We proxy the Atlassian Maven repo: Index of maven-external/ through our Nexus Repository Manager instance to allow developer access. For whatever reason it seems that Atlassian has chosen to configure this to return a 401 Unauthorized instead of a 404 not found when the instance receives a request for a path which does not exist at their server. This is problematic as this false unauthorized error then causes the Nexus proxy repo to auto-block as it is being detected as “un-healthy”. With the group functionality in Nexus, it can be quite common for Nexus to send a request for an artifact that does not exist in any given repository.
Is this something that will be corrected? Our only option at this point in time has been to disable our auto-blocking feature.
We use Nexus too, but never had such problems…
Do you have an example of a problematic request?
I just tried something and the repo returns a 404…
Hint:
(if not already done) In your group repository you can sort the linked repos. So put the Atlassian repos to the end, so that hits will try Maven central or other repos with “more” dependencies first.
Thanks amoerchen - Here are some examples from what we have been seeing:
WARN [qtp1331064762-16344] anonymous org.sonatype.nexus.proxy.maven.maven2.M2Repository - Remote peer of proxy repository “EVAL_ATLASSIAN” [id=EVAL_ATLASSIAN] threw a org.sonatype.nexus.proxy.RemoteAuthenticationNeededException exception. Please set up authorization information for this repository. Auto-blocking this repository to prevent further connection-leaks and known-to-fail outbound connections until administrator fixes the problems, or Nexus detects remote repository as healthy. - Cause(s): Unauthorized
curl -H “User-Agent: Nexus/2.14.17-01 (PRO; Linux; 3.10.0-1062.18.1.el7.x86_64; amd64; 1.8.0_242) apacheHttpClient4x/2.14.17-01” -I https://packages.atlassian.com/mvn/maven-external/gov/ssa/emr/emrEARModule/maven-metadata.xml
HTTP/1.1 401 Unauthorized
Date: Wed, 29 Jul 2020 16:07:02 GMT
Content-Type: application/json;charset=ISO-8859-1
Server: globaledge-envoy
X-Artifactory-Id: 400d335acb9fbc9ca5960dcfaea494cf596be44a
X-Artifactory-Node-Id: i-0749ca37681729d44
Www-Authenticate: Basic realm=“Artifactory Realm”
X-Envoy-Upstream-Service-Time: 9
Expect-Ct: report-uri=“https://web-security-reports.services.atlassian.com/expect-ct-report/artifactory”, max-age=86400
X-Logging-Id: de80cf70-1d63-429c-a0f6-b8babadad1b2
Strict-Transport-Security: max-age=63072000; preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Transfer-Encoding: chunked
We have already rearranged the group repository order and I should also mention that this instance is currently still Nexus 2, we’re in the process of migrating to a new Nexus 3 instance.
Ah, you are right. Trying to get (any) maven-metadata.xml requires authentication…
I think you should contact Atlassian support regarding this. Maybe they just changed something (again…).
Or maybe just use these:
Source: Atlassian Maven Repositories 2818705