Oh NGINX how do I love thee

Sonatype Nexus Repository
1

We are on Sonatype Nexus Repository Pro v3.56.0-01
I have it running ssl behind a nginx proxy

I am able to push items into a RAW repository but not HELM or Docker… with HELM it acts like it’s being pushed but give no real errors…

Our project is time critical to move this data… please help or advise… using the -v tag I see the following:

Upload file Helm file

  • Uses proxy env variable no_proxy == ‘localhost,127.0.0.1,193.167.0.0/16,152.18.0.0/16,.wallyswonderworld.com,.edn.wallyswonderworld.com,.dilmgmt. wallyswonderworld.com,.dil.wallyswonderworld.com,.ms.wallyswonderworld.com,.es.wallyswonderworld.com,.wallyswonderworld.com,192.142.30.0/16’
  • Trying 192.142.30.23…
  • TCP_NODELAY set
  • Connected to repo.wallyswonderworld.com (192.142.30.23) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath: none
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.3 (IN), TLS handshake, [no content] (0):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, [no content] (0):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (IN), TLS handshake, [no content] (0):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.3 (IN), TLS handshake, [no content] (0):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.3 (OUT), TLS handshake, [no content] (0):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: C=US; O=Northrop Grumman; CN=repo.wallyswonderworld.com
  • start date: Jun 21 17:47:22 2023 GMT
  • expire date: Jul 15 17:47:22 2024 GMT
  • issuer: C=US; O=Northrop Grumman Corporation; CN=Northrop Grumman MultiPurpose CA-G2
  • SSL certificate verify ok.
  • Using HTTP2, server supports multi-use
  • Connection state changed (HTTP/2 confirmed)
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  • TLSv1.3 (OUT), TLS app data, [no content] (0):
  • TLSv1.3 (OUT), TLS app data, [no content] (0):
  • TLSv1.3 (OUT), TLS app data, [no content] (0):
  • Server auth using Basic with user ‘admin’
  • Using Stream ID: 1 (easy handle 0x55c80cd046b0)
  • TLSv1.3 (OUT), TLS app data, [no content] (0):

PUT /repository/helm-release/power-planning-service-0.3.1-dev.4.tgz HTTP/2
Host: repo.wallyswonderworld.com
Authorization: Basic SFFSLkudfdjlsksldfjODDFDfdsfdsadfad=
User-Agent: curl/7.61.1
Accept: /
Content-Length: 26073

  • TLSv1.3 (IN), TLS handshake, [no content] (0):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • TLSv1.3 (OUT), TLS app data, [no content] (0):
  • TLSv1.3 (OUT), TLS app data, [no content] (0):
  • TLSv1.3 (OUT), TLS app data, [no content] (0):
  • We are completely uploaded and fine
  • TLSv1.3 (IN), TLS handshake, [no content] (0):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • TLSv1.3 (IN), TLS app data, [no content] (0):
  • Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
  • TLSv1.3 (OUT), TLS app data, [no content] (0):
  • TLSv1.3 (IN), TLS app data, [no content] (0):
  • TLSv1.3 (IN), TLS app data, [no content] (0):
    < HTTP/2 500
    < server: nginx/1.14.1
    < date: Wed, 26 Jul 2023 12:05:54 GMT
    < x-content-type-options: nosniff
    < content-security-policy: sandbox allow-forms allow-modals allow-popups allow-presentation allow-scripts allow-top-navigation
    < x-xss-protection: 1; mode=block
    < x-frame-options: DENY
    <
  • Connection #0 to host repo.wallyswonderworld.com left intact
    curl -k -u fuzzy:booya https://repo.wallyswonderworld.com/repository/helm-release/ --upload-file /data01/tmp/power-planning-service-0.3.1-dev.4.tgz

My NGINX config:

HTTPS SSL required server settings

server {
listen 443 ssl http2;
server_name nexus.wallyswonderworld.com;

ssl on;	
ssl_certificate                 /etc/ssl/certs/nexus.cer;
ssl_certificate_key             /etc/ssl/certs/nexus.key;
client_max_body_size 			0;

ssl_prefer_server_ciphers on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

location / {		

	proxy_pass http://nexus.wallyswonderworld.com:8081;
	proxy_set_header Host $host;		
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto https;

}

}

server {
listen *:5000;

location / {
  proxy_pass            http://nexus.wallyswonderworld.com:5000/;
  proxy_redirect        off;
  proxy_set_header      Host $host;
  proxy_set_header      X-Real-IP $remote_addr;
  proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header      X-Forwarded-Host $server_name;
  proxy_set_header      X-Forwarded-Proto $scheme;
}

}

For trying to logon with Podman we get the following:

[root@RPTBWILCS060 ~]# podman login repo.wallyswonderworld.com
Username: fuzzy
Password: booya
Error: authenticating creds for “repo.wallyswonderworld.com”: pinging container registry repo.wallyswonderworld.com: StatusCode: 404,

.. [root@RPTBWILCS060 ~]# podman login repo.wallyswonderworld.com:443 Username: fuzzy Password: booya Error: authenticating creds for "repo.wallyswonderworld.com:443": pinging container registry repo.wallyswonderworld.com:443: StatusCode: 404, .. [root@RPTBWILCS060 ~]# podman login https://repo.wallyswonderworld.com Username: fuzzy Password: booya Error: authenticating creds for "repo.wallyswonderworld.com": pinging container registry repo.wallyswonderworld.com: StatusCode: 404, .. [root@RPTBWILCS060 ~]#