Configuration of Nexus Helm Chart: HTTPS Serving HTTP Resources












0















I ran the following command:



kubectl create secret tls nexus-tls --cert cert.crt --key privateKey.pem


where cert.crt contains my certificate and privateKey.pem contains my private key (provisioned using CloudFlare).



I then installed the stable/sonatype-nexus Helm chart with the following configuration:



nexusProxy:
env:
nexusDockerHost: containers.<<NEXUS_HOST>>
nexusHttpHost: nexus.<<NEXUS_HOST>>

nexusBackup:
enabled: true
nexusAdminPassword: <<PASSWORD>>
env:
targetBucket: gs://<<BACKUP_BUCKET_NAME>>
persistence:
storageClass: standard

ingress:
enabled: true
path: /*
annotations:
kubernetes.io/ingress.allow-http: true
kubernetes.io/tls-acme: true
kubernetes.io/ingress.class: gce
kubernetes.io/ingress.global-static-ip-name: <<STATIC_IP_ADDRESS_NAME>>
tls:
enabled: true
secretName: nexus-tls

persistence:
storageClass: standard
storageSize: 1024Gi

resources:
requests:
cpu: 250m
memory: 4800Mi


by running the command:



helm install -f values.yaml stable/sonatype-nexus


The possible configuration values for this chart are documented here.



When I visit http://nexus.<<NEXUS_HOST>>, I am able to access the Nexus Repository. However, when I access https://nexus.<<NEXUS_HOST>>, I receive mixed content warnings, because HTTP resources are being served.



If I set the nexusProxy.env.enforceHttps environment variable to true, when I visit https://nexus.<<NEXUS_HOST>>, I get a response back which looks like:



HTTP access is disabled. Click here to browse Nexus securely: https://nexus.<<NEXUS_HOST>>.


How can I ensure that Nexus is served securely? Have I made a configuration error, or does the issue lie elsewhere?










share|improve this question





























    0















    I ran the following command:



    kubectl create secret tls nexus-tls --cert cert.crt --key privateKey.pem


    where cert.crt contains my certificate and privateKey.pem contains my private key (provisioned using CloudFlare).



    I then installed the stable/sonatype-nexus Helm chart with the following configuration:



    nexusProxy:
    env:
    nexusDockerHost: containers.<<NEXUS_HOST>>
    nexusHttpHost: nexus.<<NEXUS_HOST>>

    nexusBackup:
    enabled: true
    nexusAdminPassword: <<PASSWORD>>
    env:
    targetBucket: gs://<<BACKUP_BUCKET_NAME>>
    persistence:
    storageClass: standard

    ingress:
    enabled: true
    path: /*
    annotations:
    kubernetes.io/ingress.allow-http: true
    kubernetes.io/tls-acme: true
    kubernetes.io/ingress.class: gce
    kubernetes.io/ingress.global-static-ip-name: <<STATIC_IP_ADDRESS_NAME>>
    tls:
    enabled: true
    secretName: nexus-tls

    persistence:
    storageClass: standard
    storageSize: 1024Gi

    resources:
    requests:
    cpu: 250m
    memory: 4800Mi


    by running the command:



    helm install -f values.yaml stable/sonatype-nexus


    The possible configuration values for this chart are documented here.



    When I visit http://nexus.<<NEXUS_HOST>>, I am able to access the Nexus Repository. However, when I access https://nexus.<<NEXUS_HOST>>, I receive mixed content warnings, because HTTP resources are being served.



    If I set the nexusProxy.env.enforceHttps environment variable to true, when I visit https://nexus.<<NEXUS_HOST>>, I get a response back which looks like:



    HTTP access is disabled. Click here to browse Nexus securely: https://nexus.<<NEXUS_HOST>>.


    How can I ensure that Nexus is served securely? Have I made a configuration error, or does the issue lie elsewhere?










    share|improve this question



























      0












      0








      0








      I ran the following command:



      kubectl create secret tls nexus-tls --cert cert.crt --key privateKey.pem


      where cert.crt contains my certificate and privateKey.pem contains my private key (provisioned using CloudFlare).



