Quantcast
Channel: Java mon amour
Viewing all articles
Browse latest Browse all 1121

Nexus 3.10 Docker hosted repository on HTTPS

$
0
0
https://support.sonatype.com/hc/en-us/articles/213465098-How-to-Configure-HTTPS-Protocols-Used-By-Nexus

https://support.sonatype.com/hc/en-us/articles/213465768-SSL-Certificate-Guide

https://hub.docker.com/r/bradbeck/nexus-https/


https://hub.docker.com/r/bradbeck/nexus-https/~/dockerfile/

FROM sonatype/nexus3 
MAINTAINER Brad Beck <bradley.beck+docker@gmail.com>
ENV NEXUS_SSL=${NEXUS_HOME}/etc/ssl
ENV PUBLIC_CERT=${NEXUS_SSL}/cacert.pem \
PUBLIC_CERT_SUBJ=/CN=localhost \
PRIVATE_KEY=${NEXUS_SSL}/cakey.pem \
PRIVATE_KEY_PASSWORD=password ARG GOSU_VERSION=1.10

USER root
RUN yum -y update && yum install -y openssl libxml2 libxslt && yum clean all
RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
&& curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-amd64" \
&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-amd64.asc" \
&& gpg --verify /usr/local/bin/gosu.asc \
&& rm /usr/local/bin/gosu.asc \
&& rm -r /root/.gnupg/ \
&& chmod +x /usr/local/bin/gosu

RUN sed \
-e '/^nexus-args/ s:$:,${jetty.etc}/jetty-https.xml:' \
-e '/^application-port/a \
application-port-ssl=8443\
' \
-i ${NEXUS_HOME}/etc/nexus-default.properties
COPY entrypoint.sh ${NEXUS_HOME}/entrypoint.sh
RUN chown nexus:nexus ${NEXUS_HOME}/entrypoint.sh && chmod a+x ${NEXUS_HOME}/entrypoint.sh
VOLUME [ "${NEXUS_SSL}" ]
EXPOSE 8443 WORKDIR ${NEXUS_HOME}
ENTRYPOINT [ "./entrypoint.sh" ]
CMD [ "bin/nexus", "run"]




[root@9118f1784d46 ssl]# more /opt/sonatype/nexus/entrypoint.sh
#!/usr/bin/env bash

set -x
set -eo pipefail

if [ "$1" == 'bin/nexus' ]; then
if [ ! -f "$NEXUS_SSL/keystore.jks" ]; then
mkdir -p $NEXUS_SSL
if [ ! -f $PUBLIC_CERT ] && [ ! -f $PRIVATE_KEY ]; then
openssl req -nodes -new -x509 -keyout $PRIVATE_KEY -out $PUBLIC_CERT -subj
"${PUBLIC_CERT_SUBJ}"
fi
if [ ! -f $NEXUS_SSL/jetty.key ]; then
openssl pkcs12 -export -in $PUBLIC_CERT -inkey $PRIVATE_KEY -out $NEXUS_SS
L/jetty.key -passout pass:$PRIVATE_KEY_PASSWORD
fi
$JAVA_HOME/bin/keytool -importkeystore -noprompt -deststorepass $PRIVATE_KEY
_PASSWORD -destkeypass $PRIVATE_KEY_PASSWORD -destkeystore $NEXUS_SSL/keystore.j
ks -srckeystore $NEXUS_SSL/jetty.key -srcstoretype PKCS12 -srcstorepass $PRIVATE
_KEY_PASSWORD
sed -r '/<Set name="(KeyStore|KeyManager|TrustStore)Password">/ s:>.*$:>'$PR
IVATE_KEY_PASSWORD'</Set>:' -i $NEXUS_HOME/etc/jetty/jetty-https.xml
fi

mkdir -p "$NEXUS_DATA"
chown -R nexus:nexus "$NEXUS_DATA"

exec gosu nexus "$@"
fi

exec "$@"








create a Docker hosted repo on HTTPS port 8282

no need for insecure registry:

[centos@localhost ~]$ docker run -d -p 127.0.0.1:8081:8081 -p 127.0.0.1:8443:8443 -p 127.0.0.1:8482:8482 -v ~/nexus-data:/nexus-data -v ~/nexus-ssl:/opt/sonatype/nexus/etc/ssl --name nexus bradbeck/nexus-https
4b4e525ee28d5f10a26c4667065f15a7e9f308412bbcc6ebab18e2a030c042dd
[centos@localhost ~]$ netstat -an | grep 8482
tcp 0 0 127.0.0.1:8482 0.0.0.0:* LISTEN
[centos@localhost ~]$ docker login https://localhost:8482
Username: admin
Password:
Login Succeeded

this is the image https://hub.docker.com/r/bradbeck/nexus-https/~/dockerfile/





Viewing all articles
Browse latest Browse all 1121

Trending Articles