Nexus Proxy RHEL 404 not found on some packages

Sonatype Nexus Repository
1

Hello,

We have a Nexus which is proxying RHEL repo (cdn . redhat . com/content/dist/rhel/server/7/).

Everything is working fine but on some package, on the client side we have this error :

dhcp-4.2.5-82.el7.x86_64.rpm FAILED
xxxxxx. com /rhel-proxy/7Server/x86_64/os/Packages/d/dhcp-4.2.5-82.el7.x86_64.rpm: [Errno 14] S Error 404 - Not Found0 B --:–:-- ETA
Trying other mirror.
Error downloading packages:
12:dhcp-4.2.5-82.el7.x86_64: [Errno 256] No more mirrors to try.

And from Nexus logs:

2021-06-09 11:59:23,329+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.sonatype.nexus.repository.yum.internal.proxy.YumProxyFacetImpl - Fetching: GET cdn . redhat . com/content/dist/rhel/server/7/7Server/x86_64/os/Packages/d/dhcp-4.2.5-82.el7.x86_64.rpm /1.1
2021-06-09 11:59:23,329+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.apache.client.protocol.RequestAddCookies - CookieSpec selected: ignoreCookies
2021-06-09 11:59:23,330+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.apache.client.protocol.RequestAuthCache - Auth cache not set in the context
2021-06-09 11:59:23,330+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.apache.impl.execchain.MainClientExec - Opening connection {tls}->proxy->cdn . redhat . com:443
2021-06-09 11:59:23,330+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.apache.impl.conn.DefaultHttpClientConnectionOperator - Connecting to proxy
2021-06-09 11:59:23,331+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.apache.impl.conn.DefaultHttpClientConnectionOperator - Connection established nexus:49882<->proxy:3129
2021-06-09 11:59:23,331+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.apache.headers - -outgoing-13091 >> CONNECT cdn . redhat . com:443 /1.1
2021-06-09 11:59:23,331+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.apache.headers - -outgoing-13091 >> Host: cdn . redhat . com
2021-06-09 11:59:23,332+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.apache.headers - -outgoing-13091 >> User-Agent: Nexus/3.28.0-01 (OSS; Linux; 3.10.0-1062.el7.x86_64; amd64; 1.8.0_252)
2021-06-09 11:59:35,509+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.apache.headers - -outgoing-13091 << /1.1 200 Connection established
2021-06-09 11:59:35,510+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.apache.impl.execchain.MainClientExec - Tunnel to target created.
2021-06-09 11:59:35,510+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.apache.conn.ssl.SSLConnectionSocketFactory - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
2021-06-09 11:59:35,510+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.apache.conn.ssl.SSLConnectionSocketFactory - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
2021-06-09 11:59:35,511+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.apache.conn.ssl.SSLConnectionSocketFactory - Starting handshake
2021-06-09 11:59:36,118+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.apache.conn.ssl.SSLConnectionSocketFactory - Secure session established
2021-06-09 11:59:36,119+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.apache.conn.ssl.SSLConnectionSocketFactory - negotiated protocol: TLSv1.2
2021-06-09 11:59:36,120+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.apache.conn.ssl.SSLConnectionSocketFactory - negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
2021-06-09 11:59:36,121+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.apache.conn.ssl.SSLConnectionSocketFactory - peer principal: CN=cdn . redhat . com, OU=Red Hat Network, O=“Red Hat, Inc.”, ST=North Carolina, C=US
2021-06-09 11:59:36,121+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.apache.conn.ssl.SSLConnectionSocketFactory - peer alternative names: [stagecdn . redhat . com, cdn6.redhat.com, cdn . redhat . com]
2021-06-09 11:59:36,123+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.apache.impl.conn.DefaultManagedHttpClientConnection - -outgoing-13091: set socket timeout to 120000
2021-06-09 11:59:36,123+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.apache.impl.execchain.MainClientExec - Executing request GET /content/dist/rhel/server/7/7Server/x86_64/os/Packages/d/dhcp-4.2.5-82.el7.x86_64.rpm /1.1
2021-06-09 11:59:36,592+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.sonatype.nexus.repository.yum.internal.proxy.YumProxyFacetImpl - Response: HttpResponseProxy{/1.1 403 Forbidden [Server: AkamaiGHost, Mime-Version: 1.0, Content-Type: text/html, Content-Length: 423, Expires: Wed, 09 Jun 2021 11:59:36 GMT, Date: Wed, 09 Jun 2021 11:59:36 GMT, X-Cache: TCP_DENIED from a2-20-243-48.deploy.akamaitechnologies . com (AkamaiGHost/10.4.0-33449709) (-), Connection: keep-alive, EJ-HOST: authorizer-prod-dc-us-west-26-bchr7, X-Akamai-Request-ID: 355ff82] ResponseEntityProxy{[Content-Type: text/html,Content-Length: 423,Chunked: false]}}
2021-06-09 11:59:36,592+0000 DEBUG [qtp391727418-56285] *UNKNOWN org.sonatype.nexus.repository.yum.internal.proxy.YumProxyFacetImpl - Status: /1.1 403 Forbidden

The client seems to find the package into the manifest .xml but can’t download it.

We are using a squid proxy, but no call to a2-20-243-48.deploy.akamaitechnologies . com into logs, i guess it’s a redirection from cdn . redhat . com ?

Any idea ?

Thanks.

Regards,
Michel.

2

I think only the last line is relevant where it tells you it got a 403 error.

3

Yeah, but i can’t figure out where this came from…
Watched all our squid’s logs but no reference to akamai…