Help needed to configure/test/debug routing rules for NuGet packages

We are evaluating Nexus and are trying to set up a Nuget proxy repository that allows only a limited set of approved packages to be pulled in.

For NewtonSoft.Json and mono.cecil the following routing rule works to some degree:

  • mode: ALLOW
  • matchers:
    • ^/Newtonsoft.Json/12.*
    • ^/Mono.Cecil/0.10.0.*

With this I am able to use dotnet add package Mono.Cecil to add version 0.10.0 but adding version 0.10.0-beta7 fails.

I tried allowing several more packages but I can’t get any other to work.

E.g for Jaeger I have:

  • ^/Jaeger/0.4.*
  • ^/Jaeger.Core/0.4.*
  • ^/Jaeger.Senders.Thrift/0.4.*

I believe that covers all the dependencies but I still get:

info : Adding PackageReference for package 'Jaeger' into project '/home/user/workspace/dotnetcore/sample1/sample1.csproj'.
info : Restoring packages for /home/user/workspace/dotnetcore/sample1/sample1.csproj...
info :   CACHE https://<uri>/repository/nuget.org-proxy/FindPackagesById()?id='Jaeger'&semVerLevel=2.0.0
error: Unable to find package Jaeger. No packages exist with this id in source(s): <source>
error: Package 'Jaeger' is incompatible with 'all' frameworks in project '/home/user/workspace/dotnetcore/sample1/sample1.csproj'.

The documentation on Routing Rules is very light on this subject.

Is there something wrong with the expressions? I’m building them by taking the URL from the download link on nuget.org and stripping the first parts.

How can I see why a certain package was refused?

Perhaps I need to allow more dependencies?

Which logs can I check? nexus.log and request.log don’t show more information but perhaps I missed something.

You could take a look in the request log and see what paths are being refused.

Hi Matthew,

Thanks for your reply.
Unfortunately I do not see how the request logs helps. These are the lines printed when requesting the Jaeger package:

127.0.0.1 - - [24/Sep/2020:07:30:10 +0000] "GET /repository/nuget.org-proxy/FindPackagesById()?id='Jaeger'&semVerLevel=2.0.0 HTTP/1.1" 401 - 0 31 "NuGet xplat/5.4.0 (Linux 4.18.0-193.14.3.el8_2.x86_64 #1 SMP Mon Jul 20 15:02:29 UTC 2020)" [qtp837931794-2772]
127.0.0.1 - dev [24/Sep/2020:07:30:10 +0000] "GET /repository/nuget.org-proxy/FindPackagesById()?id='Jaeger'&semVerLevel=2.0.0 HTTP/1.1" 200 - 578 5 "NuGet xplat/5.4.0 (Linux 4.18.0-193.14.3.el8_2.x86_64 #1 SMP Mon Jul 20 15:02:29 UTC 2020)" [qtp837931794-2786]

The reason the client ip is 127.0.0.1 is because I’m using a reverse proxy to terminate an SSL connection.
I don’t understand why the 401 unauthorized response is sent. The dotnet client is configured to authenticate. I assume the second requests shows that that works.

If you don’t see a request for the package then that would suggest that routing rules are not blocking it.

Hi Matthew,

Apologies for the late reply, I’ve been out of office due to an accident and have only now returned.

If the routing rules are not blocking the request then what else could prevent downloading the package?

How can I troubleshoot a setup like this?

Thanks in advance

Bram

Sorry to hear that. I it would suggest the package doesn’t exist in the repository or that your user doesn’t have permission to access it.

The packages I’m testing do exist in the upstream repository (https://www.nuget.org/api/v2/) and the user has full access to download from the proxy repository.

I performed some more tests and to me it seems to be related to the routing rules and/or caching of some data.

  • remove routing rule, try again: same result

  • invalidate cache, try again: same result

  • set maximum component age to -1 and maximum metadata age to -1, try again: same result

  • tried with a different package after adding ^/EWSoftware.SHFB/2016.4.9.* (dotnet add package EWSoftware.SHFB): same result

But when I create a new repository with no routing rule from scratch I am able to install Jaeger without problems. It does pull in a lot more dependencies (100+) than expected.

I then added all 100+ packages to the routing rule.

I then made a mistake and tried to install the package while the routing rule was not enabled. It installed successfully and pulled all packages in the cache. (as expected)

I then enabled the routing rule again and deleted several packages from the repository through the web UI.
After that I cleared the packages cache on the client and tried to install the package again.
It still worked but now the packages are not showing up in the web UI anymore.

I even deleted the repository and created it from scratch with the routing rule enabled.
I am able to install the package but it no longer shows up in the browse interface of the web UI.

On the client I see info : CACHE https://<uri>/repository/nuget.org-proxy/System.Threading.Tasks.Extensions/4.5.2 which is the URL I’m expecting

I’m completely lost now.