I’m having trouble puling from a nexus hosted docker repository (“my-repo”) directly on rhel9 behind nginx which is configured to listen on 443 with ssl, servername my-repo.my-domain[dot]com
This is my nginx.conf:
user nginx;
worker processes auto;
error log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
proxy_send_timeout 120;
proxy_read_timeout 300;
proxy_buffering off;
keepalive_timeout 5 5;
tcp_nodelay on;
}
server {
listen 443 ssl;
server_name my-repo.my-domain.com;
ssl_certificate /etc/pki/tls/certs/my-repo.my-domain[dot]com.crt;
ssl_certificate_key /etc/pki/tls/private/my-repo.my-domain[dot]com.key;
# General proxy for the Nexus web interface
location / {
proxy_pass http://127.0.0.1:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Proxy for Docker registry API (v2)
location /v2/ {
proxy_pass http://127.0.0.1:8081/repository/repo/; #this was set according to repo path in webinterface
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection keep-alive;
}
}
and this is my nexus.properties:
nexus-host=0.0.0.0
nexus.http.port=8081
nexus.https.port=
(I previously tried with just nexus-host=0.0.0.0 and nexus.port=8081 with similar results)
Certs from our CA were generated and are in /etc/pki/tls/certs/my-repo.my-domain.com.crt
and /etc/pki/tls/private/my-repo.my-domain.com.key
Anonymous pull is enabled.
I can browse to the webinterface of the repo at its server name and log in.
I can docker log into the repo via docker login my-repo.my-domain[dot]com.
However, trying to pull an image with just “docker pull my-repo.my-domain[dot]com/ubuntu” results in pulling the html displayed when browsing to the repo path in a webbrowser.
Same if I add the full path /repository/repo/ubuntu.
If I include port 8081 and pull from my-repo.my-domain[dot]com:8081/ubuntu (or :8081/repository/repo/ubuntu) it errors with:
Error response from daemon: http: server gave HTTP response to HTTPS client
I noticed the repo path in the webinterface includes https, even on newly created repos; is that expected? My nginx.conf is still using http, if I change to https I get error 502 instead.
firewalld on the system is disabled, and selinux temporarily set to permissive.
The docker client attempting to connect is on a different machine (wsl2 on win11) and can pull from the official repos without issue.
It’s my first time working with docker, nginx and nexus, so I’m a bit lost on where to continue looking.