Errors when accessing Nexus 3 behind nginx reverse proxy

I’m trying to configure nginx to act as a reverse proxy to Nexus3, which was working in the past (and we successfully use for several other sites in my company’s network), but for some reason has broken since updating to Nexus 3.24.0, perhaps by coincidence.

I can access Nexus fine on an unencrypted HTTP port, but when I access the secure site I am greeted with a slew of errors:


Weirdly, I can log in and briefly navigate around the site, but more errors eventually make usage impossible.

I am running Nexus in a Docker container, mapping port 8080 -> 8081 (our firewall only allows access on ports 80, 443, and 8080). Nginx is configured to listen on ports 80 and 443, forwarding traffic from the former to the latter and ultimately both to port 8080. The nginx configuration looks like this:

server {
  listen 80 default_server;
  server_name _;
  return 301 https://$host$request_uri;

server {
  listen 443;
  server_name _;

  proxy_send_timeout 120;
  proxy_read_timeout 300;
  proxy_buffering off;
  keepalive_timeout 5 5;
  tcp_nodelay on;

  # allow large uploads of files
  client_max_body_size 1G;

  ssl_certificate /etc/nginx/cert-bundle.pem;
  ssl_certificate_key /etc/nginx/cert.key;

  ssl on;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;

  location / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    # Fix the "It appears that your reverse proxy set up is broken" error.
    proxy_pass http://localhost:8080;
    proxy_read_timeout 90;

    proxy_redirect http://localhost:8080 https://nexus.internal;

This is not exactly the same as is the recommended configuration found in Run Behind a Reverse Proxy, but all of the important bits are there.

I found a similar issue in the forum here, but there is no solution offered there. How can I solve this problem

This is my docker-compose.yml

  # HTTPS proxy
  # The certificate file names should be the FQDN listed in VIRTUAL_HOST.
  # and respectively
  # With HTTPS enabled, HTTP will automaticly be redirected to HTTPS.
    image: jwilder/nginx-proxy:latest
    container_name: nginx-proxy
    restart: always
      - nexus
      - "80:80"
      - "443:443"
      # A link to Docker
      - /var/run/docker.sock:/tmp/docker.sock:ro

      # Keep the dhparams (Should generate on the first run)
      - dhparam:/etc/nginx/dhparam

      # Fix the upload size issue
      - /root/nexus3/my_custom_proxy_settings.conf:/etc/nginx/conf.d/my_custom_proxy_settings.conf:ro

      # Push the certs to nginx
      - /root/nexus3/certs:/etc/nginx/certs:ro
      - nexus

  # Artifact storage
    image: sonatype/nexus3:3.25.0
    container_name: nexus
    restart: always
    stop_grace_period: 2m
      - VIRTUAL_PORT=8081
        - nexus-data:/nexus-data


Content of my_custom_proxy_settings.conf

client_max_body_size 1024m;

Create a directory called certs and drop the two files in there. Adjust paths accordingly. Compose does not like relative paths.