Proxied Docker Repository fails to pull images

I have set up 2 Docker Registry proxies

HTTPS Connector 38382
Allow anonymous docker pull
Docker Index: Use proxy registry

Docker Hub:
HTTPS Connector 38383
Allow anonymous docker pull
Docker Index: Use Docker Hub

I got the Docker Hub registry URL from this documentation:

All these are combined within a Docker Group along with our own internal hosted Docker registry. This group has HTTPS Connector on port 38380.

When I try to pull from the proxied registries directly.

Pulling directly from SUSE proxy
docker pull
15.2: Pulling from suse/sle15
f3d2df4815db: Pulling fs layer
error pulling image configuration: unauthorized: access to the requested resource is not authorized

Pulling from Docker Hub proxy
docker pull
Error response from daemon: unauthorized: access to the requested resource is not authorized

What does this mean?
Is it our Nexus or the proxy registry who says it is not authorized?
Anonymous pull is toggled, and I have the Docker Bearer Token Realm in Realms.

I have even tried docker login, but that does not help.

So, three problems:

  1. Why doesn’t Nexus search the proxied registries when using the Group?
  2. Why is it saying Unauthorized when using the proxied registries directly through their connector port?
  3. What was the problem I got with the blobstore for the one proxy repository?

It seems so easy how to configure Nexus to proxy Docker Hub, but I cannot fathom why it does not work.
I have tried every configuration I can think of.

On the Nexus server, I am able to pull directly from Docker Hub using docker.

Why is it saying I am not authorized? It will not work with docker login either.

I am not sure what the problem was.
We have fixed it.

We moved our Nexus server to a different network segment.
Disabled HTTP and HTTPS Proxy in Nexus settings.
Firewall opening have been made to the external registries.
Now the group pull retrieves from the external registries.

Perhaps some problem with HTTPS Proxy was the cause.

For me this solved the problem:

Basically add a default role to every authenticated user as nx-anonymous:
nexus configuration → system → capabilities → create capability → default role