I ran the following command:
kubectl create secret tls nexus-tls --cert cert.crt --key privateKey.pemwhere cert.crt contains my certificate and privateKey.pem contains my private key (provisioned using CloudFlare).
I then installed the stable/sonatype-nexus Helm chart with the following configuration:
nexusProxy:
env:
nexusDockerHost: containers.<<NEXUS_HOST>>
nexusHttpHost: nexus.<<NEXUS_HOST>>
nexusBackup:
enabled: true
nexusAdminPassword: <<PASSWORD>>
env:
targetBucket: gs://<<BACKUP_BUCKET_NAME>>
persistence:
storageClass: standard
ingress:
enabled: true
path: /*
annotations:
kubernetes.io/ingress.allow-http: true
kubernetes.io/tls-acme: true
kubernetes.io/ingress.class: gce
kubernetes.io/ingress.global-static-ip-name: <<STATIC_IP_ADDRESS_NAME>>
tls:
enabled: true
secretName: nexus-tls
persistence:
storageClass: standard
storageSize: 1024Gi
resources:
requests:
cpu: 250m
memory: 4800Mi
by running the command:
helm install -f values.yaml stable/sonatype-nexusThe possible configuration values for this chart are documented here.
When I visit http://nexus.<<NEXUS_HOST>>, I am able to access the Nexus Repository. However, when I access https://nexus.<<NEXUS_HOST>>, I receive mixed content warnings, because HTTP resources are being served.
If I set the nexusProxy.env.enforceHttps environment variable to true, when I visit https://nexus.<<NEXUS_HOST>>, I get a response back which looks like:
HTTP access is disabled. Click here to browse Nexus securely: https://nexus.<<NEXUS_HOST>>.How can I ensure that Nexus is served securely? Have I made a configuration error, or does the issue lie elsewhere?