nexus配置docker代理，maven push docker镜像到nexus

1.预先配置nexus docker仓库

1）hosted私库配置

2）proxy代理仓库配置

3）docker仓库组合

 

4）配置Realms

2：配置nexus https及docker

一键配置脚本

#!/bin/bash



#参数配置

NEXUS_HOME=/usr/local/nexus-3.16.1-02/

NEXUS_DOMAIN=192.168.101.202

NEXUS_IP_ADDRESS=192.168.101.202

PASSWD=Nexus123



#生成keystore

cd $NEXUS_HOME/etc/ssl/

keytool -genkeypair -keystore nexus.jks -storepass ${PASSWD} -keypass ${PASSWD} -alias nexus -keyalg RSA -keysize 2048 -validity 5000 -dname "CN=${NEXUS_DOMAIN}, OU=Nexus, O=Nexus, L=Beijing, ST=Beijing, C=CN" -ext "SAN=IP:${NEXUS_IP_ADDRESS}" -ext "BC=ca:true"

#生成ca证书

keytool -export -alias nexus -keystore nexus.jks -file nexus.cer -storepass ${PASSWD}



#修改nexus配置https

sed -i "s/^nexus-args=.*/nexus-args=\${jetty.etc}\/jetty.xml,\${jetty.etc}\/jetty-http.xml,\${jetty.etc}\/jetty-requestlog.xml,\${jetty.etc}\/jetty-https.xml,\${jetty.etc}\/jetty-http-redirect-to-https.xml/" $NEXUS_HOME/etc/nexus-default.properties

sed -i "s/.*\.jks<\/Set>$/\/nexus.jks<\/Set>/g" $NEXUS_HOME/etc/jetty/jetty-https.xml

sed -i "s/.*\.jks<\/Set>$/\/nexus.jks<\/Set>/g" $NEXUS_HOME/etc/jetty/jetty-https.xml

sed -i "s/.*<\/Set>$/$PASSWD<\/Set>/g" $NEXUS_HOME/etc/jetty/jetty-https.xml

sed -i "s/.*<\/Set>$/$PASSWD<\/Set>/g" $NEXUS_HOME/etc/jetty/jetty-https.xml

sed -i "s/.*<\/Set>$/$PASSWD<\/Set>/g" $NEXUS_HOME/etc/jetty/jetty-https.xml



#docker 配置

#由于是自签证书，docker不会信任，需要配置docker 服务器

#如果是nexus和docker安装在同一台机器

cp $NEXUS_HOME/etc/ssl/nexus.cer /etc/pki/ca-trust/source/anchors/

update-ca-trust extract

#如果nexus允许了匿名拉取镜像，但是又是自签证书，则docker拉取私有镜像会报x509: certificate signed by unknown authority错误，只需要执行上面两步，将自签证书放到docker所在服务器并信任，以及在nexus的Realms添加Docker Bearer Token Realm，即可匿名拉取

#如果不允许匿名拉取或者需要push镜像，则需要执行以下步骤

#vim /etc/docker/daemon.json

#添加insecure-registries

#nexus 配置的docker hosted仓库代理的https端口

NEXUS_DOCKER_HOSTED_HTTPS_PORT=2375

#nexus登录账号

NEXUS_USERNAME=admin

#nexus登录账号密码

NEXUS_PASSWORD=admin123

cat > /etc/docker/daemon.json << EOF

{

"registry-mirrors": ["https://registry.docker-cn.com"],

"insecure-registries": ["$NEXUS_DOMAIN:$NEXUS_DOCKER_HOSTED_HTTPS_PORT"],

"exec-opts": ["native.cgroupdriver=cgroupfs"],

"log-driver": "json-file",

"log-opts": {

"max-size": "100m"

},

"storage-driver": "overlay2",

"storage-opts": [

"overlay2.override_kernel_check=true"

]

}

EOF

#配置docker启动后自动登录nexus

insert_line=`sed -n -e '/ExecStartPost=/=' /usr/lib/systemd/system/docker.service`

if [ $? -eq 0 -a "$insert_line" != "" ]; then

sed -i "s/^ExecStartPost=.*/ExecStartPost=\/usr\/bin\/docker login -u $NEXUS_USERNAME -p $NEXUS_PASSWORD $NEXUS_DOMAIN:$NEXUS_DOCKER_HOSTED_HTTPS_PORT/g" /usr/lib/systemd/system/docker.service

else

insert_line=`sed -n -e '/ExecStart=/=' /usr/lib/systemd/system/docker.service`

sed -i "${insert_line}a ExecStartPost=/usr/bin/docker login -u $NEXUS_USERNAME -p $NEXUS_PASSWORD $NEXUS_DOMAIN:$NEXUS_DOCKER_HOSTED_HTTPS_PORT" /usr/lib/systemd/system/docker.service

fi

systemctl daemon-reload

systemctl restart docker

 

3：docker push、pull示例

1）先tag到nexus docker私库

2）docker push镜像到私库

3）docker pull私库镜像

4：maven 打包docker镜像到nexus

1）配置好docker服务代理

vim /usr/lib/systemd/system/docker.service

2）配置maven

properties：

nexus



http://192.168.200.125:2370



192.168.101.202:2375



1.0

plugin：

docker



false









com.spotify

docker-maven-plugin





build-image 

package 



build 







image-tag

package



tag 





${docker.image.prefix}/${project.build.finalName}:${docker.image.version} 

${docker.nexus.hosted.server}/${docker.image.prefix}/${project.build.finalName}:${docker.image.version} 







image-tag2

package



tag 





${docker.image.prefix}/${project.build.finalName}:latest 

${docker.nexus.hosted.server}/${docker.image.prefix}/${project.build.finalName}:latest 







package-push

package



push 





${docker.nexus.hosted.server}/${docker.image.prefix}/${project.build.finalName}:${docker.image.version} 

nexus







package-push2

package



push 





${docker.nexus.hosted.server}/${docker.image.prefix}/${project.build.finalName}:latest 

nexus











${docker.server.host}

true



latest

${docker.image.version}



${docker.image.prefix}/${project.build.finalName}

${project.basedir}/src/main/docker





/

${project.build.directory}

${project.build.finalName}.jar





/

${project.parent.basedir}/script

deployjar.sh

配置serverId标签用户密码，不然push不了nexus私服，在maven的setting.xml文件中

Dokcerfile:

FROM openjdk:8-jre-alpine

VOLUME /tmp

ADD server-registry-center.jar /root/server-registry-center.jar

ADD deployjar.sh /bin/deployjar

RUN touch /root/server-registry-center.log

RUN chmod +x /bin/deployjar

#暴露容器端口

EXPOSE 8761

ENTRYPOINT ["deployjar", "-f", "server-registry-center", "-d", "/root", "-s", "-nodaemon"]

deployjar 脚本：

https://blog.csdn.net/mygirle/article/details/86224990

另附kubernetes集群一键自动化部署脚本仓库

https://github.com/bruce-qin/kubernetes-auto-install-script