Questions about using the pre-proxy to implement SSL functionality

Sonatype Nexus Repository
1

I now have a certificate issued by CA. I want to use nginx as a pre-proxy to let nexus oss provide https services. But when I configure it like this:

server {
    listen 443 http2 ssl;
    server_name nexus.foo.com;

    ssl_certificate /etc/nginx/conf.d/ssl-cert/*.foo.com/fullchain.cer;
    ssl_certificate_key /etc/nginx/conf.d/ssl-cert/*.foo.com/*.foo.com.key;
    ssl_trusted_certificate /etc/nginx/conf.d/ssl-cert/*.fop.com/ca.cer;

    location / {
        rewrite ^(.*) $1 break;
        proxy_pass http://localhost:8081;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

I can open https://nexus.foo.com, However, the css or js files on this page cannot be loaded because they are http requests and trigger the browser’s “Referrer Policy: no-referrer-when-downgrade”.

On the https://help.sonatype.com/repomanager3/security/configuring-ssl#ConfiguringSSL-UsingAReverseProxyServer page, the information that can be provided is very limited. I don’t know how to solve this problem. Please give me some help.

2

You’re missing some headers, in particular “X-Forwarded-Proto”. See here:

https://help.sonatype.com/repomanager3/installation/run-behind-a-reverse-proxy#RunBehindaReverseProxy-Example:ReverseProxySSLTerminationatBasePath

Rich

1 Like
3

Thank you very much for your help, I have not found a more specific explanation of the Installation section of the help documentation.

I tried adding proxy_set_header X-Forwarded-Proto at the time. But I didn’t realize that the value should be “https”. I will take a moment to study these rules.

Thank you once again!