Issue with SSL configuration on Nexus 3


#1

[‎11/‎29/‎2018 5:11 PM] S, Balakrishnan:
Recently we upgraded from nexus 2 to nexus 3(master/proxy environments) and configuring SSL as per the below url

https://help.sonatype.com/repomanager3/security/configuring-ssl#ConfiguringSSL-OutboundSSL-TrustingSSLCertificatesUsingKeytool

But, when we hit https, we are getting 502 bad gateway. Can someone help us with what we are missing here.


#2

Hi @balaji-venkata.navee,
A 502 bad gateway would refer to inbound traffic. It’s unlikely, but if it is an SSL issue, you’ll need to look towards the bottom of the page you referenced for the Inbound configuration items.

More likely, as you’re upgrading from Nexus 2 is that the URL structure changed between 2 and 3. There is a bridge mode so that Nexus 3 will support the old style URLs. Refer to the “ConfiguringLegacyURLPaths” section of this page: Upgrade Procedures

Depending what your desired configuration is, you may need to make a change in Nexus, or you may need to make a change to your forwarding URLs in your Reverse Proxy, or maybe both.


#3

Hi @ mworthington.

Both main nexus server and proxy nexus server having nexus 3.12.01 version.
Create a proxy repository in the Proxy server with the http url by following the below steps.

  1. Created a new repository
  2. Provided the repository name based on the remote repository URL
  3. Add the remote repository
  4. And enabled the Authentication
    This steps working for creating a proxy repository with http URL where as for creating a proxy repository with https URL it’s not working. It’s throwing an error 502 bad gateway error.

I have followed this link also Configuring SSL
could you please let me know the correct steps for creating a proxy repository with https


#4

In this setup, a 502 most likely indicates an issue on the Master instance. I’d recommend ignoring your proxy instance temporarily and validate that your tests work successfully both HTTP and HTTPS directly against your Master instance. Once those tests pass, you will know whether the problem is on your Master or Proxy instance.

If you are a customer, the best way to get more specific advice is to create a support ticket and attach support bundles from both of your Nexus instances: Support Ticket Best Practices – Sonatype Support