使用Docker在NGINX反向代理后面安装Nexus Repository Manager

什么是Nexus？ (What is Nexus?)

Nexus is a software component management system developed by sonatype. It allows to manage different repositories to store builds, binaries, and other artifacts. It has a wide support of the most popular build tools like maven, npm, helm, docker, apt and many others. It also supports different IDEs and configuration management tools.

Nexus是由sonatype开发的软件组件管理系统。 它允许管理不同的存储库以存储构建，二进制文件和其他工件。 它广泛支持最流行的构建工具，例如maven，npm，helm，docker，apt和许多其他工具。 它还支持不同的IDE和配置管理工具。

TL;DR This post is a step-by-step tutorial on how to install Nexus Repository Manager OSS (the free version) and how to secure it with HTTPs using NGINX reverse proxy. Finally, it shows how to create and host a private docker registry in Nexus and the extra step that should be taken during the installation.

TL; DR这篇文章是有关如何安装Nexus Repository Manager OSS(免费版本)以及如何使用NGINX反向代理使用HTTPs进行保护的分步指南。 最后，它显示了如何在Nexus中创建和托管私有Docker注册表以及安装过程中应采取的额外步骤。

安装Nexus (Install Nexus)

Nexus installation can be cumbersome, but with docker it is fairly easy. The only thing to take into consideration is how you want to achieve persistent storage. The Persistent Data section of Nexus3 docker hub image page explains the two possible options in a clear manner:

Nexus的安装可能很麻烦，但是使用docker相当简单。 唯一要考虑的是如何实现持久存储。 Nexus3 docker hub图像页面的Persistent Data部分以清晰的方式说明了两个可能的选项：

1. Use Docker Volume

   使用Docker卷

2. Mount a host directory as a volume
   将主机目录挂载为卷

I opted for option 2 because it can be easier to move data around hosts.

我选择了选项2，因为它可以更轻松地在主机之间移动数据。

#create the directory for storing nexus data
$ mkdir /some/dir/nexus-data && chown -R 200 /some/dir/nexus-data#start the container and mount the directory
#this will download the image if it doesn't already exist
$ docker run -d -p 8081:8081 --name nexus -v /some/dir/nexus-data:/nexus-data sonatype/nexus3

If you are to open your web browser and point it to the Nexus IP address on port 8081 you will see the Home page, but the communication between your browser and Nexus happens over HTTP. If it is enough for you, then congratulations you are done! But, if you need a secure communication with the Nexus server, the rest of this post is about configuring HTTPs access.

如果要打开Web浏览器并将其指向端口8081上的Nexus IP地址，则会看到“主页”，但是浏览器与Nexus之间的通信是通过HTTP进行的。 如果这对您来说足够，那么恭喜您完成！ 但是，如果您需要与Nexus服务器进行安全通信，则本文的其余部分都是关于配置HTTPs访问的。

使用TLS保护Nexus (Secure Nexus with TLS)

Nexus’ documentation says that secure communication with SSL/TLS can be inbound or outbound.

Nexus的文档说，与SSL / TLS的安全通信可以是入站或出站。

Outbound client communication may include integration with:

出站客户端通信可能包括与以下方面的集成：

• a remote proxy repository over HTTPS
  通过HTTPS的远程代理存储库
• SSL/TLS secured servers e.g. SMTP
  受SSL / TLS保护的服务器，例如SMTP
• LDAP servers configured to use LDAPS
  LDAP服务器配置为使用LDAPS

Inbound client communication includes:

入站客户端通信包括：

• web browser HTTPS access to the user interface
  Web浏览器对用户界面的HTTPS访问
• tool access to repository content
  工具访问存储库内容
• and manual or scripted usage of the REST APIs
  以及REST API的手动或脚本用法

To se