Skip to content

Sonatype Nexus

Having an artifact repository is impartive for version control of artifacts and is companion for CI/CD pipelines

Pulling Docker Image

Hosting your own artifact repository is quite simply with Sonatype Nexus Repository. We can pull the docker image using this docker-compose.yml.

version: "3"
services:
  nexus:
    image: sonatype/nexus3
    restart: always
    volumes:
      - /mnt/md0/apps/nexus/nexus-data:/nexus-data
    ports:
      - "<desired-port-1>:8081"
      - "<desired-port-2>:8085"
volumes:
  nexus-data: {}

Inside of the parent folder of the docker-compose.yml, spin up the docker image.

docker compose up -d

When the application is up and running you'll need to grab the default admin password inside the docker container at /nexus-data/admin.password. I just accessed it using docker desktop. You can then sign in as the admin by navigating to localhost:<desired-port-1>

Nginx Block

Let's enable a domain in our nginx config.

Navigate to the sites-available.

cd /etc/nginx/sites-available

Create our block.

sudo nano nexus.<my-domain>.com

Paste the following configuration

server {
    listen 80;
    listen [::]:80;

    # replace with your domain or subdomain
    server_name nexus.<my-domain>.com

    location / {
        proxy_pass http://localhost:<desired-port-1>;
        proxy_set_header Host              $http_host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port  $server_port;

    }
}

Replace 'my-domain'

Just remember to replace with the actual domain you want routed to Nexus.

Save this file.

Enable the site.

sudo ln -s /etc/nginx/sites-available/nexus.mydomain.com /etc/nginx/sites-enabled/

Let's just test our nginx config real quick to make sure there were no syntax issues.

sudo nginx -t

Configure DNS Routing

Before we set up certbot, we need to configure routing for the domain or subdomain that we want to route to our home server.

For AWS users, simply go to Hosted Zones, choose the domain that you want to create a record for, and hit Create Record. In our example here, were are using a subdomain nexus. The record will be a CNAME, which allows use to forward traffic to the DDNS we created with No-IP. Hit save. Now we have a CNAME routing for nexus.mydomain.com which will forward traffic to our DDNS aka our home server.

Configure SSL (HTTPS)

Let's install our SSL certificates so that we make sure our site always uses HTTPS.

sudo certbot --nginx -d nexus.mydomain.com

We should get a Congratulations! message from certbot.

Let's test our configuration once again.

sudo nginx -t

And now restart the nginx service.

sudo systemctl restart nginx

First Sign in as Admin

When you sign in the first time, the username will be "admin", and you will need to find the initial password at the following location: /nexus-data/admin.password.

Creating a Docker Repository

Nexus Create Repo

Because we're running nexus behind our nginx proxy, we only need to use the HTTP connector because we'll already be sending requests to the server with SSL.

This is where the second port will come in handy that we opened in our docker-compose.yml file, 8085. We're going to use that for our Docker api access which runs on a different port than the Nexus web application.

Nexus Create Repo

For simplicity to connecting to the Docker api to push and pull images, I find it cleaner to create a separate sub-domain, i.e. docker.mydomain.com. Configure DNS routing just like you did previously.

server {
    listen 80;
    listen [::]:80;

    # replace with your domain or subdomain
    server_name docker.<my-domain>.com

    location / {
        proxy_pass http://localhost:<desired-port-2>;
        proxy_set_header Host              $http_host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port  $server_port;

    }
}

Make sure to install your SSL certs with certbot for the docker subdomain.

sudo certbot --nginx -d docker.mydomain.com

You will now be able to use docker on your PC to push images to your own private Docker Hub repo.

Login:

docker login docker.mydomain.com

Enter username and password for Nexus.

You should see Login Succeeded.

You can now build and push your docker image

docker build -t docker.mydomain.com/repo-name/app-name:latest .
docker push docker.mydomain.com/repo-name/app-name:latest

You should now see your docker app in the docker repository you created.

Nexus Docker Browse

Comments