Organizations hosting a Nexus Repository instance may have firewalls or HTTP Proxy Servers which must explicitly allow access to external hosts from internal networks.
Public registries such as the Docker Hub use multiple hosts and Content Delivery Networks (CDN) to serve content and scale requests.
In order for Nexus Repository to have a Docker Hub proxy repository which works correctly, it must have full HTTP access to the following hosts:
https://dseasb33srnrn.cloudfront.net/
https://production.cloudflare.docker.com/
This list is subject to change at the whim of Docker Inc. and is not in control of Sonatype.
If your Docker Hub proxy repository is not working correctly, you can enable outbound HTTP request DEBUG level logging to examine the requests being made from repository manager to verify that outbound requests are reaching their intended endpoint.