Proxy docker registry from nexus

1. Caddy version (caddy version): v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=

2. How I run Caddy:

caddy run

a. System environment:

Ubuntu 20.04

b. Command:

caddy validate

c. Service/unit/compose file:

d. My complete Caddyfile or JSON config:

(letls) {
	tls {
		resolvers ns1.digitalocean.com ns2.digitalocean.com ns3.digitalocean.com

		dns digitalocean <apikey>
	}
}
nexus.evva.link {
	rewrite / /nexus
	reverse_proxy http://10.64.192.106:8081 {
		header_up Host {http.reverse_proxy.upstream.hostport}
		header_up X-Forwarded-Host {host}
	}
        reverse_proxy /v2 {
                to http://10.64.192.106:18082/repository/evva-docker-group/{request_uri}
                transparent
        }

	import letls
}

3. The problem I’m having:

We use nexus3 as an artifact repository. There are also the docker registries. I want to proxy them so we dont need to use the port. There is an example for nginx but I am not able to get it to work for caddy.

4. Error messages and/or full log output:

Error during parsing: due to parsing difficulties, placeholders are not allowed when an upstream address contains a scheme

5. What I already tried:

6. Links to relevant resources:

https://help.sonatype.com/repomanager3/nexus-repository-administration/formats/docker-registry/docker-repository-reverse-proxy-strategies

Path matching is exact in Caddy v2. This will only match requests to /v2 and nothing else, i.e. it won’t match /v2/foo.

You can’t specify a path in reverse_proxy to perform a rewrite.

If you need to add a path prefix, use the rewrite directive to do so.

This option doesn’t exist in Caddy v2. It was a thing in Caddy v1, but it’s the default behaviour how in v2.

Ok it was not that complex as I thought.
Thats it I just created a new section and it works like a charm =)
On the nexus itself I configured a docker group that got all our docker-repos and the docker-hub (proxy) in it on port http 18082 if somebody needs that setup too =)
We only use http because we have a software defined network where all the caddy proxy stuff is running.

      docker.evva.link {
        
        reverse_proxy http://10.64.192.106:18082 {
          header_up Host {http.reverse_proxy.upstream.hostport}
          header_up X-Forwarded-Host {host}
        }
        import letls
      }

Another option would be:

nexus.evva.link {
	rewrite / /nexus
	reverse_proxy http://10.64.192.106:8081 {
		header_up Host {http.reverse_proxy.upstream.hostport}
		header_up X-Forwarded-Host {host}
	}
        reverse_proxy /v2/* http://10.64.192.106:18082 {
          header_up Host {http.reverse_proxy.upstream.hostport}
          header_up X-Forwarded-Host {host}
        }

	import letls
}
1 Like

Are you sure you need these, btw?

This will set the Host header to 10.64.192.106:8081.

Usually, the default behaviour of passing through the Host as-is, is what you want. These headers are typically only needed if you’re proxying to your upstream over HTTPS, as noted here:

This topic was automatically closed after 30 days. New replies are no longer allowed.