本人比较菜,使用nexus搭docker私服,在网上搜索了大量的资料终于耗时两天才将之搭建好,所以赶紧记录下来,以免以后忘记了,也希望给各位同学有点点帮助。
网上搜索的文章和视频大多比较简单,也不完整,看人家写的和讲的都很简单,自己动手好像这也不是那也不对的,先将详细过程记录下来。
首先将下服务器架构,我使用了两台虚拟机作为服务器,再加一台虚拟机作为客户端,总共三台机器,分别如下:
192.168.4.133 安装Nginx
192.168.4.130 安装nexus
192.168.4.132 测试客户端
123456
nexus的安装就不讲了,网上有好多教程,也很简单。
1.在nexus中创建仓库: proxy/host/group
docker_proxy_rat
Allow clients to use the V1 API to interact with this repository ---选中
url:https://hub.rat.dev
docker index: use docker hub
blob store:dockerStore
其他的都默认
12345
docker_proxy_daocloud
url:https://docker.m.daocloud.io
其他的与上面的一样
12
docker_proxy_1panel
url:https://docker.1panel.live
其他的与上面的一样
12
docker_host
1. 勾选http,并设置端口号为9001(根据自己的设置)
2. Allow clients to use the V1 API to interact with this repository --- 选中
3. Allow anonymous docker pull ( Docker Bearer Token Realm required ) --选中
4. Controls if deployments of and updates to artifacts are allowed -- 选中Allow redeploy
5. 其他的默认
12345
docker_group
1. 勾选http,并设置端口号为8888(根据自己的设置)
2. Allow clients to use the V1 API to interact with this repository --- 选中
3. Allow anonymous docker pull ( Docker Bearer Token Realm required ) --选中
4. Select and order the repositories that are part of this group -- 选中上面几个,注意顺序:docker_host放到最前面,其他的几个顺序无所谓
5. 其他默认
12345
2.nexus docker容器开放端口
注意,需要暴露 8888/9001端口
version: "3"
services:
nexus-server:
image: sonatype/nexus3:3.71.0-06
container_name: nexus371
hostname: nexus-server
ports:
- 18081:8081
- 5000:5000
- 5001:5001
- 8888:8888
- 9001:9001
- 9002:9002
volumes:
- /etc/timezone:/etc/timezone:ro
- /usr/local/docker_data/nexus/datadir:/nexus-data
restart: always
1234567891011121314151617
3.配置nginx开启https
这步必须要
在任意一台服务器安装Nginx并开启https
a.创建证书
# 在/usr/local/docker_data/nginx/ssl/目录中(也可以是自己定义的目录,后面需要使用)
openssl genrsa -aes256 -out ca-key.pem 4096 # ca-key.pem 为878412
openssl req -new -x509 -days 1000 -key ca-key.pem -sha256 -subj "/CN=*" -out ca.pem #输入任意字符的密码,如:20240901
openssl genrsa -out server-key.pem 4096
openssl req -new -key server-key.pem -sha256 -subj "/CN=*" -out server.csr
openssl x509 -req -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -days 1000 -out server-cert.pem #与上面输入的密码保持一致,如:20240901
123456
b. 配置Nginx,使用https代理nexus
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
client_max_body_size 100m;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
upstream nexus_web {
server 192.168.4.130:18081; # nexus服务器实际安装的地址及端口
}
upstream nexus_docker_get {
server 192.168.4.130:8888; #nexus配置的docker_group的端口
}
upstream nexus_docker_put {
server 192.168.4.130:9001; #nexus配置的docker_host的端口
}
server { # 用于通过nexus下载或上传docker容器.
listen 80;
listen 443 ssl; # 1.1版本后这样写
server_name hub.docker.llf.com; # 需要在访问端通过hosts配置hub.docker.llf.com 指向nagix所在的服务器地址
ssl_certificate /etc/ssl/server-cert.pem; # 这个是Nginx 容器内部的地址,需要在安装时映射到上面创建证书的目录:/usr/local/docker_data/nginx/ssl/.
ssl_certificate_key /etc/ssl/server-key.pem; # 绝对路径,同上
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
chunked_transfer_encoding on;
set $upstream "nexus_docker_put";
# 当请求是GET,也就是拉取镜像的时候,这里改为拉取代理,如此便解决了拉取和推送的端口统一
if ( $request_method ~* 'GET') {
set $upstream "nexus_docker_get";
}
index index1.html index1.htm index1.php;
location / {
proxy_pass http://$upstream;
proxy_set_header Host $host;
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
proxy_set_header X-Real-IP $remote_addr;
proxy_buffering off;
proxy_request_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
}
}
server { # 用于从网页上访问nexus
listen 80;
listen 443 ssl;
server_name repo.llf.com; # 需要在访问端通过hosts配置repo.llf.com指向nagix所在的服务器地址
index index1.html index1.htm index1.php;
ssl_certificate /etc/ssl/server-cert.pem; # 这个是Nginx 容器内部的地址,需要在安装时映射到上面创建证书的目录:/usr/local/docker_data/nginx/ssl/.
ssl_certificate_key /etc/ssl/server-key.pem; # 绝对路径,同上
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
location / {
proxy_pass http://nexus_web;
proxy_set_header Host $host;
client_max_body_size 512m;
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
proxy_buffering off;
proxy_request_buffering off;
}
}
# 引入扩展配置(可以细分服务nginx)
# include /etc/nginx/conf.d/*.conf;
}
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687
#nginx的compose.yml
version: '3'
services:
nginx:
hostname: nginx
environment:
TZ: Asia/Shanghai
restart: always
logging:
driver: "json-file"
options:
max-size: "500m"
container_name: nginx127
image: nginx:1.27
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro # 设置容器时区与宿主机保持一致
- /usr/local/docker_data/nginx/conf/nginx.conf:/etc/nginx/nginx.conf
- /usr/local/docker_data/nginx/logs:/var/log/nginx
- /usr/local/docker_data/nginx/ssl:/etc/ssl/ # 证书保存目录的映射
- /usr/local/docker_data/nginx/html:/usr/share/nginx/html
1234567891011121314151617181920212223
注意,还是在Nginx所在的服务器上还需要将/usr/local/docker_data/nginx/ssl/ca.pem 复制到/etc/docker/certs.d/hub.docker.llf.com目录中(hub.docker.llf.com目录必须与上面配置的域名保持一致)
c. 客户端配置
# 配置hosts文件:vim /etc/hosts
192.168.4.133 basesys.llf.com #Nginx 安装的服务器
192.168.4.133 hub.docker.llf.com #Nginx 安装的服务器
192.168.4.133 repo.llf.com #Nginx 安装的服务器
1234
#/etc/docker/daemon.json
{
"registry-mirrors": [
"https://hub.docker.llf.com"
],
"insecure-registries": ["hub.docker.llf.com"]
}
1234567
# 登录docker私服
login hub.docker.llf.com -u admin -p xxxx #xxxx替换为nexus网页上登录时admin账号对应的密码
# 登录成功后即可 拉取或上传docker容器镜像(拉取应该是不需要登录的),如
docker pull mysql
# 执行成功后在nexus的仓库中应该就可以看到mysql的镜像了。
12345
© 版权声明
文章版权归作者所有,未经允许请勿转载。
相关文章
暂无评论...