nexus3 docker 本地镜像搭建

环境及软件版本

OS

CentOS Linux release 7.4.1708 (Core)

nexus

OSS 3.6.0-02

docker --version
Docker version 1.12.6, build 85d7426/1.12.6

第一步 nexus 开启https 

-因 docker默认使用 https链接，虽然有配置用http 但是推荐用https 还有是设置参数没成功

nexus 开启 https访问

1自签证书生成

cd /home/nexus/soft/nexus-3.6.0-02/etc/ssl

keytool -genkeypair -keystore keystore.jks -storepass changeit -keypass changeit -alias jetty -keyalg RSA -keysize 2048 -validity 5000 -dname "CN=*.nexus, OU=Example, O=Sonatype, L=Unspecified, ST=Unspecified, C=US" -ext "SAN=DNS:nexus,IP:192.168.xx.xx" -ext "BC=ca:true"

2 修改nexus 配置

2.1 /home/nexus/soft/sonatype-work/nexus3/etc/nexus.properties

参考

# Jetty section

# application-port=8081

# application-host=0.0.0.0

# nexus-args=${jetty.etc}/jetty.xml,${jetty.etc}/jetty-http.xml,${jetty.etc}/jetty-requestlog.xml

# nexus-context-path=/

secureScheme=https

securePort=9443

application-port-ssl=9443

application-host=192.168.xx.xx

nexus-args=${jetty.etc}/jetty.xml,${jetty.etc}/jetty-http.xml,${jetty.etc}/jetty-requestlog.xml,${jetty.etc}/jetty-https.xml

# Nexus section

# nexus-edition=nexus-pro-edition

# nexus-features=\

#  nexus-pro-feature

2.2 修改 jetty-https.xml

/home/nexus/soft/nexus-3.6.0-02/etc/jetty/jetty-https.xml

参考修改片段

 <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">

  <!--

    <Set name="KeyStorePath"><Property name="ssl.etc"/>/home/nexus/soft/nexus-3.6.0-02/etc/ssl/keystore.jks</Set>

    <Set name="KeyStorePassword">nexus3</Set>

    <Set name="KeyManagerPassword">nexus3</Set>

    <Set name="TrustStorePath"><Property name="ssl.etc"/>/home/nexus/soft/nexus-3.6.0-02/etc/ssl/keystore.jks</Set>

    <Set name="TrustStorePassword">nexus3</Set>

-->

<Set name="KeyStorePath"><Property name="ssl.etc"/>/keystore.jks</Set>

    <Set name="KeyStorePassword">changeit</Set>

    <Set name="KeyManagerPassword">changeit</Set>

    <Set name="TrustStorePassword">changeit</Set>

    <Set name="EndpointIdentificationAlgorithm"></Set>

    <Set name="NeedClientAuth"><Property name="jetty.ssl.needClientAuth" default="false"/></Set>

    <Set name="WantClientAuth"><Property name="jetty.ssl.wantClientAuth" default="false"/></Set>

    <Set name="ExcludeCipherSuites">

2.3 重启nexus 

访问 https:IP:port

/home/nexus/soft/nexus-3.6.0-02/bin/nexus stop

/home/nexus/soft/nexus-3.6.0-02/bin/nexus start

2.4 新建docker 库

参考图片配置

到此 nexus 配置设置完成

第二步 docker 环境配置

必须把自签证书加入到docker环境受信任不然会报如下错

          Error response from daemon: Get https://192.168.xx.xx:9445/v1/users/: x509: certificate signed by unknown authority

导出证书

   cd xxx/xx/store/

keytool -printcert -sslserver 192.168.xx.xx:9445 -rfc >nexus.crt

cp nexus.crt /etc/pki/ca-trust/source/anchors/

update-ca-trust extract

更改host

vi /etc/hosts

192.168.xx.xx  nexus

重启docker demon

service docker stop

service docker start

第三步 登录 - 忽略了nexus 新建账号步骤 假设你账号已经建立

docker login -u user -p password nexus:9445

or

# docker login  nexus:9445

Username: admin

Password:

Login Succeeded

参考：

https://support.sonatype.com/hc/en-us/articles/217542177-Using-Self-Signed-Certificates-with-Nexus-Repository-Manager-and-Docker-Daemon

https://help.sonatype.com/display/NXRM3/Configuring+SSL