nexus-repository-composer
nexus-repository-composer copied to clipboard
sonatype-nexus-community
Proxy for private repository with basic auth
Thanks for creating an issue! Please fill out this form so we can be sure to have all the information we need, and to minimize back and forth.
- What are you trying to do?
Add Magento composer repository to nexus.
I get an error from composer :
[Composer\Downloader\TransportException]
The "https://<my_domain>/repository/composer-magento/packages.json" file could not be downloaded (HTTP/1.1 503 Service Unavailable)
From nexus side :
2019-11-15 09:47:01,450+0000 INFO [qtp1645437026-137287] org.sonatype.nexus.repository.httpclient.internal.HttpClientFacetImpl - Repository status for composer-magento changed from READY to AUTO_BLOCKED_UNAVAILABLE until 2019-11-15T09:47:41.449Z - reason Unauthorized for https://repo.magento.com
2019-11-15 09:47:01,452+0000 WARN [qtp1645437026-137287] org.sonatype.nexus.repository.composer.internal.ComposerProxyFacetImpl - Exception org.sonatype.nexus.repository.proxy.ProxyServiceException: HTTP/1.1 401 Unauthorized checking remote for update, proxy repo composer-magento failed to fetch packages.json with status line HTTP/1.1 401 Unauthorized, content not in cache.
- What feature or behavior is this required for?
Mutualize repository and access to modules.
- How could we solve this issue? (Not knowing is okay!)
Don't know
- Anything else?
Hi,
I got the exact same error. I double-checked my Magento credentials (using curl), but still, repo.magento.com sends HTTP 401 error.
Here is a verbose trace about the problem: nexus.log
Additional info. It seems that this plugin does not use the username/password to send to the remote composer repo. Below is request/response from my log. There is no Authentication header:
2020-12-11 09:04:50,843+0000 DEBUG [qtp1778681424-212] *UNKNOWN org.apache.http.headers - http-outgoing-4 >> GET /packages.json HTTP/1.1
2020-12-11 09:04:50,844+0000 DEBUG [qtp1778681424-212] *UNKNOWN org.apache.http.headers - http-outgoing-4 >> Host: repo.magento.com
2020-12-11 09:04:50,844+0000 DEBUG [qtp1778681424-212] *UNKNOWN org.apache.http.headers - http-outgoing-4 >> Connection: Keep-Alive
2020-12-11 09:04:50,844+0000 DEBUG [qtp1778681424-212] *UNKNOWN org.apache.http.headers - http-outgoing-4 >> User-Agent: Nexus/3.29.0-02 (OSS; Linux; 4.9.53-5.ph2-esx; amd64; 1.8.0_272) Composer/1.9.9 (Unknown; Unknown; 7.4.0; 1.1)
2020-12-11 09:04:50,845+0000 DEBUG [qtp1778681424-212] *UNKNOWN org.apache.http.headers - http-outgoing-4 >> Accept-Encoding: gzip,deflate
2020-12-11 09:04:51,106+0000 DEBUG [qtp1778681424-212] *UNKNOWN org.apache.http.headers - http-outgoing-4 << HTTP/1.1 401 Unauthorized
2020-12-11 09:04:51,107+0000 DEBUG [qtp1778681424-212] *UNKNOWN org.apache.http.headers - http-outgoing-4 << Date: Fri, 11 Dec 2020 09:07:22 GMT
2020-12-11 09:04:51,107+0000 DEBUG [qtp1778681424-212] *UNKNOWN org.apache.http.headers - http-outgoing-4 << Content-Type: application/json
2020-12-11 09:04:51,107+0000 DEBUG [qtp1778681424-212] *UNKNOWN org.apache.http.headers - http-outgoing-4 << Transfer-Encoding: chunked
2020-12-11 09:04:51,108+0000 DEBUG [qtp1778681424-212] *UNKNOWN org.apache.http.headers - http-outgoing-4 << Connection: keep-alive
2020-12-11 09:04:51,108+0000 DEBUG [qtp1778681424-212] *UNKNOWN org.apache.http.headers - http-outgoing-4 << Server: nginx
2020-12-11 09:04:51,108+0000 DEBUG [qtp1778681424-212] *UNKNOWN org.apache.http.headers - http-outgoing-4 << Cache-Control: no-cache, private
2020-12-11 09:04:51,108+0000 DEBUG [qtp1778681424-212] *UNKNOWN org.apache.http.headers - http-outgoing-4 << X-Frame-Options: DENY
2020-12-11 09:04:51,109+0000 DEBUG [qtp1778681424-212] *UNKNOWN org.apache.http.headers - http-outgoing-4 << Strict-Transport-Security: max-age=15984000
I have the same issue . is there any workaround to solve this problem ?
