使用nexus搭建docker私服(嘴对嘴喂级)

随笔3个月前发布 我有钞能量
38 0 0
	本人比较菜,使用nexus搭docker私服,在网上搜索了大量的资料终于耗时两天才将之搭建好,所以赶紧记录下来,以免以后忘记了,也希望给各位同学有点点帮助。
	网上搜索的文章和视频大多比较简单,也不完整,看人家写的和讲的都很简单,自己动手好像这也不是那也不对的,先将详细过程记录下来。
	首先将下服务器架构,我使用了两台虚拟机作为服务器,再加一台虚拟机作为客户端,总共三台机器,分别如下:
	192.168.4.133  安装Nginx
	192.168.4.130  安装nexus
	192.168.4.132  测试客户端

123456

nexus的安装就不讲了,网上有好多教程,也很简单。

1.在nexus中创建仓库: proxy/host/group

docker_proxy_rat

Allow clients to use the V1 API to interact with this repository   ---选中
url:https://hub.rat.dev
docker index: use docker hub
blob store:dockerStore
其他的都默认

12345

docker_proxy_daocloud

url:https://docker.m.daocloud.io
其他的与上面的一样

12

docker_proxy_1panel

url:https://docker.1panel.live
其他的与上面的一样

12

docker_host

1. 勾选http,并设置端口号为9001(根据自己的设置)
2. Allow clients to use the V1 API to interact with this repository  --- 选中
3. Allow anonymous docker pull ( Docker Bearer Token Realm required ) --选中
4. Controls if deployments of and updates to artifacts are allowed  -- 选中Allow redeploy
5. 其他的默认

12345

docker_group

1. 勾选http,并设置端口号为8888(根据自己的设置)
2. Allow clients to use the V1 API to interact with this repository  --- 选中
3. Allow anonymous docker pull ( Docker Bearer Token Realm required ) --选中
4. Select and order the repositories that are part of this group  -- 选中上面几个,注意顺序:docker_host放到最前面,其他的几个顺序无所谓
5. 其他默认

12345

2.nexus docker容器开放端口

注意,需要暴露 8888/9001端口

version: "3"
services:
  nexus-server:
    image: sonatype/nexus3:3.71.0-06
    container_name: nexus371
    hostname: nexus-server
    ports:
      - 18081:8081
      - 5000:5000
      - 5001:5001
      - 8888:8888
      - 9001:9001
      - 9002:9002
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /usr/local/docker_data/nexus/datadir:/nexus-data
    restart: always


1234567891011121314151617

3.配置nginx开启https

这步必须要

在任意一台服务器安装Nginx并开启https

a.创建证书

# 在/usr/local/docker_data/nginx/ssl/目录中(也可以是自己定义的目录,后面需要使用)
openssl genrsa -aes256 -out ca-key.pem 4096  # ca-key.pem 为878412
openssl req -new -x509 -days 1000 -key ca-key.pem -sha256 -subj "/CN=*" -out ca.pem			#输入任意字符的密码,如:20240901
openssl genrsa -out server-key.pem 4096
openssl req -new -key server-key.pem -sha256 -subj "/CN=*" -out server.csr
openssl x509 -req -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -days 1000 -out server-cert.pem  #与上面输入的密码保持一致,如:20240901

