How to Configure IIS as a Reverse Proxy for Sonatype Products

The Nexus documentation provides steps for configuring Nexus Repository Manager to run behind a reverse proxy. The information below will help you configure an IIS server to act as a reverse proxy server.

  1. On your reverse proxy server, install IIS and Application Request Routing following the product documentation
  2. Using the IIS Manager console, select the Default Web Site and open URL Rewrite.
  3. Use URL Rewrite to create your inbound rule. From the Actions pane, select the Add Rule… template and create a new Reverse Proxy rule. Click OK to enable proxy functionality if you are prompted. Choose a name for your Inbound Rule and click OK.
  4. Create server variables for the HTTP headers. In the Actions pane, click View Server Variables. Add the following variables:
    HTTP_X_FORWARDED_HOST
    HTTP_X_FORWARDED_PROTO

    IIS_server_variables.png
    then click Back to Rules.
  5. Set values for the server variables in your inbound rule. Highlight the Inbound rule and click Edit. Under Server Variables click Add. Select the server variable names from the drop down and assign the following values:
    HTTP_X_FORWARDED_HOST should contain the domain name and (optionally) port of the original host requested by the client 
    HTTP_X_FORWARDED_PROTO should be https if your IIS server is configured to use SSL, otherwise http
    

    IIS_rule_variables.png
  6. Restart IIS. In the Connections pane select the server name, then Restart the server from the Actions pane.

Once your configuration is complete, the web.config file in inetpub\wwwroot will contain entries similar to the following:

<rules>
    <rule name="ReverseProxyInboundRule1" stopProcessing="true">
        <match url="(.*)" />
        <action type="Rewrite" url="http://localhost:8081/{R:1}" />
        <serverVariables>
            <set name="HTTP_X_FORWARDED_HOST" value=“nexus.mydomain.org” />
            <set name="HTTP_X_FORWARDED_PROTO" value="http" />
        </serverVariables>
    </rule>
</rules>

With a reverse proxy in front of Nexus you may also wish to create a Base URL capability which the repository manager will use to construct correct URLs to the user interface within email notifications.

HTTP POST Requests Fail With 404 Status Code

Some interactions with Sonatype products use HTTP POST requests:

  • uploads using the Nexus Repository Manager 2.x user interface ( repository Upload tab and Staging Upload )
  • Nexus IQ Server Evaluate Binary action

These operations may require a POST request that exceeds the default content limits set by IIS ( approx. 28.6 MB). When this happens, the requests do not pass through to the Sonatype servers and are instead returned from IIS as a error with 404 status code, sub-status code 13, and a message Content Length Too Large.

Consult the official IIS documentation for options to allow for larger POST requests.

External References About Configuring IIS

Nexus Repository OSS reverse proxy 

IIS Forums

Inspecting Inbound Request Headers in Nexus Repository Manager

You can inspect the HTTP request headers being sent to Nexus Repository Manager from a reverse proxy. This will help prove that your reverse proxy is sending Nexus the correct header values.

Troubleshooting IIS Reverse Proxy Problems

For troubleshooting IIS reverse proxy, Microsoft recommends enabling Failed Request Tracing which creates an xml file for each request. The IIS forums are also a good resource.

 

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk