Nexus 3.64.0-04 NPE Error While Login

onurridvanoglu · April 25, 2024, 3:20pm

Hey there,

I’ve a Nexus Repository server running on Docker. I’ve also configured an LDAP for log-ins. Also SSL is configured with a certificate. There was around a 30-45 min time period where some of the users could not log-in to the Nexus UI. When I checked the logs I see the following error multiple times (more than 500 times this is logged to nexus.log):

2024-04-25 13:43:13,116+0000 WARN  [qtp1894689916-2544] *SYSTEM org.eclipse.jetty.server.HttpChannel - null
java.lang.NullPointerException: null
        at org.sonatype.nexus.bootstrap.jetty.DockerSubdomainRequestCustomizer.customize(DockerSubdomainRequestCustomizer.java:44)
        at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:483)
        at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
        at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
        at java.lang.Thread.run(Thread.java:750)
2024-04-25 13:43:13,116+0000 WARN  [qtp1894689916-3367] *SYSTEM org.eclipse.jetty.server.HttpChannel - null
java.lang.NullPointerException: null
        at org.sonatype.nexus.bootstrap.jetty.DockerSubdomainRequestCustomizer.customize(DockerSubdomainRequestCustomizer.java:44)
        at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:483)
        at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
        at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
        at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
        at java.lang.Thread.run(Thread.java:750)```

I couldn't not find any duplicate errors online. Any ideas?

mpiggott · April 26, 2024, 6:07pm

The code suggests somehow the URI for the request is null. If you’ve made alterations to Jetty’s configuration perhaps these are incorrect, or perhaps you have some software on your network making bogus requests?

onurridvanoglu · April 29, 2024, 4:46pm

Hey there Matthew,

Thank you for the reply. I actually changed the jetty-https.xml config location in order to implement the SSL using my own certificate. I’ll explain the steps and configs below.

I’m running the Nexus Repository as a container using docker. Here is my docker-compose.yaml file:

version: '3'

services:
  nexus:
    image: sonatype/nexus3:3.64.0
    container_name: nexus3.6
    ports:
      - "8081:8081"
      - "8443:8443"
    volumes:
      - /data:/nexus-data
    restart: always
    extra_hosts:
    - "host.docker.internal:host-gateway"

While doing the SSL configurations I noticed that the /nexus-data doesn’t include the etc/jetty directory inside it so here is the nexus.repository file below:

# Jetty section
application-port=8081
application-port-ssl=8443
# application-host=0.0.0.0
nexus-args=${jetty.etc}/jetty.xml,${jetty.etc}/jetty-http.xml,/opt/sonatype/sonatype-work/nexus3/etc/jetty/jetty-https.xml,${jetty.etc}/jetty-requestlog.xml
# As can be seen from above, I've given direct location as /opt/sonatype...
#nexus-context-path=/${NEXUS_CONTEXT}

# Nexus section
# nexus-edition=nexus-pro-edition
# nexus-features=\
#  nexus-pro-feature

# nexus.hazelcast.discovery.isEnabled=true

And finally here is the jetty-https.xml file where I’ve defined the keystore location and it’s password:

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure id="Server" class="org.eclipse.jetty.server.Server">

  <!--
  ==== HTTPS ====
  Set the following inside nexus.properties:
  application-port-ssl: the port to listen for https connections
  -->

  <Ref refid="httpConfig">
    <Set name="secureScheme">https</Set>
    <Set name="securePort"><Property name="application-port-ssl" /></Set>
  </Ref>

  <New id="httpsConfig" class="org.eclipse.jetty.server.HttpConfiguration">
    <Arg><Ref refid="httpConfig"/></Arg>
    <Call name="addCustomizer">
      <Arg>
        <New id="secureRequestCustomizer" class="org.eclipse.jetty.server.SecureRequestCustomizer">
          <!-- 7776000 seconds = 90 days -->
          <Set name="stsMaxAge"><Property name="jetty.https.stsMaxAge" default="7776000"/></Set>
          <Set name="stsIncludeSubDomains"><Property name="jetty.https.stsIncludeSubDomains" default="false"/></Set>
          <Set name="sniHostCheck"><Property name="jetty.https.sniHostCheck" default="false"/></Set>
        </New>
      </Arg>
    </Call>
  </New>

  <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
    <Set name="KeyStorePath">/opt/sonatype/sonatype-work/nexus3/etc/ssl/keystore</Set>
    <Set name="KeyStorePassword">password</Set>
    <Set name="KeyManagerPassword">password</Set>
    <Set name="TrustStorePath">/opt/sonatype/sonatype-work/nexus3/etc/ssl/keystore</Set>
    <Set name="TrustStorePassword">password</Set>
    <Set name="EndpointIdentificationAlgorithm"></Set>
    <Set name="NeedClientAuth"><Property name="jetty.ssl.needClientAuth" default="false"/></Set>
    <Set name="WantClientAuth"><Property name="jetty.ssl.wantClientAuth" default="false"/></Set>
    <Set name="IncludeProtocols">
      <Array type="java.lang.String">
        <Item>TLSv1.2</Item>
      </Array>
    </Set>
  </New>

  <Call  name="addConnector">
    <Arg>
      <New id="httpsConnector" class="org.eclipse.jetty.server.ServerConnector">
        <Arg name="server"><Ref refid="Server" /></Arg>
        <Arg name="acceptors" type="int"><Property name="jetty.https.acceptors" default="-1"/></Arg>
        <Arg name="selectors" type="int"><Property name="jetty.https.selectors" default="-1"/></Arg>
        <Arg name="factories">
          <Array type="org.eclipse.jetty.server.ConnectionFactory">
            <Item>
              <New class="org.sonatype.nexus.bootstrap.jetty.InstrumentedConnectionFactory">
                <Arg>
                  <New class="org.eclipse.jetty.server.SslConnectionFactory">
                    <Arg name="next">http/1.1</Arg>
                    <Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
                  </New>
                </Arg>
              </New>
            </Item>
            <Item>
              <New class="org.eclipse.jetty.server.HttpConnectionFactory">
                <Arg name="config"><Ref refid="httpsConfig" /></Arg>
              </New>
            </Item>
          </Array>
        </Arg>

        <Set name="host"><Property name="application-host" /></Set>
        <Set name="port"><Property name="application-port-ssl" /></Set>
        <Set name="idleTimeout"><Property name="jetty.https.timeout" default="30000"/></Set>
        <Set name="acceptorPriorityDelta"><Property name="jetty.https.acceptorPriorityDelta" default="0"/></Set>
        <Set name="acceptQueueSize"><Property name="jetty.https.acceptQueueSize" default="0"/></Set>
      </New>
    </Arg>
  </Call>

</Configure

I didn’t think that changing the jetty-https.xml location would cause such a thing to be honest.

I hope I explained the situation clearly. Thanks!

engin.mahmut · June 2, 2024, 2:19am

Hi Onur,

The error you encountered might indicate that HTTP and HTTPS redirects in the network traffic (such as through a reverse proxy) are not working correctly. I resolved the same issue by configuring a middleware in Traefik reverse proxy and ensuring that requests are redirected to HTTPS.

Best regards,