I have the same issue but with APT proxy repository.
Can we please someone from Sonatype tell us if this is going to be fixed in near time?
Can we please someone from Sonatype tell us if this is going to be fixed in near time?
The code for composer and apt isn't related.
I am also experiencing an issue that sounds the same as this one. The repository I am unable to add as a proxy is https://composer.freemius.com/ The proxy repo is not working because of authentication.
I have a composer repo that does authenticate so I compared the debug logs between them. It seems the one that does work is unauthenticated at first, responds back with this header 'WWW-Authenticate: Basic realm="SatisPress"' and because of that nexus composer then authenticates. I see in the logs 2021-12-29 19:33:59,169+0000 DEBUG [qtp968825879-1005] davidsch org.apache.http.impl.client.TargetAuthenticationStrategy - Authentication schemes in the order of preference: [Digest, Basic]
Looking at the same similar log lines when it attempts to connect to the repo that is not authenticating I see no 'WWW-Authenticate' response so instead of it logging in, in replace of the log line above I see: 2021-12-29 18:30:11,909+0000 DEBUG [qtp968825879-885] davidsch org.apache.http.impl.auth.HttpAuthenticator - Response contains no authentication challenges
So I guess the issue is that the http client is "too" much conforming to HTTP standards while Composer isn't? If I understand correctly Composer repos don't provide the authentification methods in the response which is why Nexus doesn't try to authenticate? This could probably be "solved" / worked around by having a small proxy in between requests that adds the headers?
There are many composer repos on there and it seems some do not respond back with the WWW-Authenticate header the Java library nexus (and this plugin) needs to decide what authentication information to use on a subsequent request. We dug into the code but with other issues experienced with Nexus' composer plugin we have decided to no longer use it. We are moving to use Satis which can (essentially) "proxy" to all the repos we need.
Other repositories on the market do have composer built in. Hopefully at some point sonatype builds composer repos directly into nexus since this separate unsupported plugin has a number of holes / bugs in it.
Thanks
I dug a little bit into this:
- Supporting authentification for those repos is actually super easy, and already supported by both Nexus and the HTTP Client settings. It's the "preemptive" authentification which needs to be available, the UI type
nx-coreui-repository-httpclient-facet-with-preemptive-authneeds to be used to display the setting in the repository setting and enabling it just works. I'll open a PR to display that. - The reason why repo.magento.com and possibly other repos don't work actually isn't mainly because of missing authentification: It's because the repos don't provide a package list, which this plugin currently (hardcoded(!)) expects to be at
/packages/list.json. And that's issue #85.
I dug a little bit into this:
- Supporting authentification for those repos is actually super easy, and already supported by both Nexus and the HTTP Client settings. It's the "preemptive" authentification which needs to be available, the UI type
nx-coreui-repository-httpclient-facet-with-preemptive-authneeds to be used to display the setting in the repository setting and enabling it just works. I'll open a PR to display that.- The reason why repo.magento.com and possibly other repos don't work actually isn't mainly because of missing authentification: It's because the repos don't provide a package list, which this plugin currently (hardcoded(!)) expects to be at
/packages/list.json. And that's issue Relying on optional list key in packages.json makes it incompatible with certain repositories #85.
Any news with repo.magento.com? I can't proxy to this repo and I need it. Thanks.
