Nexus for Docker config

Docker

1、启动项目

github : git@github.com:shuang1990/nexus.git

work:nexus ys$ sh manager.sh run
Wed Dec  6 15:20:37 CST 2017: mkdir -p /opt/data/nexus
Wed Dec  6 15:20:37 CST 2017: chmod 777 /opt/data/nexus
Wed Dec  6 15:20:37 CST 2017: docker run -d --restart=always -p 11681:8081 -p 11682:8082 -p 11683:8083 -v /opt/data/nexus:/nexus-data -h nexus --name nexus sonatype/nexus3
[zhangshuang@jdy-pre-01 ~]$ docker ps | grep nexus
b469125566ef        sonatype/nexus3     "sh -c ${SONATYPE_..."   4 hours ago         Up 4 hours          0.0.0.0:11681->8081/tcp, 0.0.0.0:11682->8082/tcp, 0.0.0.0:11683->8083/tcp                 nexus

2、添加Blob Store

3、添加Repositories

• 3.1 添加docker hosted

• 3.2 添加docker proxy
  
  

• 3.3 添加docker group
  

4、添加Roles

5、添加Users

6、生成Auth Token

[zhangshuang@jdy-log-01 logstash]$ docker login https://docker-9dy.sunfund.com
Username (admin): admin
Password:
Login Succeeded
[zhangshuang@jdy-log-01 logstash]$ docker login https://docker-publish-9dy.sunfund.com
Username (admin): admin
Password:
Login Succeeded
[zhangshuang@jdy-log-01 logstash]$ cat ~/.docker/config.json
{
    "auths": {
        "docker-9dy.sunfund.com": {
            "auth": "YWRtaW46YWRtaW4xMjM="
        },
        "docker-publish-9dy.sunfund.com": {
            "auth": "YWRtaW46YWRtaW4xMjM="
        },
        "docker-publish.sunfund.com": {
            "auth": "ZG9ja2VyLXdyaXRlOmRvY2tlci13cml0ZQ=="
        },
        "docker.sunfund.com": {
            "auth": "ZG9ja2VyLXJlYWQ6ZG9ja2VyLXJlYWQ="
        }
    }
}

7、nginx配置匿名用户无密码访问

server {
    listen 80;
    server_name             docker-publish-9dy.sunfund.com;
    access_log  /var/log/nginx/docker-pub-9dy_access.log;
    error_log   /var/log/nginx/docker-pub-9dy_error.log;
    return 301 https://docker-publish-9dy.sunfund.com$request_uri;
}
server {
    listen 443;
    server_name             docker-publish-9dy.sunfund.com;
    access_log  /var/log/nginx/docker-pub-9dy_access.log;
    error_log   /var/log/nginx/docker-pub-9dy_error.log;
    # SSL
    ssl                  on;
    ssl_certificate           ssl-cert/letsencrypt/docker-publish-9dy.sunfund.com.cer;
    ssl_certificate_key       ssl-cert/letsencrypt/docker-publish-9dy.sunfund.com.key;
    # disable any limits to avoid HTTP 413 for large image uploads
    client_max_body_size 0;
    gzip on;
    gzip_types *;
    gzip_proxied any;
    location / {
        # 添加header Authorization
        proxy_set_header Authorization "Basic YWRtaW46YWRtaW4xMjM=";
        proxy_read_timeout  600;
        proxy_set_header  X-Forwarded-Proto $scheme;
        proxy_redirect http:// https://;
        proxy_set_header  Host              $host;
        proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_pass        http://127.0.0.1:11683;
    }
}
server {
    listen 80;
    server_name             docker-9dy.sunfund.com;
    access_log  /var/log/nginx/docker-9dy_access.log;
    error_log   /var/log/nginx/docker-9dy_error.log;
    return 301 https://docker-9dy.sunfund.com$request_uri;
}
server {
    listen 443;
    server_name             docker-9dy.sunfund.com;
    access_log  /var/log/nginx/docker-9dy_access.log;
    error_log   /var/log/nginx/docker-9dy_error.log;
    # SSL
    ssl                  on;
    ssl_certificate           ssl-cert/letsencrypt/docker-9dy.sunfund.com.cer;
    ssl_certificate_key       ssl-cert/letsencrypt/docker-9dy.sunfund.com.key;
    # disable any limits to avoid HTTP 413 for large image uploads
    client_max_body_size 0;
    gzip on;
    gzip_types *;
    gzip_proxied any;
    location / {
        # 添加header Authorization
        proxy_set_header Authorization "Basic YWRtaW46YWRtaW4xMjM=";
        proxy_read_timeout  600;
        proxy_set_header  X-Forwarded-Proto $scheme;
        proxy_redirect http:// https://;
        proxy_set_header  Host              $host;
        proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_pass        http://127.0.0.1:11682;
    }
}
server {
    listen 80;
    server_name             nexus-9dy.sunfund.com;
    access_log  /var/log/nginx/nexus_access.log;
    error_log   /var/log/nginx/nexus_error.log;
    return 301 https://nexus-9dy.sunfund.com$request_uri;
}
server {
    listen 443;
    server_name             nexus-9dy.sunfund.com;
    access_log  /var/log/nginx/nexus_9dy_access.log;
    error_log   /var/log/nginx/nexus_9dy_error.log;
    # SSL
    ssl                       on;
    ssl_certificate           ssl-cert/letsencrypt/nexus-9dy.sunfund.com.cer;
    ssl_certificate_key       ssl-cert/letsencrypt/nexus-9dy.sunfund.com.key;
    # disable any limits to avoid HTTP 413 for large image uploads
    client_max_body_size 0;
    gzip on;
    gzip_types *;
    gzip_proxied any;
    location / {
        proxy_read_timeout  600;
        proxy_set_header  X-Forwarded-Proto $scheme;
        proxy_redirect    http:// https://;
        proxy_set_header  Host              $host;
        proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_pass        http://127.0.0.1:11681;
    }
}