Docker repository - Unsupported protocol scheme "null"

[giacgbj]

I just upgraded from nexus-3.76.1-01 to nexus-3.77.0-08 and I can't login to a hosted Docker repository anymore. The error is:

$ docker login 1.2.3.4:2375
Error response from daemon: Get "http://1.2.3.4:2375/v2/": Get "null://1.2.3.4:2375/v2/token?account=foo&client_id=docker&offline_token=true&service=null%3A%2F%2F1.2.3.4%3A2375%2Fv2%2Ftoken": unsupported protocol scheme "null"

[sicode]

same error msg

3.76.1-01 is good?

[giacgbj]

3.76.1-01 is good?

Yes, it is.

[xszuflax]

Hello,

I'm seeing the same error with pulls on 3.77.1:

$ docker pull registry:5001/centos:latest
Error response from daemon: Head "http://registry/v2/centos/manifests/latest": Get "null://registry/v2/token?scope=repository%3Acentos%3Apull&service=null%3A%2F%2Fregistry%3A5001%2Fv2%2Ftoken": unsupported protocol scheme "null"

I wonder since it did not show up in release test runs maybe this is due to some legacy option carried from a previous version?

Can one force schema so the value is not null but for example http in jetty? settings?

[xszuflax]

I just checked the docker daemon on a linux machine and the logs suggest http/https mixup:

Feb 10 10:26:06 gitlab-runner-03 dockerd[2073]: time="2025-02-10T10:26:06.603001221Z" level=error msg="Handler for POST /v1.45/images/create returned error: Head \"http://registry:18080/v2/v2/repository/[...]/latest\": Get \"null://registry:18080/v2/token?scope=repository%3Av2%2Frepository%2F[...]%3>

Feb 10 10:26:06 gitlab-runner-03 dockerd[2073]: time="2025-02-10T10:26:06.601879054Z" level=info msg="Attempting next endpoint for pull after error: Head \"http://registry.local:18080/v2/v2/repository/[...]/latest\": Get \"null://registry:18080/v2/token?scope=repository%3Av2%2Frepository%2F[...]%3Apull&se>

Feb 10 10:26:06 gitlab-runner-03 dockerd[2073]: time="2025-02-10T10:26:06.590663359Z" level=info msg="Attempting next endpoint for pull after error: Get \"https://registry:18080/v2/\": http: server gave HTTP response to HTTPS client" spanID=abff1808a5baed15 traceID=bf0aac0ac52862012c875e96ed561ef2

Feb 10 10:26:06 gitlab-runner-03 dockerd[2073]: time="2025-02-10T10:26:06.590254879Z" level=warning msg="Error getting v2 registry: Get \"https://registry:18080/v2/\": http: server gave HTTP response to HTTPS client" spanID=abff1808a5baed15 traceID=bf0aac0ac52862012c875e96ed561ef2

1. double v2/v2 in the first log
2. somehow https is in the mix
3. repo is configured as insecure registry
4. docker engine was not updated
5. update was from 3.76.1 > 3.77.1
6. before updated all was good
7. [...] and registry in urls are anonymized

[giacgbj]

As a workaround, I modified the class org.sonatype.nexus.bootstrap.jetty.NexusRequestCustomizer as follows:

  @Override
  public void customize(final Connector connector, final HttpConfiguration channelConfig, final Request request) {
    HttpURI uri = request.getHttpURI();
    String path = uri.getPath();

    request.setScheme("http"); // <=== ADD THIS

    [...]
  }

[xszuflax]

hello @giacgbj ,

would you mind attaching compiled class? or even the whole nexus-bootstrap-3.77.1-01.jar?

[giacgbj]

hello @giacgbj ,

would you mind attaching compiled class? or even the whole nexus-bootstrap-3.77.1-01.jar?

It's the compiled class from 3.77.0-08, but it should work fine.

[xszuflax]

Nice, thank you it worked 👍

[tcaty]

same here with sonatype/nexus3:latest

[hgs-creyno08]

Same problem here. Can't apply workaround because we're running the container sonatype/nexus3:latest

I tried downgrading to 3.76.1 but nexus won't start because of the data folder upgrade.

2025-02-11 17:51:43,388+0000 ERROR [FelixStartLevel]  *SYSTEM org.sonatype.nexus.upgrade.datastore.internal.UpgradeServiceImpl - Failed transition: NEW -> STARTED
org.sonatype.nexus.upgrade.datastore.UpgradeException: The database appears to be from a later version of Nexus Repository
        at org.sonatype.nexus.upgrade.datastore.internal.UpgradeManagerImpl.checkSchemaVersionIsAcceptable(UpgradeManagerImpl.java:204)

Is there a way to force a downgrade?

[suikast42]

The same here.

1. If I checkout the cbx then I can login Allow anonymous docker pull ( Docker Bearer Token Realm required )
2. The anonymous pull works only behind trafik proxy.

[woshikid]

I patched the compiled class into the sonatype/nexus3 docker image and now I can pull images again. Thanks @giacgbj

[suikast42]

I patched the compiled class into the sonatype/nexus3 docker image and now I can pull images again. Thanks @giacgbj

Is that in the next release of nexus ?

[woshikid]

I patched the compiled class into the sonatype/nexus3 docker image and now I can pull images again. Thanks @giacgbj

Is that in the next release of nexus ?

No, I just patched it into my local image as a workaround.

[bruce-stewart]

I patched the compiled class into the sonatype/nexus3 docker image and now I can pull images again. Thanks @giacgbj

Is that in the next release of nexus ?

No, I just patched it into my local image as a workaround.

I can confirm that this worked for me too, for my deployment of 3.77.1-01, using docker.

1. Copy the jar from the nexus container
   docker cp nexus:/opt/sonatype/nexus/system/org/sonatype/nexus/nexus-bootstrap/3.77.1-01/nexus-bootstrap-3.77.1-01.jar .
2. Replace the NexusRequestCustomizer.class file in the jar
3. chown 0:0 nexus-bootstrap-3.77.1-01.jar
4. chmod 644 nexus-bootstrap-3.77.1-01.jar
5. docker cp nexus-bootstrap-3.77.1-01.jar nexus:/opt/sonatype/nexus/system/org/sonatype/nexus/nexus-bootstrap/3.77.1-01
6. Restart the nexus container

[neal-richardson-bluescape]

for anyone brand new to Nexus (like myself) if you don't actually need "Allow anonymous docker pull" you might try un-checking that box.

when I un-check that box, the error went away for me, and I'm able to push/pull to the repo as desired.

[custardpy]

Same here. Can we expect the patch soon?

[bruce-stewart]

@mpiggott Could you label this issue as a bug perhaps?

[ocstaron]

With the class file above http works again, but then https doesn't work! We need both working!!!