├── README.md
├── docker-compose.yml
├── nexus-repository
    └── create-docker-proxy.json
├── nexus.sh
└── nginx
    ├── Dockerfile
    └── nginx.conf


/README.md:
--------------------------------------------------------------------------------
 1 | # Nexus Repository Manager with Docker Support
 2 | 
 3 | This is a template for deploying Nexus Repository Manager behind an NGINX reverse proxy.
 4 | 
 5 | ## Features
 6 | 
 7 | - Web UI accessible via https://localhost
 8 | - Docker Hub proxy registry accessible via https://localhost:5000
 9 | 
10 | ## Operations
11 | 
12 | To create and run the Nginx proxy, Nexus Repository Manager and DockerHub proxy, run:
13 | 
14 | ```
15 | ./nexus.sh
16 | ```
17 | 
18 | Subsequent runs can use docker-compose:
19 | 
20 | ```
21 | docker-compose up -d
22 | ```
23 | 
24 | To stop, use docker-compose:
25 | 
26 | ```
27 | docker-compose down
28 | ```
29 | 
30 | ## SSL Certificates
31 | 
32 | The Ngnix docker image build process generates insecure SSL certificates with fake location information and CNAME of localhost. Understand the risks of using these SSL certificates before proceeding. A deployed solution should use a valid CA certificate.


--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017-present Sonatype, Inc.
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | version: '3'
16 | 
17 | services:
18 |   nginx-proxy:
19 |     build: ./nginx
20 |     ports:
21 |       - '443:443'
22 |       - '5000:5000'
23 |     links:
24 |       - nexus-repository
25 |     command: [ nginx, '-g', 'daemon off;' ]
26 | 
27 |   nexus-repository:
28 |     image: sonatype/nexus3
29 |     volumes:
30 |       - 'nexus-data:/nexus-data'
31 | 
32 | volumes:
33 |   nexus-data:


--------------------------------------------------------------------------------
/nexus-repository/create-docker-proxy.json:
--------------------------------------------------------------------------------
1 | {
2 |   "name": "CreateDockerProxy",
3 |   "type": "groovy",
4 |   "content": "repository.createDockerProxy('docker-proxy', 'https://registry-1.docker.io', 'HUB', null, 5000, null)"
5 | }


--------------------------------------------------------------------------------
/nexus.sh:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017-present Sonatype, Inc.
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | docker-compose up -d --build
16 | 
17 | until curl --fail --insecure https://localhost; do 
18 |   sleep 1
19 | done
20 | 
21 | curl -v -u admin:admin123 --insecure --header 'Content-Type: application/json' 'https://localhost/service/rest/v1/script' -d @nexus-repository/create-docker-proxy.json
22 | curl -v -X POST -u admin:admin123 --insecure --header 'Content-Type: text/plain' 'https://localhost/service/rest/v1/script/CreateDockerProxy/run'
23 | 


--------------------------------------------------------------------------------
/nginx/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017-present Sonatype, Inc.
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | FROM nginx
16 | 
17 | RUN apt-get update; apt-get install -y \
18 |     openssl
19 | 
20 | RUN mkdir -p /etc/nginx/external; \
21 |     openssl req -x509 -newkey rsa:4096 \
22 |     -subj "/C=XX/ST=XXXX/L=XXXX/O=XXXX/CN=localhost" \
23 |     -keyout "/etc/nginx/external/key.pem" \
24 |     -out "/etc/nginx/external/cert.pem" \
25 |     -days 365 -nodes -sha256
26 | 
27 | COPY nginx.conf /etc/nginx/nginx.conf
28 | 


--------------------------------------------------------------------------------
/nginx/nginx.conf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2017-present Sonatype, Inc.
 2 | #
 3 | # Licensed under the Apache License, Version 2.0 (the "License");
 4 | # you may not use this file except in compliance with the License.
 5 | # You may obtain a copy of the License at
 6 | #
 7 | #      http://www.apache.org/licenses/LICENSE-2.0
 8 | #
 9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | 
15 | events {
16 | }
17 | 
18 | http {
19 |   proxy_send_timeout        120;
20 |   proxy_read_timeout        300;
21 |   proxy_buffering           off;
22 |   keepalive_timeout         5 5;
23 |   tcp_nodelay               on;
24 | 
25 |   ssl                       on;
26 |   ssl_certificate           /etc/nginx/external/cert.pem;
27 |   ssl_certificate_key       /etc/nginx/external/key.pem;
28 | 
29 |   client_max_body_size      1G;
30 | 
31 |   server {
32 |     listen                  *:443;
33 | 
34 |     location / {
35 |       proxy_pass            http://nexus-repository:8081/;
36 |       proxy_redirect        off;
37 |       proxy_set_header      Host $host;
38 |       proxy_set_header      X-Real-IP $remote_addr;
39 |       proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
40 |       proxy_set_header      X-Forwarded-Host $server_name;
41 |       proxy_set_header      X-Forwarded-Proto $scheme;
42 |     }
43 |   }
44 | 
45 |   server {
46 |     listen                  *:5000;
47 | 
48 |     location / {
49 |       proxy_pass            http://nexus-repository:5000/;
50 |       proxy_redirect        off;
51 |       proxy_set_header      Host $host;
52 |       proxy_set_header      X-Real-IP $remote_addr;
53 |       proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
54 |       proxy_set_header      X-Forwarded-Host $server_name;
55 |       proxy_set_header      X-Forwarded-Proto $scheme;
56 |     }
57 |   }
58 | }


--------------------------------------------------------------------------------