Environment and software version
OS
CentOS Linux release 7.4.1708 (Core)
Nexus
OSS 3.6.0-02
Docker--version
Docker version 1.12.6, build 85d7426/1.12.6
The first nexus turns on HTTPS
-because Docker uses HTTPS link by default, although it is configured with HTTP but it is recommended to use HTTPS and setup parameters are not successful
Nexus Turn on HTTPS access
1 Self-visa book generation
Cd/home/nexus/soft/nexus-3.6.0-02/etc/ssl
Keytool-genkeypair-keystore keystore.jks-storepass changeit-keypass changeit-alias jetty-keyalg rsa-keysize 2048-v Alidity 5000-dname "Cn=*.nexus, Ou=example, O=sonatype, l=unspecified, st=unspecified, c=us"-ext "SAN=DNS:nexus,IP : 192.168.xx.xx "-ext" Bc=ca:true "
2 Modifying the Nexus Configuration
2.1/home/nexus/soft/sonatype-work/nexus3/etc/nexus.properties
Reference
# Jetty Section
# application-port=8081
# application-host=0.0.0.0
# Nexus-args=${jetty.etc}/jetty.xml,${jetty.etc}/jetty-http.xml,${jetty.etc}/jetty-requestlog.xml
# nexus-context-path=/
Securescheme=https
secureport=9443
application-port-ssl=9443
application-host=192.168.xx.xx
nexus-args=${jetty.etc}/jetty.xml,${jetty.etc}/jetty-http.xml,${jetty.etc}/jetty-requestlog.xml,${jetty.etc}/ Jetty-https.xml
# Nexus Section
# nexus-edition=nexus-pro-edition
# nexus-features=\
# nexus-pro-feature
2.2 Modifying Jetty-https.xml
/home/nexus/soft/nexus-3.6.0-02/etc/jetty/jetty-https.xml
Refer to modifying fragments
<new id= "Sslcontextfactory" class= "Org.eclipse.jetty.util.ssl.SslContextFactory" >
<!--
<set name= "Keystorepath" ><property name= "Ssl.etc"/>/home/nexus/soft/nexus-3.6.0-02/etc/ssl/ Keystore.jks</set>
<set name= "Keystorepassword" >nexus3</Set>
<set name= "Keymanagerpassword" >nexus3</Set>
<set name= "Truststorepath" ><property name= "Ssl.etc"/>/home/nexus/soft/nexus-3.6.0-02/etc/ssl/ Keystore.jks</set>
<set name= "Truststorepassword" >nexus3</Set>
-
<set name= "Keystorepath" ><property name= "Ssl.etc"/>/keystore.jks</set>
<set name= "Keystorepassword" >changeit</Set>
<set name= "Keymanagerpassword" >changeit</Set>
<set name= "Truststorepassword" >changeit</Set>
<set name= "Endpointidentificationalgorithm" ></Set>
<set name= "Needclientauth" ><property name= "Jetty.ssl.needClientAuth" default= "false"/></set>
<set name= "Wantclientauth" ><property name= "Jetty.ssl.wantClientAuth" default= "false"/></set>
<set name= "Excludeciphersuites" >
2.3 Restart Nexus
Visit https:IP:port
/home/nexus/soft/nexus-3.6.0-02/bin/nexus stop
/home/nexus/soft/nexus-3.6.0-02/bin/nexus start
2.4 New Docker Library
Reference picture Configuration
To this Nexus configuration setting is complete
Second Step Docker environment configuration
You must add the self-visa book to the Docker environment to be trusted or will report the following error
Error response from Daemon:get https://192.168.xx.xx:9445/v1/users/: X509:certificate signed by unknown authority
Export Certificate
CD xxx/xx/store/
Keytool-printcert-sslserver 192.168.XX.XX:9445-RFC >NEXUS.CRT
CP nexus.crt/etc/pki/ca-trust/source/anchors/
Update-ca-trust Extract
Change Host
Vi/etc/hosts
192.168.XX.XX Nexus
Restart Docker Demon
Service Docker stop
Service Docker start
Third Step Login-Ignore Nexus new account step assuming your account has been established
Docker login-u user-p Password nexus:9445
Or
# Docker Login nexus:9445
Username:admin
Password:
Login succeeded
Reference:
https://support.sonatype.com/hc/en-us/articles/217542177- Using-self-signed-certificates-with-nexus-repository-manager-and-docker-daemon
Https://help.sonatype.com/display/NXRM3/Configuring+SSL
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
