How to configure maven settings.xml to access nexus behind an apache proxy

Jörgen Persson picture Jörgen Persson · Mar 24, 2013 · Viewed 16.7k times · Source

I'm having trouble with getting artifacts from nexus and I hope that the community can help me out. It is not a problem to access and work in the nexus web application (I've set the Base URL to https://www.fakesitename.com/nexus).

All calls to https://www.fakesitename.com/nexus is redirected / forwarded / proxied (what's the correct terminology?) to an internal server on the network

<VirtualHost *:443>
  ServerName www.fakesitename.com
  ServerAdmin [email protected]

  DocumentRoot /var/www
  <Directory />
    Options FollowSymLinks
    AllowOverride None
  </Directory>

  ErrorLog ${APACHE_LOG_DIR}/error.log
  LogLevel warn
  CustomLog ${APACHE_LOG_DIR}/access.log combined

  <Proxy *>
    AddDefaultCharset Off
    Order deny,allow
    Allow from all
  </Proxy>

  ProxyRequests Off
  ProxyPreserveHost On

  ProxyPass /nexus http://192.168.0.178:8081/nexus
  ProxyPassReverse /nexus http://192.168.0.178:8081/nexus

  SSLEngine on
  SSLCertificateFile /certs/mysite/ssl.crt
  SSLCertificateKeyFile /certs/mysite/ssl.key
</VirtualHost>

The settings.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
          http://maven.apache.org/xsd/settings-1.0.0.xsd">
  <mirrors>
    <mirror>
      <id>public</id>
      <mirrorOf>*</mirrorOf>
      <url>https://www.fakesitename.com/nexus/content/groups/public</url>
    </mirror>
  </mirrors>

<!-- What should be in here?
  <proxies>
    <proxy>
      <id>myproxy</id>
      <active>true</active>
      <protocol>https</protocol>
      <host>www.fakesitename.com</host>
      <port>443</port>
      <nonProxyHosts>127.0.0.1|192.168.0.178</nonProxyHosts>
    </proxy>
  </proxies>
-->
  <servers>
    <server>
      <id>releases</id>
      <username>deployment</username>
      <password>deployment123</password>
    </server>
    <server>
      <id>snapshots</id>
      <username>deployment</username>
      <password>deployment123</password>
    </server>
  </servers>
  <profiles>
    <profile>
      <id>nexus</id>
      <repositories>
        <repository>
          <id>central</id>
          <url>https://www.fakesitename.com/nexus/content/groups/public</url>
          <releases><enabled>true</enabled></releases>
          <snapshots><enabled>true</enabled></snapshots>
        </repository>
      </repositories>
      <pluginRepositories>
        <pluginRepository>
          <id>central</id>
          <url>https://www.fakesitename.com/nexus/content/groups/public</url>
          <releases><enabled>true</enabled></releases>
          <snapshots><enabled>true</enabled></snapshots>
        </pluginRepository>
      </pluginRepositories>
    </profile>
  </profiles>
  <activeProfiles>
    <activeProfile>nexus</activeProfile>
  </activeProfiles>
</settings>

When I run for instance mvn clean of a project with the proxies section outcommented I get ...peer not authenticated...

 [INFO] Scanning for projects...
 Downloading: https://www.fakesitename.com/nexus/content/groups/public/com/fakesitename/poms/super/1.3/super-1.3.pom
[ERROR] The build could not read 1 project -> [Help 1]
[ERROR]   
[ERROR]   The project com.fakesitename.library:application:1.3-SNAPSHOT (/tmp/application/pom.xml) has 1 error
[ERROR]     Non-resolvable parent POM: Could not transfer artifact com.fakesitename.poms:super:pom:1.3 from/to public (https://www.fakesitename.com/nexus/content/groups/public): peer not authenticated and 'parent.relativePath' points at wrong local POM @ line 5, column 11 -> [Help 2]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/ProjectBuildingException
[ERROR] [Help 2] http://cwiki.apache.org/confluence/display/MAVEN/UnresolvableModelException

j

and with the section not outcommented

[INFO] Scanning for projects...
Downloading: https://www.fakesitename.com/nexus/content/groups/public/com/fakesitename/poms/super/1.3/super-1.3.pom
mar 24, 2013 10:12:39 EM org.apache.maven.wagon.providers.http.httpclient.impl.client.DefaultRequestDirector tryConnect
INFO: I/O exception (org.apache.maven.wagon.providers.http.httpclient.NoHttpResponseException) caught when connecting to the target host: The target server failed to respond
mar 24, 2013 10:12:39 EM org.apache.maven.wagon.providers.http.httpclient.impl.client.DefaultRequestDirector tryConnect
INFO: Retrying connect
mar 24, 2013 10:12:39 EM org.apache.maven.wagon.providers.http.httpclient.impl.client.DefaultRequestDirector tryConnect
INFO: I/O exception (org.apache.maven.wagon.providers.http.httpclient.NoHttpResponseException) caught when connecting to the target host: The target server failed to respond
mar 24, 2013 10:12:39 EM org.apache.maven.wagon.providers.http.httpclient.impl.client.DefaultRequestDirector tryConnect
INFO: Retrying connect
mar 24, 2013 10:12:39 EM org.apache.maven.wagon.providers.http.httpclient.impl.client.DefaultRequestDirector tryConnect
INFO: I/O exception (org.apache.maven.wagon.providers.http.httpclient.NoHttpResponseException) caught when connecting to the target host: The target server failed to respond
mar 24, 2013 10:12:39 EM org.apache.maven.wagon.providers.http.httpclient.impl.client.DefaultRequestDirector tryConnect
INFO: Retrying connect
[ERROR] The build could not read 1 project -> [Help 1]
[ERROR]   
[ERROR]   The project com.fakesitename.library:application:1.3-SNAPSHOT (/tmp/application/pom.xml) has 1 error
[ERROR]     Non-resolvable parent POM: Could not transfer artifact com.fakesitename.poms:super:pom:1.3 from/to public (https://www.fakesitename.com/nexus/content/groups/public): The target server failed to respond and 'parent.relativePath' points at wrong local POM @ line 5, column 11 -> [Help 2]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/ProjectBuildingException
[ERROR] [Help 2] http://cwiki.apache.org/confluence/display/MAVEN/UnresolvableModelException

If I change the settings file to use http://192.168.0.178:8081 directly, it succeeds.

[INFO] Scanning for projects...
Downloading: http://192.168.0.178:8081/nexus/content/groups/public/com/fakesitename/poms/super/1.3/super-1.3.pom
Downloaded: http://192.168.0.178:8081/nexus/content/groups/public/com/fakesitename/poms/super/1.3/super-1.3.pom (33 KB at 157.3 KB/sec)
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO] 
...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.243s
[INFO] Finished at: Sun Mar 24 22:22:01 CET 2013
[INFO] Final Memory: 6M/17M
[INFO] ------------------------------------------------------------------------

So, I really don't know what to do. I want to be able to use the "official" https address in the settings.xml file

Answer

nabcos picture nabcos · Mar 25, 2013

"peer not authenticated" usually means the SSL certificate presented by the server is not signed by an authority the client JRE knows about (e.g. self-signed).

If that is the case, you need to import the CA certificate into the JRE's trust store (or override it with your own).