search

030 / n3dr

Nexus3 Disaster Recovery (N3DR) is a tool that is capable of downloading all artifacts from a Nexus3 server and to migrate them to another one.
https://n3dr.releasesoftwaremoreoften.com/
MIT License
141 stars 37 forks source link

Nexus behind reverse proxy hitting 400 bad request single download artifact #620

Closed jcucuzza closed 5 months ago

jcucuzza commented 5 months ago

What happened: We run our Nexus repository behind Nginx, which routes the https request to the Nexus HTTP server.

When n3dr downloads the repositories list, nexus returns download URLs that look like this http://example.com:443, and when n3dr tries to use this URL to download from instead of the proxy's https address (example: https:://example.com), we encounter a failed 400 request.

What you expected to happen: If I have https enabled on N3DR and if the downloaded URL contains :443 and http, I would expect the protocol to default to https.

current

http://www.example.com:443/repository/foo/bar.xml

expected

https://www.example.com/repository/foo/bar.xml

How to reproduce it (as minimally and precisely as possible): docker-compose might be the easiest route.

version: '3'
services:
  nexus:
    container_name: nexus
    image: sonatype/nexus3:3.36.0
    user: root
    ports:
      - "8081:8081"
    volumes:
      - /opt/nexus/data:/nexus-data
      - /etc/localtime:/etc/localtime:ro
    logging:
      driver: json-file
      options:
        max-size: "50m"
        max-file: "10"
    ulimits:
      nproc: 65535
      nofile:
        soft: 32000
        hard: 65536
  nginx:
    image: nginx:1.21.3
    container_name: nginx
    restart: always
    logging:
      driver: json-file
      options:
        max-size: "50m"
        max-file: "10"
    ports:
      - 80:80
    volumes:
      - /opt/nexus/nginx/:/etc/nginx/conf.d
    depends_on:
      - nexus
volumes:
  nexus-data: {}

nginx.conf:

server {
    listen       80;
    listen  [::]:80;

    location / {
        proxy_pass http://nexus:8081;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Anything else we need to know?:

working on a fix

Environment:

jcucuzza commented 5 months ago

realized all I needed to do as change the X-forward-Proto to https for example:

proxy_set_header X-Forwarded-Proto "https";

no need for a hacky fix, closing the issue and PR