Now I’ve my repo under https, along with other personal things.
However, the 404 on general domain remain.
Any ideas?
MOD:
find a reason of 404. I thought the root context it wasn’t modified by me but I’ve forgot to comment the conf.
I’ve lost my mind but the ending was happy.
Thanks anyway to all and hope you merry christmas,
Pasquale.