Sonatype Nexus: Proxy from SSL using Apache

Question

We're running Sonatype's Nexus to store all of our builds, cache our dependencies, etc. etc. However, I'd like to move away from the default install's port 8081 URL and instead host it over SSL via an Apache proxy. I've setup Apache's mod_proxy to proxy to it such that https://myserver.com/nexus brings up Nexus. I used the following configuration directives inside of my virtual host config:

# Configure mod_proxy to be used for proxying URLs on this site to other URLs/ports on this server.
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
  AddDefaultCharset off
  Order deny,allow
  Allow from all
</Proxy>

# Proxy the Sonatype Nexus OSS web application running at http://localhost:8081/nexus
<Location /nexus>
  ProxyPass http://localhost:8081/nexus
  ProxyPassReverse http://localhost:8081/nexus
</Location>

This seems to match the instructions at Running Nexus Behind a Proxy. However, I was unable to clear the "Base URL" setting in Nexus: it wouldn't let me leave it blank.

And everything mostly works: I can access Nexus at the HTTPS URL, log in, and perform most GUI functions.

However, when logging in I get the following warning message:

WARNING: Base URL setting of http://myserver.com/nexus does not match your actual URL! If you're running Apache mod_proxy, here's more information on configuring Nexus with it.

And not everything in the GUI actually works. So far I've noticed the following:

• System Feeds: Gives the following error:

  Problem accessing /nexus/service/local/feeds. Reason:

  The resource identified by the request is only capable of generating response entities which have content characteristics not acceptable according to the accept headers sent in the request

  Nexus returned an error: ERROR 406: The resource identified by the request is only capable of generating response entities which have content characteristics not acceptable according to the accept headers sent in the request

• Deleting Hosted Repositories: I went through and deleted several empty & unneeded repositories. However, after confirming the deletions, only the first was removed. I had to login to the 8081 site to delete any of the others.

Answer 1

Per the documentation, it looks like a better solution may be to add a RequestHeader to the Apache configuration:

RequestHeader set X-Forwarded-Proto "https"

I tried the accepted answer, which appears to work, but once I added the RequestHeader, I was able to uncheck Force URL and the warning was cleared. I have not tested the other behavior the OP is describing, though.