Issue on Enabling SSL for Nexus Repository Manager

Hello,

We are facing an issue after enabling SSL on Nexus server, and would like to ask help.

Nexus works fine before enabling SSL, but it doesn’t work after enabling SSL. We are running several Nexus servers with same version OS and Nexus, and only this server shows the issue. One difference is that this server is in AWS and other servers are on prem.

Following is the SSL configuration that we did to all Nexus servers.

  1. Add the following in httpd.conf.

<VirtualHost *:80>
ServerName servername
Redirect Permanent / https://servername/

  1. Add the following to ssl.conf.

AllowEncodedSlashes NoDecode

ProxyPass / http://localhost:8081/ nocanon
ProxyPassReverse / http://localhost:8081/
RequestHeader set X-Forwarded-Proto “https”

  1. Uncomment for the following line and change the IP to 1207.0.0.1 in nexus.properties file

application-host=127.0.0.1

After I restarted nexus and httpd service, I saw “Service Unavailable” error. So, when I checked the ssl_error_log, I am seeing the following error.

[Wed Jun 29 18:39:49.556909 2022] [proxy:error] [pid 5340] (13)Permission denied: AH00957: HTTP: attempt to connect to 127.0.0.1:8081 (localhost) failed
[Wed Jun 29 18:39:49.557008 2022] [proxy:error] [pid 5340] AH00959: ap_proxy_connect_backend disabling worker for (localhost) for 60s
[Wed Jun 29 18:39:49.557053 2022] [proxy_http:error] [pid 5340] [client 10.64.6.181:60841] AH01114: HTTP: failed to make connection to backend: localhost

Can you please help what to do in order to resolve this issue?

Thanks,
Chang

First up… check that there really is something listening on 127.0.0.1:8081 - remember Nexus takes a while to start up and open that port. Something like curl http://localhost:8081/ should return something that looks like HTML. If it doesn’t then check your Nexus log, as something’s not right there (is your VM too small, perhaps?)

FWIW, in my (AWS) setup, I didn’t uncomment the nexus.properties line - there’s no need unless you’re changing it.

The only other thing to try is perhaps to remove the nocanon from the ProxyPass directive. It’s been a while since I used Apache, but I don’t ever remember using that before. I also don’t recognise AllowEncodedSlashes - maybe try without that too, just in case. Either way, if the port’s open and returning HTML, then my money’s on your Apache config.