БЛОГ НА HUSL


nexus3 докер-репозиторий

Автор вопроса: Chef

есть нексус3 на виртуальной машине (без докер-контейнера), создан докер-репозиторий для выгрузки образов

    root@userpc:/home/ilya# curl -v -I https://nexus3.xx.ru:6677/v2/
*   Trying 172.22.xx.148:6677...
* TCP_NODELAY set
* Connected to nexus3.xxx.ru (172.22.xx.148) port 6677 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to nexus3.xx.ru:6677
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to nexus3.xx.ru:6677
root@userpc:/home/ilya#

nginx parameters on a virtual machine:
server {
    listen       80;
    server_name  nexus3.xx.ru;
    root          /var/www/html/;
    access_log  /var/log/nginx/nexus.access.log  main;
    location / {

      proxy_pass "http://127.0.0.1:8081";
      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;
      proxy_set_header        X-Forwarded-Ssl on;
      proxy_read_timeout      300;
      proxy_connect_timeout   300;
      }
}
server {
    listen       443 ssl;
    server_name  nexus3.xx.ru;

    ssl_protocols       TLSv1.2 TLSv1.3;
    #ssl_ciphers         AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
#    ssl_certificate  /etc/nginx/certs/xx/chain.crt;
#    ssl_certificate_key /etc/nginx/certs/xx/key.txt;
     ssl_certificate  /etc/nginx/certs/xx_new/fullchain1.crt;
     ssl_certificate_key /etc/nginx/certs/xx_new/key.txt;


    root          /var/www/html/;
    access_log  /var/log/nginx/ssl.nexus.access.log  main;
    error_log /var/log/nginx/ssl.nexus.error.log;
    location / {
      proxy_pass "http://127.0.0.1:8081";
      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;
      proxy_set_header        X-Forwarded-Ssl on;
      proxy_read_timeout      300;
      proxy_connect_timeout   300;

    }
    checking without a port:
    root@userpc:/home/ilya# curl -v -I https://nexus3.xx.ru
*   Trying 172.22.252.148:443...
* TCP_NODELAY set
* Connected to nexus3.xx.ru (172.22.252.148) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=*.xx.ru
*  start date: Apr 27 12:35:02 2022 GMT
*  expire date: Apr  8 20:59:59 2023 GMT
*  subjectAltName: host "nexus3.xx.ru" matched cert's "*.xx.ru"
*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign GCC R3 DV TLS CA 2020
*  SSL certificate verify ok.
> HEAD / HTTP/1.1
> Host: nexus3.xx.ru
> User-Agent: curl/7.68.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: nginx/1.20.1
Server: nginx/1.20.1
< Date: Wed, 25 May 2022 06:10:06 GMT
Date: Wed, 25 May 2022 06:10:06 GMT
< Content-Type: text/html
Content-Type: text/html
< Content-Length: 7925
Content-Length: 7925
< Connection: keep-alive
Connection: keep-alive
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
X-Frame-Options: DENY
< X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; mode=block
< Last-Modified: Wed, 25 May 2022 06:10:06 GMT
Last-Modified: Wed, 25 May 2022 06:10:06 GMT
< Pragma: no-cache
Pragma: no-cache
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate, post-check=0, pre-check=0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate, post-check=0, pre-check=0
< Expires: 0
Expires: 0

Источник

Ответы (1 шт):

Автор решения: Chef

ошибка была на https порту, нужный порт 6677 был занят, назначен новый 6688 "Create an HTTPS connector at specified port. Normally used if the server is configured for https" Вопрос можно закрыть.

→ Ссылка

licensed under cc by-sa 3.0 with attribution.