      I then installed the stable/sonatype-nexus Helm chart with the following configuration:



      nexusProxy:
      env:
      nexusDockerHost: containers.<<NEXUS_HOST>>
      nexusHttpHost: nexus.<<NEXUS_HOST>>

      nexusBackup:
      enabled: true
      nexusAdminPassword: <<PASSWORD>>
      env:
      targetBucket: gs://<<BACKUP_BUCKET_NAME>>
      persistence:
      storageClass: standard

      ingress:
      enabled: true
      path: /*
      annotations:
      kubernetes.io/ingress.allow-http: true
      kubernetes.io/tls-acme: true
      kubernetes.io/ingress.class: gce
      kubernetes.io/ingress.global-static-ip-name: <<STATIC_IP_ADDRESS_NAME>>
      tls:
      enabled: true
      secretName: nexus-tls

      persistence:
      storageClass: standard
      storageSize: 1024Gi

      resources:
      requests:
      cpu: 250m
      memory: 4800Mi


      by running the command:



      helm install -f values.yaml stable/sonatype-nexus


      The possible configuration values for this chart are documented here.



      When I visit http://nexus.<<NEXUS_HOST>>, I am able to access the Nexus Repository. However, when I access https://nexus.<<NEXUS_HOST>>, I receive mixed content warnings, because HTTP resources are being served.



      If I set the nexusProxy.env.enforceHttps environment variable to true, when I visit https://nexus.<<NEXUS_HOST>>, I get a response back which looks like:



      HTTP access is disabled. Click here to browse Nexus securely: https://nexus.<<NEXUS_HOST>>.


      How can I ensure that Nexus is served securely? Have I made a configuration error, or does the issue lie elsewhere?










      share|improve this question
















      I ran the following command:



      kubectl create secret tls nexus-tls --cert cert.crt --key privateKey.pem


      where cert.crt contains my certificate and privateKey.pem contains my private key (provisioned using CloudFlare).



      I then installed the stable/sonatype-nexus Helm chart with the following configuration:



      nexusProxy:
      env:
      nexusDockerHost: containers.<<NEXUS_HOST>>
      nexusHttpHost: nexus.<<NEXUS_HOST>>

      nexusBackup:
      enabled: true
      nexusAdminPassword: <<PASSWORD>>
      env:
      targetBucket: gs://<<BACKUP_BUCKET_NAME>>
      persistence:
      storageClass: standard

      ingress:
      enabled: true
      path: /*
      annotations:
      kubernetes.io/ingress.allow-http: true
      kubernetes.io/tls-acme: true
      kubernetes.io/ingress.class: gce
      kubernetes.io/ingress.global-static-ip-name: <<STATIC_IP_ADDRESS_NAME>>
      tls:
      enabled: true
      secretName: nexus-tls

      persistence:
      storageClass: standard
      storageSize: 1024Gi

      resources:
      requests:
      cpu: 250m
      memory: 4800Mi


      by running the command:



      helm install -f values.yaml stable/sonatype-nexus


      The possible configuration values for this chart are documented here.



      When I visit http://nexus.<<NEXUS_HOST>>, I am able to access the Nexus Repository. However, when I access https://nexus.<<NEXUS_HOST>>, I receive mixed content warnings, because HTTP resources are being served.



      If I set the nexusProxy.env.enforceHttps environment variable to true, when I visit https://nexus.<<NEXUS_HOST>>, I get a response back which looks like:



      HTTP access is disabled. Click here to browse Nexus securely: https://nexus.<<NEXUS_HOST>>.


      How can I ensure that Nexus is served securely? Have I made a configuration error, or does the issue lie elsewhere?







      kubernetes nexus kubernetes-helm






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 26 '18 at 18:24







      Charles Salmon

















      asked Nov 25 '18 at 22:36









      Charles SalmonCharles Salmon

      310110




      310110
























          0






          active

          oldest

          votes











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53472704%2fconfiguration-of-nexus-helm-chart-https-serving-http-resources%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53472704%2fconfiguration-of-nexus-helm-chart-https-serving-http-resources%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          404 Error Contact Form 7 ajax form submitting

          How to know if a Active Directory user can login interactively

          Refactoring coordinates for Minecraft Pi buildings written in Python