search

sonatype / nexus-public

Sonatype Nexus Repository Open-source codebase mirror
https://www.sonatype.com/products/repository-oss-download
Eclipse Public License 1.0
1.96k stars 577 forks source link

I can't login to nexus docker registry behind nginx #341

Closed mohjam2004 closed 4 months ago

mohjam2004 commented 9 months ago

Hi I use this docker compose file to run nexus behind nginx as revese proxy:

version: '3'
services:
  nexus:
    image: sonatype/nexus3
    hostname: nexus
    container_name: nexus
    ports:
      - "8080:8080"
      - "8081:8081"
    volumes:
      - /hdd-data/nexus-data:/nexus-data
    networks:
      custom_bridge:
        ipv4_address: 172.25.0.2
  nginx:
    image: nginx
    container_name: nginx
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
      - ./certs:/etc/nginx/certs
    networks:
      custom_bridge:
        ipv4_address: 172.25.0.3
    depends_on:
      - nexus
networks:
  custom_bridge:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 172.25.0.0/16

and this is my nginx.conf file:

worker_processes 1;

events {
  worker_connections 1024;
}

http {

    proxy_send_timeout 120;
    proxy_read_timeout 300;
    proxy_buffering    off;
    proxy_request_buffering off;
    keepalive_timeout  5 5;
    tcp_nodelay        on;

server {
    listen 80 default_server;
    server_name mysite.repo.local;
    return 301 https://$server_name$request_uri;
}

# HTTPS server block for SSL traffic on port 443
server {
    listen 443 ssl;
    server_name mysite.repo.local;
    ssl_certificate /etc/nginx/certs/server.crt;
    ssl_certificate_key /etc/nginx/certs/server.key;

    location / {
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto "https";
        proxy_pass http://172.25.0.2:8080;
    }

    location /v2 {
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto "https";
        proxy_pass http://172.25.0.2:8081/;
    }

    location /v1 {
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto "https";
        proxy_pass http://172.25.0.2:8081/;
    }
}
}

when I want to login to docker registry I get this error:

[root@nexus-client mysite.repo.local]# docker login -u admin -p password mysite.repo.local
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get "https://mysite.repo.local/v2/": EOF

Note: I have change nexus default port from 8081 to 8080 and I use port 8081 as my first docker registry port. I can access nexus UI without problem, and I can login to nexus docker registry if I active docker insecure registry and use nexus docker registry address directly: docker login mysite.repo.local:8081. In my scenario I wan to use ssl and I don't want to have port number in docker images.

nblair commented 9 months ago

Hi @mohjam2004 thanks for opening an issue. When you created a docker repository inside your Nexus Repository instance, you would have selected an HTTP or HTTPS port to connect to. You should configure your docker client to connect directly to that port, or configure nginx to proxy that alternate port in a different way. I've applied the help wanted label to see if a member from the community can help support your setup.

github-actions[bot] commented 7 months ago

This issue is stale because it has been open for 60 days with no activity.

github-actions[bot] commented 4 months ago

This issue was closed because it has been inactive for 90 days since being marked as stale.