1

I am trying to serve a Nexus3 Repo Manager through Nginx reverse proxy, but it only serves the Index mark-up.

I have set up Sonatype Nexus 3 Repository manager on an Azure RHEL (SELinux) instance. I have been trying to set up Nginx (on the same RHEL instance) as a reverse proxy (and to use as an SSL end point) for Nexus initially and for other services in the future.

As I understand it this is a pretty common setup, so I am surprised that I can’t find any one with the same problem. (Therefore I guess I must be doing something really daft.)

I have port 59906 opened in Azure and on the RHEL instance. The Nexus UI functions correctly when started on its own. It renders correctly when I browse it at http://nexus.mydomain.com:59906

I then change Nexus to port 59907 and set Nginx to listen on port 59906 and proxy_pass to localhost:59907. Now if I try to browse the site I get 3 broken images, the text “initializing …” and an empty iframe (it appears that the index mark-up is served as expected). When I look at the browser Developer Tools -> Network tab, Chrome reports that all the resources except the initial domain failed to load… MS Edge reports all resources got a 200 OK response, but displays the same dead images, text and empty iframe. Firefox shows the resources with no status, but with a red bar in the load time and a tool tip on the bar stating they are blocked. As I understand it this indicates the browser has too many connections open and is waiting for one to become free. Some resources also have a DNS resolution bar as well.

The nginx user is part of the nexus group so permissions should not be a problem. I have enabled the SE Linux httpd_can_network_connect flag to allow the nginx process to connect to the Nexus socket.

All the resources have base URLs of: http://nexus.mydomain.com/static/rapture/resources/ which is the same when I run Nexus without Nginx proxying.

I have tried using both the conf.d and sites-available + sites-enabled techniques of managing Nginx configs. As you can see in the following nginx.conf I currently have conf.d commented to use sites-enabled instead.

nginx.conf

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    index index.html index.htm index.php;

    include       /etc/nginx/mime.types;

    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    #gzip  on;

   # include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

This is the config I have in sites-available, sites-enabled contains a symlink to it.

nexus.conf

server {
  listen   *:59906;
  server_name nexus.mydomain.com;

  error_log    /var/log/nginx/error.log debug;

  location / {
    proxy_pass http://localhost:59907/;

    proxy_set_header Host $host;

    proxy_read_timeout 90s;
    proxy_connect_timeout 90s;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host "nexus.mydomain.com";
    proxy_set_header X-Forwarded-Proto $scheme;
  }
}

Nexus's nexus.properties looks like this:

# Jetty section
application-port=59907
# application-host=127.0.0.1
nexus-args=${jetty.etc}/jetty.xml,${jetty.etc}/jetty-http.xml,${jetty.etc}/jetty-requestlog.xml
# nexus-context-path=/

# Nexus section
# nexus-edition=nexus-pro-edition
# nexus-features=\
#  nexus-pro-feature

Nexus's jetty-http.xml is this:

  <Call name="addConnector">
    <Arg>
      <New id="httpConnector" class="org.eclipse.jetty.server.ServerConnector">
        <Arg name="server"><Ref refid="Server"/></Arg>
        <Arg name="acceptors" type="int"><Property name="jetty.http.acceptors" default="-1"/></Arg>
        <Arg name="selectors" type="int"><Property name="jetty.http.selectors" default="-1"/></Arg>
        <Arg name="factories">
          <Array type="org.eclipse.jetty.server.ConnectionFactory">

            <!--<Item>
              <New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
            </Item>-->
            <Item>
              <New class="org.sonatype.nexus.bootstrap.jetty.InstrumentedConnectionFactory">
                <Arg>
                  <New class="org.eclipse.jetty.server.HttpConnectionFactory">
                    <Arg name="config">
                      <Ref refid="httpConfig"/>
                    </Arg>
                  </New>
                </Arg>
              </New>
            </Item>
          </Array>
        </Arg>
        <Set name="host"><Property name="application-host" /></Set>
        <Set name="port"><Property name="application-port"/></Set>
        <Set name="idleTimeout"><Property name="jetty.http.timeout" default="30000"/></Set>
        <Set name="soLingerTime"><Property name="jetty.http.soLingerTime" default="-1"/></Set>
        <Set name="acceptorPriorityDelta"><Property name="jetty.http.acceptorPriorityDelta" default="0"/></Set>
        <Set name="acceptQueueSize"><Property name="jetty.http.acceptQueueSize" default="0"/></Set>
      </New>
    </Arg>
  </Call>

</Configure>

I have tried this config with the “ProxyConnectionFactory” uncommented as well.

I have read as much as I can find on configuring Nginx as a reverse proxy and general configuration including:

https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/

https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/

https://www.nginx.com/resources/wiki/start/topics/examples/server_blocks/

https://www.nginx.com/resources/wiki/start/topics/examples/javaservers/

This last one gave me a glimmer of hope. But from what I can see, the Jetty instance inside Nexus does not follow the standard setup.

And I have tried to find some reference to my particular issue:

https://groups.google.com/a/glists.sonatype.com/forum/#!topic/nexus-users/HRBRpjU03b8

https://support.sonatype.com/hc/en-us/articles/213464728-Why-is-the-Nexus-user-interface-broken-

https://stackoverflow.com/questions/10075304/nginx-fails-to-load-css-files

Nexus Repository OSS reverse proxy

(and more, but I am limited to 8 links due to low rep.)

But nothing seems to reference my specific problem and none of the fixes have had any effect on it.

Several solutions suggest serving static content directly from Nginx, however, I have not been able to find a directory of static resources in the Nexus directories other than a few bits in the /public/ directory, along with a swagger interface.

So my question is : Does any one know if my problem is that I need to serve the static content directly and if so how do I achieve that.

OR

Can you see some other configuration issue that is causing the resources not to load.

Thanks for any pointers and/or solutions.

MrRed
  • 11
  • 5

1 Answers1

0

Eventually I found this issue report on the Sonatype Nexus boards: https://issues.sonatype.org/browse/NEXUS-11603

There is an additional piece of configuration required to run Nexus on a non-default port that the Nexus documentation regarding Nginx set up has omitted. Instead of just specifying the host in the proxy_set_header directive in Nginx, you must specify the port as well, like this:

proxy_set_header Host $host:$server_port;

This worked for me and I hope it will save some one else some pain configuring Nginx

MrRed
  • 11
  • 5