This article is published under a SIGNATURE 4.0 International (CC BY 4.0) license. Signature 4.0 International (CC BY 4.0)

Author: Su Yang

Creation time: March 08, 2020 statistical word count: 4927 words reading time: 10 minutes to read this article links: soulteary.com/2020/03/08/…

Use Docker to build a private software repository Nexus 3

A year ago, I wrote an article called “Migration of Nexus Software Warehouse”, in which I mentioned some common problems. Recently, I was upgrading related basic technology facilities, and I thought I should record my experience for the benefit of students and teams with relevant needs.

This Sonatype Nexus Repository Manager, updated every two weeks since its release in 3.x 15 years ago, is very reliable. Currently, official data show that more than 100,000 individuals/teams worldwide are using this enterprise-level software.

This article will talk about how to build a stable and efficient software warehouse based on Docker and Traefik V2. After all, in the past two years, this warehouse hardly needs extra care and silently provides reliable high-performance private services for myself and my team.

Writing in the front

When we think of technology-related “repositories,” we usually think of code repositories, such as GitLab, Gitea, and Gogs, as mentioned in previous articles.

However, these repositories are typically used only to store raw programs that have not yet been compiled, and the management of compiled artifacts is generally unprocessed, and even if such capabilities exist, they are relatively weak, such as the current GitLab.

Coupled with the high frequency continuous integration production practices that are prevalent in current r&d, software warehouses often carry additional responsibilities in addition to being the final “delivery storage pool” :

  • Provide “secure and reliable official software source image”
  • Provides Software Package Security Scan
  • Provide a Centralized Software Package Audit Platform
  • .

Similar advanced requirements have led to fierce competition for software repositories, like the Harbor and Portus you’ve probably heard of in addition to the Nexus.

Nexus is officially billed as a software repository that supports common formats and is not format sensitive.

That is, you can use it to host Linux software sources like Ubuntu, you can use it as an NPM repository, you can also use it to provide Maven, Docker, Go, Python, Ruby… Mirror images for every language and software you can think of.

That’s enough introduction, let’s get to the setup.

Basic building

To make the application domain name and SSL certificate easier to mount to the server and facilitate subsequent management. The Traefik 2.x version is still used as an application gateway, and you can read about it briefly in previous articles, such as this and this.

Here we start a domain name nexus.lab. IO, and support HTTP automatic jump HTTPS omni-repository, the process encountered an error, will automatically try to restart.

The container choreography configuration to meet the above requirements is very simple, requiring less than fifty lines of code.

version: "3.6"Services: Nexus3: container_name: nexus.lab. IO image: sonatype/ Nexus3 :3.21.1 environment: - INSTALL4J_ADD_VM_PARAMS=-Xms2g -Xmx2g -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=/nexus-data/javaprefs -Duser.timezone=Asia/Shanghai restart: always expose: - 8081 volumes: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - /var/run/docker.sock:/var/run/docker.sock - ./nexus-data:/nexus-data networks: - traefik labels: -"traefik.enable=true"
      - "traefik.docker.network=traefik"
      - "traefik.http.middlewares.nexus-bechind-proxy.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.nexus-web.middlewares=https-redirect@file"
      - "traefik.http.routers.nexus-web.entrypoints=http"
      - "traefik.http.routers.nexus-web.rule=Host(`nexus.lab.io`)"
      - "traefik.http.routers.nexus-web.service=nexus-backend"
      - "traefik.http.routers.nexus-ssl.middlewares=content-compress@file,nexus-bechind-proxy"
      - "traefik.http.routers.nexus-ssl.entrypoints=https"
      - "traefik.http.routers.nexus-ssl.tls=true"
      - "traefik.http.routers.nexus-ssl.rule=Host(`nexus.lab.io`)"
      - "traefik.http.routers.nexus-ssl.service=nexus-backend"
      - "traefik.http.services.nexus-backend.loadbalancer.server.scheme=http"
      - "traefik.http.services.nexus-backend.loadbalancer.server.port=8081"
    healthcheck:
      test: ["CMD-SHELL"."curl -f localhost:8081 || exit 1"]
    logging:
        driver: "json-file"
        options:
          max-size: "10m"

networks:
  traefik:
    external: true
Copy the code

Save the above content as docker-compose. Yml and start the application with the familiar docker-compose up -d.

At this point, you can use docker-compose logs -f to see if there are any errors in the application initialization process and wait for the insanely flooded logs to stop.

nexus.lab.io | ------------------------------------------------- nexus.lab.io | nexus.lab.io | Started Sonatype Nexus OSS 3.21.1-01 nexus. Lab. IO | nexus. Lab. IO | -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -Copy the code

Whether you see a log message like the one above, or you use docker PS to see the healthy container process status below, the Nexus is up and running.

A9b4ac5142e0 sonatype/nexus3:3.21.1"Sh - c ${SONATYPE_DI..."   2 hours ago         Up 2 hours (healthy)      8081/tcp, 9100-9101/tcp                    nexus.lab.io
Copy the code

Open up our previously configured domain name: nexu.lab. IO in your browser and you’ll see a clean new nexus interface.

As recently as last year, the default logins and passwords on the Nexus were admin and Admin123. But officials now apparently realise that this was the wrong strategy.

In this year’s new version, the default initialized instance is admin, but the password has been changed to a randomly generated string that can only be seen by those with application installation permission: /nexus-data/admin.password.

Because we started the Nexus using the container and mounted the Nexus data file to the local disk, there are two ways to read the file at this point.

Execute in the directory where the application was started
cat nexus-data/admin.password
Or use the Docker CLI directly to execute container commands
docker exec -it nexus.lab.io cat /nexus-data/admin.password
Copy the code

After entering the correct initial account and password, the new software will humanize us to set a new password and whether anonymous users are allowed to use it.

If it is used by individuals or teams on the Intranet, select Allow anonymous access.

Before we talk about some advanced uses, we need to understand some basic uses.

Based on using

After logging in correctly and doing the first initialization, we can see a gear button in the top status bar.

Click on the “Repository” button to enter the management background. By default, it will stay in the “Repository” menu. In the left sidebar, select the secondary menu “Repositories”, you can see that many common software Repository support has been added by default.

There may not be a code repository you want to use right now, but let’s start by understanding the basics of how it provides software repository services, since all repositories are similar.

Click maven-group to see how the Maven repository works:

  • From the firstmaven-releaseGet the package, if you can’t find it, move on to the next category of project, which is the repository we use to distribute software by default.
  • Then from themaven-snapshotsGet the package, if not, move on to the next category of project, which is the repository we use to release debug packages.
  • Finally from themaven-centralIf the software package cannot be Found, the system declares 404 Not Found. (Default source:https://repo1.maven.org/maven2/)

You can of course choose to add more repository types from more sources, such as “Ali/Tencent mirror”, “company production environment”, “Company test environment”, etc., and adjust the response order of Nexus to change your experience and expected results when installing packages.

I don’t need to teach you how to configure the Maven repository. The foundation for the Nexus is now complete.

The last

Considering the length of this article, I will stop here.

Next, I’ll show you how to set up a Docker repository, an NPM repository, and some setup details using the Nexus.

–EOF

I now have a small toss group, which gathered some like to toss small partners.

In the case of no advertisement, we will talk about software, HomeLab and some programming problems together, and also share some technical salon information in the group from time to time.

Like to toss small partners welcome to scan code to add friends. (Please specify source and purpose, otherwise it will not be approved)

All this stuff about getting into groups