Search code examples
dockerdocker-registrynexus3

Can't login to nexus3 docker repo: https://registry.mysite.online/v2: 404

When I trying to login Nexus docker repo - I get an error:

docker login https://registry.mysite.online
Username: admin
Password: 
Error response from daemon: login attempt to https://registry.mysite.online/v2/ failed with status: 404 Not Found

I added Docker hosted repo to nexus, without specifying any port - same error

Nexus itself is behind nginx reverse proxy, here's config:


http {
    client_body_buffer_size     32k;
    client_header_buffer_size   8k;
    large_client_header_buffers 8 64k;
    proxy_send_timeout        120;
    proxy_read_timeout        300;
    proxy_buffering           off;
    tcp_nodelay               on;
    ssl_certificate /etc/letsencrypt/live/mysite.online/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mysite.online/privkey.pem;
    ssl_dhparam /usr/lib/python3/dist-packages/certbot/ssl-dhparams.pem;
    client_max_body_size      1G;

    sendfile on;
    tcp_nopush on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;


    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    gzip on;
    include /etc/nginx/conf.d/*.conf;


  server {
    server_name             registry.mysite.online;
    listen                  *:443 ssl;
    location / {
      proxy_pass            http://localhost:8081/;
      proxy_redirect        off;
      proxy_set_header      Host $host;
      proxy_set_header      X-Real-IP $remote_addr;
      proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header      X-Forwarded-Host $server_name;
      proxy_set_header      X-Forwarded-Proto $scheme;
    }
  }
}

There aren't any problems with a Helm repos - so it's not TLS trouble

I've already tried to google it - and I didn't find answer for my question

I tried: Set up an separate server rule for port 5000 Set a HTTPS port for repo with 443

And got same error

Solution

  • Found it! So, you must get a nexus docker ports via nexus swagger, located at http://site/#admin/system/api

    Find /v1/repositories/docker/hosted query and execute it. You'll get response smth like this:

    curl -X 'POST' \
  'https://registry.site.online/service/rest/v1/repositories/docker/hosted' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -H 'NX-ANTI-CSRF-TOKEN: 0.9591684909938468' \
  -H 'X-Nexus-UI: true' \
  -d '{
  "name": "internal",
  "online": true,
  "storage": {
    "blobStoreName": "default",
    "strictContentTypeValidation": true,
    "writePolicy": "allow_once",
    "latestPolicy": true
  },
  "cleanup": {
    "policyNames": [
      "string"
    ]
  },
  "component": {
    "proprietaryComponents": true
  },
  "docker": {
    "v1Enabled": false,
    "forceBasicAuth": true,
    "httpPort": 8082,
    "httpsPort": 8083,
    "subdomain": "docker-a"
  }
}'

    "docker": {} - it's what we need

    and after that you can configure a port through which you'll be able to login to docker

    I couldn't configure docker login through https port, so I used an http (8082)

    Final nginx.conf could looks like this

    user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {
    client_body_buffer_size     32k;
    client_header_buffer_size   8k;
    large_client_header_buffers 8 64k;
    proxy_send_timeout        120;
    proxy_read_timeout        300;
    proxy_buffering           off;
    tcp_nodelay               on;
    ssl_certificate /etc/letsencrypt/live/site.online/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/site.online/privkey.pem;
    ssl_dhparam /usr/lib/python3/dist-packages/certbot/ssl-dhparams.pem;
    client_max_body_size      1G;

    sendfile on;
    tcp_nopush on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;


    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    gzip on;
    include /etc/nginx/conf.d/*.conf;


  server {
    server_name             nexus.site.online;
    listen                  *:443 ssl;
    location / {
      proxy_pass            http://localhost:8081/;
      proxy_redirect        off;
      proxy_set_header      Host $host;
      proxy_set_header      X-Real-IP $remote_addr;
      proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header      X-Forwarded-Host $server_name;
      proxy_set_header      X-Forwarded-Proto $scheme;
     }
   }
   server {
    server_name             registry.site.online;
    listen                  *:443 ssl;
    location / {
      proxy_pass            http://localhost:8082/;
      proxy_redirect        off;
      proxy_set_header      Host $host;
      proxy_set_header      X-Real-IP $remote_addr;
      proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header      X-Forwarded-Host $server_name;
      proxy_set_header      X-Forwarded-Proto $scheme;
    }
 }
}