Nexus 3 OSS as proxy for gcr private repo

integrations

#1

Hi,

I was wondering is there a way to configure nexus3 as a proxy for private docker registry on gcr?

It seems I can add the user _json_key and paste the json file as a password so it authenticates to the *.gcr.io to get the manifest, but then to download each part of the container it gets redirected to *.appspot.com and gets 403 as anonymous user:

This part succeeds:

   2019-04-16 10:06:54,860-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "HTTP/1.1 302 Found[\r][\n]"
2019-04-16 10:06:54,860-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "Docker-Distribution-API-Version: registry/2.0[\r][\n]"
2019-04-16 10:06:54,861-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "Location: https://storage.googleapis.com/artifacts.production-236017.appspot.com/containers/images/sha256:2e6a437b52348e84644c0bd675fbad844ed6a9af5da0e07b3bf2eb823cbaa7df[\r][\n]"
2019-04-16 10:06:54,861-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "Content-Type: application/json[\r][\n]"
2019-04-16 10:06:54,861-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "Content-Encoding: gzip[\r][\n]"
2019-04-16 10:06:54,861-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "Date: Tue, 16 Apr 2019 17:06:54 GMT[\r][\n]"
2019-04-16 10:06:54,861-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "Server: Docker Registry[\r][\n]"
2019-04-16 10:06:54,861-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "Cache-Control: private[\r][\n]"
2019-04-16 10:06:54,861-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "X-XSS-Protection: 0[\r][\n]"
2019-04-16 10:06:54,861-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "X-Frame-Options: SAMEORIGIN[\r][\n]"
2019-04-16 10:06:54,861-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"[\r][\n]"
2019-04-16 10:06:54,861-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "Transfer-Encoding: chunked[\r][\n]"
2019-04-16 10:06:54,861-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "[\r][\n]"
2019-04-16 10:06:54,861-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "00000001[\r][\n]"
2019-04-16 10:06:54,862-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "[0x1f][\r][\n]"
2019-04-16 10:06:54,862-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "00000001[\r][\n]"
2019-04-16 10:06:54,862-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "[0x8b][\r][\n]"
2019-04-16 10:06:54,862-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "00000001[\r][\n]"
2019-04-16 10:06:54,862-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "[0x8][\r][\n]"
2019-04-16 10:06:54,862-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "00000001[\r][\n]"
2019-04-16 10:06:54,862-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "[0x0][\r][\n]"
2019-04-16 10:06:54,862-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "00000001[\r][\n]"
2019-04-16 10:06:54,862-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "[0x0][\r][\n]"
2019-04-16 10:06:54,862-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "00000001[\r][\n]"
2019-04-16 10:06:54,863-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "[0x0][\r][\n]"
2019-04-16 10:06:54,863-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "00000001[\r][\n]"
2019-04-16 10:06:54,863-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "[0x0][\r][\n]"
2019-04-16 10:06:54,863-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "00000001[\r][\n]"
2019-04-16 10:06:54,863-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "[0x0][\r][\n]"
2019-04-16 10:06:54,863-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "00000001[\r][\n]"
2019-04-16 10:06:54,863-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "[0x2][\r][\n]"
2019-04-16 10:06:54,863-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "00000001[\r][\n]"
2019-04-16 10:06:54,863-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "[0xff][\r][\n]"
2019-04-16 10:06:54,863-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "00000001[\r][\n]"
2019-04-16 10:06:54,863-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "[0xab][\r][\n]"
2019-04-16 10:06:54,863-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "00016[\r][\n]"
2019-04-16 10:06:54,864-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "VJ-*[0xca]/*V[0xb2][0x8a][0x8e][0xad][0x5][0x0]\[0xc3]|1[\r][0x0][0x0][0x0][\r][\n]"
2019-04-16 10:06:54,865-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "0[\r][\n]"
2019-04-16 10:06:54,865-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-1 << "[\r][\n]"

and when it follows redirect it fails:

