This is the opposite problem described in NEXUS-6889.
Configure an NPM proxy repository in Nexus to http://registry.npmjs.org. The intent to do this is to avoid going through an internal HTTP proxy server that affects requests using HTTPS.
Nexus makes primary metadata outbound requests to http://registry.npmjs.org, however metadata at that site may contain links to https://registry.npmjs.org tarballs. These https tarball urls are cached inside Nexus.
When a user configures Nexus to talk to http://registry.npmjs.org, they expect all communication to the remote to be over http - where this may matter is if they have Nexus configured with an HTTP proxy server that rewrites SSL certificates of the remote. They do not realize they need to explicitly trust the certificate that the proxy to https://registry.npmjs.org is returning because they have told Nexus to use http to the remote.
- Configure npm proxy to http://registry.npmjs.org
- Configure Nexus with an HTTP proxy that rewrites SSL certs that nexus will not implictly trust.
- curl -v http://localhost:8081/repository/npmjs-proxy/requirejs -o requirejs.json
- examine the metadata, it contains tarball urls to https://registry.npmjs.org
- curl -v http://localhost:8081/repository/npmjs-proxy/requirejs/-/requirejs-2.2.0.tgz -o /dev/null
- This fails, Nexus returns 502 Bad Gateway to the client.
- The nexus logs show Nexus tried to go to https://registry.npmjs.org/requirejs/-/requirejs-2.2.0.tgz and this failed because the certificate is not trusted.