1

I have some Apache mod_rewrite rules set up to redirect Maven deploys from one url/server to another. We're in the process of migrating from Nexus to Artifactory and need these redirects set up so that teams can still use the Nexus URLs for a period of time without breaking builds. Here's an example of our mod_rewrite rule:

RewriteRule ^/nexus/content/repositories/nexus-repository/(.*)$ https://artifactory-instance.net/repository/$1 [NE,R=301,L]

The rule successfully redirects GET requests to the new Artifactory URL, but we're having an issue of the Authorization Header being dropped on the redirect. We get a 401 Error, and by running a cURL PUT command to push individual artifacts, I'm able to see that the Authorization Header is being dropped:

...
> PUT /nexus/content/repositories/nexus-repository/com/maven/hello-world/1.0.0/hello-world-1.0.0.jar HTTP/1.1
> Host: nexus-instance.com
> Authorization: Basic XXXXXXXXXX
> User-Agent: curl/7.54.0
> Accept: */*
> Content-Length: 2540
> Expect: 100-continue
> 
< HTTP/1.1 301 Moved Permanently
< Date: Thu, 23 Apr 2020 17:27:22 GMT
< Server: Apache/2.4.37 (Red Hat Enterprise Linux)
< Location: https://artifactory-instance.net/repository/com/maven/hello-world/1.0.0/hello-world-1.0.0.jar
< Content-Length: 311
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
...
> PUT /repository/com/maven/hello-world/1.0.0/hello-world-1.0.0.jar HTTP/1.1
> Host: artifactory-instance.net
> User-Agent: curl/7.54.0
> Accept: */*
> Content-Length: 2540
> Expect: 100-continue
> 
< HTTP/1.1 100 Continue
* We are completely uploaded and fine
< HTTP/1.1 401 Unauthorized
< Date: Thu, 23 Apr 2020 17:27:22 GMT
...
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm="Artifactory Realm"
< Content-Type: application/json;charset=ISO-8859-1
< Transfer-Encoding: chunked
...

cURL has a flag called --location-trusted. When I apply it to my test cURL command, it passes the Authorization Header to the redirect.

My question is, is there any sort of equivalent to --location-trusted in httpd? What can I do to pass the authentication header along through the redirect?

1 Answers1

0

I figured out what I needed to get this to work. mod_rewrite isn't going to get this to work, but using mod_proxy I was able to get this to work:

ProxyPreserveHost Off
SSLProxyEngine On

<Location /nexus/content/repositories/nexus-repository>
    ProxyPass https://artifactory-instance.net/repository
    ProxyPassReverse https://artifactory-instance.net/repository
</Location>

It won't redirect the users to the URL but it will display the Artifactory content within the nexus URL.