Nexus 3.12.0 - How to set up jetty to work as reverse proxy

[V Kranthi]

Hi,

I recently started working on Nexus and set up Nexus 3.12.0. Everything is good and i am able to access it using localhost:8081.

Now i am trying to make it available through our domain and was wondering how to set it up.

I do not want to install or use any external reverse proxy server and was trying to see how to leverage the existing jetty server with in nexus.

Any help is greatly appreciated.

Thankyou,

Kranthi.

[Michael Prescott]

What kind of configuration are you looking to do?

While it's theoretically possible, if you get into more advanced configuration changes you risk having to modify the bits of Jetty that NXRM considers as an internal dependency. Doing this can complicate your upgrade process—in some cases, you'll have to manually make the same configuration changes as you upgrade NXRM.

--
You received this message because you are subscribed to the Google Groups "Nexus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nexus-users...@glists.sonatype.com.
To post to this group, send email to nexus...@glists.sonatype.com.
To view this discussion on the web visit https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/6b7400f8-b518-4eb2-9ca2-b808bd6ee664%40glists.sonatype.com.
For more options, visit https://groups.google.com/a/glists.sonatype.com/d/optout.

[V Kranthi]

Hi Michael,

Thank you for the post. 

I checked one of our old instances of Nexus (1.9) and they have conf folder which contains jetty.xml file and plexus.properties and plexus.xml files.

With configurations with in these files they were able to set up the reverse proxy to nexus server.

I am expecting to find similar configuration for Nexus 3.12. Is that possible?

Thank you,

Kranthi.

[Rich Seddon]

Can you clarify exactly what you're trying to achieve here?  I don't understand what you mean by "set up the reverse proxy to nexus server" within Jetty.    A reverse proxy is an intermediate server that sits in between clients and a server.  I guess hypothetically you could have Jetty forward requests to itself, but for what reason?

What are you trying to get Jetty to do that it is not currently doing?

[V Kranthi]

Hi Rich,

I am trying to expose my nexus instance that is running on localhost:8082 as http://mydomain.com/nexus to my internal applications.

I do not want to expose it to our side world. It needs to be internal to our company. That is why i did not want to use our standard IIS servers that sit out side of our company firewall.

I want some proxy server with in the network that does this work for me. Since i am planning to set this up only for nexus, i wanted to check if i could use the Jetty server OR set up an NGINX server on the same machine where nexus is running.

Hope it makes sense. Let me know if my understanding is not right and if there is any other way to achieve this.

Thankyou,

Kranthi.

[Rich Seddon]

I am trying to expose my nexus instance that is running on localhost:8082 as http://mydomain.com/nexus to my internal applications.

This is running on Linux? If so, the only way you could get Nexus to run port 80 would be to run it as root.  This is because ports under 1024 are restricted on Linux. 

Running Nexus Repo as root is not recommended.  

Using nginx is a much better approach.  You can find example configuration for doing this here:

https://help.sonatype.com/display/NXRM3/Run+Behind+a+Reverse+Proxy#RunBehindaReverseProxy-nginx

[V Kranthi]

Hi Rich,

My Nexus instance is running on Windows.

I am trying Nginx now, i am still waiting for my DNS to be setup but in the mean time i wanted to try with IP address.

I am running nginx on port 90 and nexus on port 8081. When i try localhost:90 on the browser it is trying to load nexus instance but not loading it completely.

The rewrite is ignoring the port and the requests are going to localhost/....and i am getting 404 errors. 

Any suggestions on how to fix it.

I followed the documentation and updated nginx config to 

erver {
    listen   *:90;
    server_name  localhost;
  
    # allow large uploads of files
    client_max_body_size 1G;
  
    # optimize downloading files larger than 1G
    #proxy_max_temp_file_size 2G;
  
    location / {
      proxy_pass http://localhost:8082;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
  }

--Thankyou.

[Rich Seddon]

Since you are on Windows you can just configure Nexus to run on port 80, nginx is not needed.

Edit sonatype-work/nexus3/etc/nexus.properties and add this line:

application-port=80

[V Kranthi]

Hi Rich,

Thankyou for the response and sorry for the delay in getting back.

I can set up application-port to 80 but unfortunately we have another application running on that port.

I got a DNS setup from our network team guys and running nexus on port 90. I think there is no other option than specifying the port in the URL. But that should work for now.

Thankyou so much for all your help with this.

Kranthi.

[Morten Bjoernsvik]

I recomment using a apache/nginx/haproxy as reverse proxy. Especially if you use docker you need ssl termination

The easiest way to do this is to add letsencrypt certbot and use the same cert for nexus:

# ssl was automatically set up by certbot

# see https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache

cat /etc/apache2/sites-enabled/000-default-le-ssl.conf
:
ProxyPass /nexus http://192.168.10.90:8081/nexus
ProxypassReverse /nexus http://192.168.10.90:8081/nexus
ProxyPassReverseCookiePath / /nexus
RequestHeader set X-Forwarded-Proto "https"