123456

b. 配置Nginx,使用https代理nexus

user  nginx;
worker_processes  auto;
error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    client_max_body_size 100m;
    include /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    #gzip  on;
    upstream nexus_web {
        server 192.168.4.130:18081;  # nexus服务器实际安装的地址及端口
    }
    upstream nexus_docker_get {
        server 192.168.4.130:8888;  #nexus配置的docker_group的端口
    }
    upstream nexus_docker_put {
        server 192.168.4.130:9001; #nexus配置的docker_host的端口
    }
    server { # 用于通过nexus下载或上传docker容器.
        listen 80;
        listen 443 ssl;  # 1.1版本后这样写
        server_name hub.docker.llf.com; # 需要在访问端通过hosts配置hub.docker.llf.com 指向nagix所在的服务器地址
        ssl_certificate /etc/ssl/server-cert.pem;  # 这个是Nginx 容器内部的地址,需要在安装时映射到上面创建证书的目录:/usr/local/docker_data/nginx/ssl/.
        ssl_certificate_key /etc/ssl/server-key.pem;  # 绝对路径,同上
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        fastcgi_param  HTTPS        on;
        fastcgi_param  HTTP_SCHEME     https;
        chunked_transfer_encoding on;
        set $upstream "nexus_docker_put";
        # 当请求是GET,也就是拉取镜像的时候,这里改为拉取代理,如此便解决了拉取和推送的端口统一
        if ( $request_method ~* 'GET') {
            set $upstream "nexus_docker_get";
        }
        index index1.html index1.htm index1.php;
        location / {
            proxy_pass http://$upstream;
            proxy_set_header Host $host;
            proxy_connect_timeout 3600;
            proxy_send_timeout 3600;
            proxy_read_timeout 3600;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_buffering off;
            proxy_request_buffering off;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto http;
        }
    }
    server { # 用于从网页上访问nexus
        listen 80;
        listen 443 ssl;
        server_name repo.llf.com; # 需要在访问端通过hosts配置repo.llf.com指向nagix所在的服务器地址
        index index1.html index1.htm index1.php;
        ssl_certificate /etc/ssl/server-cert.pem;  # 这个是Nginx 容器内部的地址,需要在安装时映射到上面创建证书的目录:/usr/local/docker_data/nginx/ssl/.
        ssl_certificate_key /etc/ssl/server-key.pem;  # 绝对路径,同上
        ssl_protocols TLSv1.1 TLSv1.2;
        ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        location / {
                proxy_pass http://nexus_web;
                proxy_set_header Host $host;
                client_max_body_size 512m;
                proxy_connect_timeout 3600;
                proxy_send_timeout 3600;
                proxy_read_timeout 3600;
                proxy_buffering off;
                proxy_request_buffering off;
        }
    }
    # 引入扩展配置(可以细分服务nginx)
    # include /etc/nginx/conf.d/*.conf;
}


123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687
#nginx的compose.yml
version: '3'
services:
  nginx:
    hostname: nginx
    environment:
      TZ: Asia/Shanghai
    restart: always
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
    container_name: nginx127
    image: nginx:1.27
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro # 设置容器时区与宿主机保持一致
      - /usr/local/docker_data/nginx/conf/nginx.conf:/etc/nginx/nginx.conf
      - /usr/local/docker_data/nginx/logs:/var/log/nginx
      - /usr/local/docker_data/nginx/ssl:/etc/ssl/  # 证书保存目录的映射
      - /usr/local/docker_data/nginx/html:/usr/share/nginx/html


1234567891011121314151617181920212223

注意,还是在Nginx所在的服务器上还需要将/usr/local/docker_data/nginx/ssl/ca.pem 复制到/etc/docker/certs.d/hub.docker.llf.com目录中(hub.docker.llf.com目录必须与上面配置的域名保持一致)

c. 客户端配置

# 配置hosts文件:vim /etc/hosts
192.168.4.133 basesys.llf.com #Nginx 安装的服务器
192.168.4.133 hub.docker.llf.com #Nginx 安装的服务器
192.168.4.133 repo.llf.com  #Nginx 安装的服务器

1234
#/etc/docker/daemon.json
{
    "registry-mirrors": [
       "https://hub.docker.llf.com"
    ],
    "insecure-registries": ["hub.docker.llf.com"]
}

1234567
# 登录docker私服
login hub.docker.llf.com -u admin -p xxxx  #xxxx替换为nexus网页上登录时admin账号对应的密码
# 登录成功后即可 拉取或上传docker容器镜像(拉取应该是不需要登录的),如
docker pull mysql
# 执行成功后在nexus的仓库中应该就可以看到mysql的镜像了。

12345
© 版权声明

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...