Friday, April 27, 2018

Nexus 3.10 Docker hosted repository on HTTPS

https://support.sonatype.com/hc/en-us/articles/213465098-How-to-Configure-HTTPS-Protocols-Used-By-Nexus

https://support.sonatype.com/hc/en-us/articles/213465768-SSL-Certificate-Guide

https://hub.docker.com/r/bradbeck/nexus-https/


https://hub.docker.com/r/bradbeck/nexus-https/~/dockerfile/

FROM sonatype/nexus3 
MAINTAINER Brad Beck <bradley.beck+docker@gmail.com> 
ENV NEXUS_SSL=${NEXUS_HOME}/etc/ssl 
ENV PUBLIC_CERT=${NEXUS_SSL}/cacert.pem \ 
    PUBLIC_CERT_SUBJ=/CN=localhost \ 
    PRIVATE_KEY=${NEXUS_SSL}/cakey.pem \ 
    PRIVATE_KEY_PASSWORD=password ARG GOSU_VERSION=1.10 

USER root 
RUN yum -y update && yum install -y openssl libxml2 libxslt && yum clean all
RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
 && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-amd64" \
 && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-amd64.asc" \
 && gpg --verify /usr/local/bin/gosu.asc \
 && rm /usr/local/bin/gosu.asc \
 && rm -r /root/.gnupg/ \
 && chmod +x /usr/local/bin/gosu

RUN sed \
    -e '/^nexus-args/ s:$:,${jetty.etc}/jetty-https.xml:' \
    -e '/^application-port/a \
application-port-ssl=8443\
' \
    -i ${NEXUS_HOME}/etc/nexus-default.properties
COPY entrypoint.sh ${NEXUS_HOME}/entrypoint.sh
RUN chown nexus:nexus ${NEXUS_HOME}/entrypoint.sh && chmod a+x ${NEXUS_HOME}/entrypoint.sh
VOLUME [ "${NEXUS_SSL}" ]
EXPOSE 8443 WORKDIR ${NEXUS_HOME}
ENTRYPOINT [ "./entrypoint.sh" ]
CMD [ "bin/nexus", "run"]




[root@9118f1784d46 ssl]# more /opt/sonatype/nexus/entrypoint.sh
#!/usr/bin/env bash

set -x
set -eo pipefail

if [ "$1" == 'bin/nexus' ]; then
  if [ ! -f "$NEXUS_SSL/keystore.jks" ]; then
    mkdir -p $NEXUS_SSL
    if [ ! -f $PUBLIC_CERT ] && [ ! -f $PRIVATE_KEY ]; then
      openssl req -nodes -new -x509 -keyout $PRIVATE_KEY -out $PUBLIC_CERT -subj
 "${PUBLIC_CERT_SUBJ}"
    fi
    if [ ! -f $NEXUS_SSL/jetty.key ]; then
      openssl pkcs12 -export -in $PUBLIC_CERT -inkey $PRIVATE_KEY -out $NEXUS_SS
L/jetty.key -passout pass:$PRIVATE_KEY_PASSWORD
    fi
    $JAVA_HOME/bin/keytool -importkeystore -noprompt -deststorepass $PRIVATE_KEY
_PASSWORD -destkeypass $PRIVATE_KEY_PASSWORD -destkeystore $NEXUS_SSL/keystore.j
ks -srckeystore $NEXUS_SSL/jetty.key -srcstoretype PKCS12 -srcstorepass $PRIVATE
_KEY_PASSWORD
    sed -r '/<Set name="(KeyStore|KeyManager|TrustStore)Password">/ s:>.*$:>'$PR
IVATE_KEY_PASSWORD'</Set>:' -i $NEXUS_HOME/etc/jetty/jetty-https.xml
  fi

  mkdir -p "$NEXUS_DATA"
  chown -R nexus:nexus "$NEXUS_DATA"

  exec gosu nexus "$@"
fi

exec "$@"



create a Docker hosted repo on HTTPS port 8282

no need for insecure registry:

[centos@localhost ~]$ docker run -d -p 127.0.0.1:8081:8081 -p 127.0.0.1:8443:8443 -p 127.0.0.1:8482:8482 -v ~/nexus-data:/nexus-data -v ~/nexus-ssl:/opt/sonatype/nexus/etc/ssl --name nexus bradbeck/nexus-https
4b4e525ee28d5f10a26c4667065f15a7e9f308412bbcc6ebab18e2a030c042dd
[centos@localhost ~]$ netstat -an | grep 8482
tcp 0 0 127.0.0.1:8482 0.0.0.0:* LISTEN
[centos@localhost ~]$ docker login https://localhost:8482
Username: admin
Password:
Login Succeeded

this is the image https://hub.docker.com/r/bradbeck/nexus-https/~/dockerfile/




How to create the .cer, .key and jks files....

this will create a wildfly.keystore:
keytool -genkeypair -keystore wildfly.keystore -storepass mypassword -keypass mypassword -keyalg RSA -validity 180 -alias wildfly -dname "cn=packtpub,o=PackPub,c=GB"






Posted by vernetto at 4:09 PM
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)