Nexus3部署私有源-企业版
1.匿名拉取镜像 docker pull 这一点很重要所以写在开头
2.容器化部署nexus3
docker run -itd -p 8081:8081 -p 8082:8082 -p 8083:8083 -p 8084:8084 --name nexus --privileged=true -v /home/ubuntu/local-repo:/nexus-data sonatype/nexus3:3.19.1
3.创建docker仓库
创建存储目录
创建docker仓库
仓库配置
4.创建用户用于push 镜像
5.为repo仓库添加SSL证书
# ip地址可以换成内网ip
upstream nexus_docker_get {
server 127.0.0.1:8082;
}
#upstream nexus_docker_put {
# server 127.0.0.1:8083;
#}
server {
listen 80;
listen 443 ssl;
listen [::]:443 ;
server_name docker-hub.xxx.tech;
ssl_certificate /etc/ssl/xxx.tech_bundle.crt;
ssl_certificate_key /etc/ssl/xxx.tech.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
chunked_transfer_encoding on;
access_log /var/log/nginx/access-docker-hub.log;
error_log /var/log/nginx/error-docker-hub.log;
# 设置默认使用推送代理
#set $upstream "nexus_docker_put";
# 当请求是GET,也就是拉取镜像的时候,这里改为拉取代理,如此便解决了拉取和推送的端口统一
#if ( $request_method ~* 'GET') {
# set $upstream "nexus_docker_get";
#}
# 只有本地仓库才支持搜索,所以将搜索请求转发到本地仓库,否则出现500报错
index index.html index.htm index.php;
#if ($request_method != 'GET') {
# set $upstream "nexus_docker_put";
#}
location / {
proxy_pass http://127.0.0.1:8082;
proxy_set_header Host $host;
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
proxy_set_header X-Real-IP $remote_addr;
proxy_buffering off;
proxy_request_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "http";
}
}
server {
listen 80;
listen 443 ssl;
listen [::]:443 ;
server_name registry.xxx.tech;
access_log /var/log/nginx/registry.xxx.log;
# 证书
ssl_certificate /etc/ssl/xxx.tech_bundle.crt;
ssl_certificate_key /etc/ssl/xxx.tech.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
chunked_transfer_encoding on;
index index.html index.htm index.php;
location / {
proxy_pass http://127.0.0.1:8081;
proxy_set_header Host $host;
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
proxy_set_header X-Real-IP $remote_addr;
proxy_buffering off;
proxy_request_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Proto "https";
access_log /var/log/nginx/access-registry.log;
error_log /var/log/nginx/error-registry.log debug;
}
}
6.登陆repo
#docker login -u zj -p 12345676 docker-hub.xxx.tech
#docker tag (images ID) 345gfeeo9n docker-hub.xxx.tech/nginx:latest 修改tag
#docker push docker-hub.xxx.tech/nginx:latest 推送镜像到docker repo 里面
7.Docker pull 匿名拉取
随便在什么机器上
#docker pull docker-hub.xxx.tech/nginx:latest 匿名拉取repo中的镜像。