:::info 视频演示 https://www.bilibili.com/video/BV1gv411w7SU/ :::
准备工作
申请域名 SSL
本地域名解析
windows C:\Windows\System32\drivers\etc\hosts linux /etc/hosts
创建数据路径并设置权限
mkdir -p $PWD/nexus3/data && chmod 777 $PWD/nexus3/data && cd $PWD/nexus3
部署
docker-compose.yml
version: "3.7"
services:
nexus3:
image: sonatype/nexus3:3.33.1
container_name: nexus3
restart: always
privileged: true
environment:
- TZ=Asia/Shanghai
volumes:
- $PWD/data:/nexus-data
nginx:
image: nginx:1.21.1-alpine
container_name: nginx
restart: always
environment:
- TZ=Asia/Shanghai
ports:
- "80:80"
- "443:443"
volumes:
- $PWD/nginx.conf:/etc/nginx/nginx.conf:ro # nginx配置
- $PWD/certs:/certs # SSL证书
- $PWD/log:/var/log/nginx
depends_on:
- nexus3
logging:
driver: "json-file"
options:
max-size: "5g" # 限制日志大小
nginx.conf
worker_processes 4;
worker_rlimit_nofile 40000;
events {
worker_connections 8192;
}
http {
upstream nexus3_http {
server nexus3:8081;
}
server {
listen 80;
server_name hub.haifengat.com; # 域名替换
location / {
proxy_pass http://nexus3_http;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
upstream nexus3_ssl {
server nexus3:8082;
}
server {
listen 443 ssl;
server_name hub.haifengat.com; # 域名替换
# SSL
ssl_certificate /certs/20220824_hub.haifengat.com.pem;
ssl_certificate_key /certs/20220824_hub.haifengat.com.key;
client_max_body_size 5000m; # 上传大文件
location / {
proxy_pass http://nexus3_ssl;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
}
运行
docker-compose up -d
文件列表
配置 nexus3
登录
配置
- 修改admin密码为Harbor12345
- 允许匿名读取数据
- 创建 docker(hosted) 仓库
- 设置http 8082端口
- Allow anonymous docker pull (不要勾选)
daemon.json
# 增加信任
"insecure-registries": ["https://hub.haifengat.com"]
QA
502 Bad Gateway
配置 nexus3 时使用 http 而非 https
no basic auth credentials
需要先 docker login 登录
401 Unauthorized
docker login -u admin -p Harbor12345 hub.haifengat.com 登录时报错
不允许匿名
404 response body: invalid character ‘<’ …
解决
docker login -u admin -p Harbor12345 hub.haifengat.com