2019-04-16 10:06:54,940-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-7 >> "GET /artifacts.production-236017.appspot.com/containers/images/sha256:2e6a437b52348e84644c0bd675fbad844ed6a9af5da0e07b3bf2eb823cbaa7df HTTP/1.1[\r][\n]"
2019-04-16 10:06:54,941-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-7 >> "Host: storage.googleapis.com[\r][\n]"
2019-04-16 10:06:54,941-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-7 >> "Connection: Keep-Alive[\r][\n]"
2019-04-16 10:06:54,941-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-7 >> "User-Agent: Nexus/3.16.0-01 (OSS; Linux; 3.10.0-862.14.4.el7.x86_64; amd64; 1.8.0_66) [\r][\n]"
2019-04-16 10:06:54,941-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-7 >> "Accept-Encoding: gzip,deflate[\r][\n]"
2019-04-16 10:06:54,941-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-7 >> "[\r][\n]"
2019-04-16 10:06:55,180-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "HTTP/1.1 403 Forbidden[\r][\n]"
2019-04-16 10:06:55,180-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "X-GUploader-UploadID: AEnB2UrfQszrGAC6CzHAiGs1MHZN_zMO46f4bkyaT8IHFOx-G7PolkQ132I7CtaO6aoYBCZaQJ6pvGKO4Bb6NwJ-7Aqjdqsa3A[\r][\n]"
2019-04-16 10:06:55,181-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "Content-Type: application/xml; charset=UTF-8[\r][\n]"
2019-04-16 10:06:55,181-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "Content-Length: 321[\r][\n]"
2019-04-16 10:06:55,181-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "Date: Tue, 16 Apr 2019 17:06:55 GMT[\r][\n]"
2019-04-16 10:06:55,181-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "Expires: Tue, 16 Apr 2019 17:06:55 GMT[\r][\n]"
2019-04-16 10:06:55,184-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "Cache-Control: private, max-age=0[\r][\n]"
2019-04-16 10:06:55,186-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "Server: UploadServer[\r][\n]"
2019-04-16 10:06:55,188-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"[\r][\n]"
2019-04-16 10:06:55,188-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "[\r][\n]"
2019-04-16 10:06:55,188-0700 DEBUG [qtp334547544-418]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "<?xml version='1.0' encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access denied.</Message><Details>Anonymous caller does not have storage.objects.get access to artifacts.production-236017.appspot.com/containers/images/sha256:2e6a437b52348e84644c0bd675fbad844ed6a9af5da0e07b3bf2eb823cbaa7df.</Details></Error>"
2019-04-16 10:06:55,276-0700 DEBUG [qtp334547544-422]  amx-docker-prod org.apache.http.wire - http-outgoing-7 >> "GET /artifacts.production-236017.appspot.com/containers/images/sha256:870a5b6b1ae078e6a1bed0cf46b02548e2b0e346591fc2e5b4d17998fce1df30 HTTP/1.1[\r][\n]"
2019-04-16 10:06:55,276-0700 DEBUG [qtp334547544-422]  amx-docker-prod org.apache.http.wire - http-outgoing-7 >> "Host: storage.googleapis.com[\r][\n]"
2019-04-16 10:06:55,276-0700 DEBUG [qtp334547544-422]  amx-docker-prod org.apache.http.wire - http-outgoing-7 >> "Connection: Keep-Alive[\r][\n]"
2019-04-16 10:06:55,276-0700 DEBUG [qtp334547544-422]  amx-docker-prod org.apache.http.wire - http-outgoing-7 >> "User-Agent: Nexus/3.16.0-01 (OSS; Linux; 3.10.0-862.14.4.el7.x86_64; amd64; 1.8.0_66) [\r][\n]"
2019-04-16 10:06:55,276-0700 DEBUG [qtp334547544-422]  amx-docker-prod org.apache.http.wire - http-outgoing-7 >> "Accept-Encoding: gzip,deflate[\r][\n]"
2019-04-16 10:06:55,276-0700 DEBUG [qtp334547544-422]  amx-docker-prod org.apache.http.wire - http-outgoing-7 >> "[\r][\n]"
2019-04-16 10:06:55,479-0700 DEBUG [qtp334547544-422]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "HTTP/1.1 403 Forbidden[\r][\n]"
2019-04-16 10:06:55,480-0700 DEBUG [qtp334547544-422]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "X-GUploader-UploadID: AEnB2Uob-rS2ssD2_GdMK3X61bf4BluJBnddAIJuLCMu6b92xLdzllWt1pB9RdpsannYQMEGe4vyvTijreCkK1lKS4a9KRN09A[\r][\n]"
2019-04-16 10:06:55,480-0700 DEBUG [qtp334547544-422]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "Content-Type: application/xml; charset=UTF-8[\r][\n]"
2019-04-16 10:06:55,480-0700 DEBUG [qtp334547544-422]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "Content-Length: 321[\r][\n]"
2019-04-16 10:06:55,480-0700 DEBUG [qtp334547544-422]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "Date: Tue, 16 Apr 2019 17:06:55 GMT[\r][\n]"
2019-04-16 10:06:55,480-0700 DEBUG [qtp334547544-422]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "Expires: Tue, 16 Apr 2019 17:06:55 GMT[\r][\n]"
2019-04-16 10:06:55,480-0700 DEBUG [qtp334547544-422]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "Cache-Control: private, max-age=0[\r][\n]"
2019-04-16 10:06:55,481-0700 DEBUG [qtp334547544-422]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "Server: UploadServer[\r][\n]"
2019-04-16 10:06:55,481-0700 DEBUG [qtp334547544-422]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"[\r][\n]"
2019-04-16 10:06:55,481-0700 DEBUG [qtp334547544-422]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "[\r][\n]"
2019-04-16 10:06:55,481-0700 DEBUG [qtp334547544-422]  amx-docker-prod org.apache.http.wire - http-outgoing-7 << "<?xml version='1.0' encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access denied.</Message><Details>Anonymous caller does not have storage.objects.get access to artifacts.production-236017.appspot.com/containers/images/sha256:870a5b6b1ae078e6a1bed0cf46b02548e2b0e346591fc2e5b4d17998fce1df30.</Details></Error>"