For a Docker proxy repo, when the component max age expires and Nexus makes a request to the remote registry for an already cached Docker asset e.g manifest, if the remote proxy returns a 401 response then the proxy repo will return to the client a 404 (not found) status code and "manifest unknown" message. This fails the download of a previously already cached asset still in the proxy repo.
- Two Nexus instance. On one instance create a hosted docker repository, on the other create a proxy docker repository to the hosted repo.
- Configure the remote to require authentication and configure the proxy repo with a user that has read permissions to the remote repo.
- Upload an image to the hosted repo.
- Pull the image via the proxy repo.
- Edit the username/password settings on the proxy repo so that they are incorrect.
- Invalidate the cache on the proxy repo and also remove the image from the client side.
- Request the image again.
The pull will fail with the following response if this was a manifests request.
Set proxy repo component max age to -1. Setting component max age to -1, will prevent any tags already cached from being updated if the tags are republished with different hashes at the remote - ie. latest