Nexus3 container + docker format repo, need a nginx config example

Sonatype Nexus Repository
,
1

Hi

I’m having trouble setting up a new docker repo on an established / fully working nexus3 install that sits behind an nginx reverse proxy (that terminates the SSL and sends HTTP requests to nexus).

Does anyone have a working nginx config example that successfully connects to nexus3 docker format repo and works from the CLI for commands like: docker login|pull|push?

My config is based on the config outlined in the nexus documentation (link)

Using that config When I run docker login from the cli I see the below. At a guess** it “feels” like the CLI auth is not being passed through the reverse proxy to Nexus. ??

docker login mydomain.org:58101
Error response from daemon: login attempt to 
https://mydomain.org:58101/v2/ failed with status: 400 Bad Request

TCPDump shows:

...
?HTTP/1.1 400 Bad Request
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 506
Server: Jetty(9.4.53.v20231009)

<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 400 Not a Docker request</title>
</head>
<body><h2>HTTP ERROR 400 Not a Docker request</h2>
<table>
...

Any advice or help would be very much appreciated/I’ve been going around in loops for what feels like days.

FYI. my sanitised nginx config is:

server {
   listen 58101 ssl;
   server_name mydomain.org;

   ssl_certificate      /etc/letsencrypt/live/mydomain.org/fullchain.pem;
   ssl_certificate_key  /etc/letsencrypt/live/mydomain.org/privkey.pem;

   # Docker /v2 and /v1 (for search) requests
   location /v2 {
     #proxy_set_header  Authorization $http_authorization;
     #proxy_pass_header Authorization;
     proxy_set_header  Host $host:$server_port;
     proxy_set_header  X-Real-IP $remote_addr;
     proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header  X-Forwarded-Proto $scheme;
     proxy_pass http://localhost:58100/repository/my-docker/$request_url;
   }
   location /v1 {
     #proxy_set_header  Authorization $http_authorization;
     #proxy_pass_header Authorization;
     proxy_set_header  Host $host:$server_port;
     proxy_set_header  X-Real-IP $remote_addr;
     proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header  X-Forwarded-Proto $scheme;
     proxy_pass http://localhost:58100/repository/my-docker/$request_url;
  }

 # Regular Nexus requests
   location / {
     proxy_set_header Host $host:$server_port;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_pass http://localhost:58100;
   }

}
2

An obvious difference is that you’re using $request_url not $request_uri but I can’t speak to whether that is the cause. You could look at the request log of Nexus to see what the URLs look like.

3

thanks - although I think it fails before it starts to look at that dynamic variable, as the error response I get is from Jetty.

If it’s not related to passing the authorisation token correctly through the reverse proxy to nexus (?), then I’m guessing it may be some other proxy option.

FYI - I get exactly the same issue with an apache/httpd reverse proxy too. Oddly my reverse proxy config works with Nexus3:58.1 (but nothing later than that)

4

To me the error suggests that it may not be requesting the correct URL on Nexus which is why I suggest taking a look at the request logs to see the paths the proxy server is passing.

The secondary possibility could be something like the Content-Type/Accept headers. Maybe there is additional information in the nexus.log

5

hey @mpiggott

finally fixed it, thanks to your pointers.

nexus3 v3.58.1 and earlier needed:

           proxy_pass http://localhost:58100/repository/my-docker/$request_url;

but for nexus3 v3.59.0 and later (ie v3.70.1) this seems to work:

       proxy_pass http://localhost:58100/$request_url;

Many thanks!