nexus 3.5.0 and HTTPS

Bernhard Grünewaldt · Bernhard Grünewaldt · commit 6c7b0d07d8f1 · 2017-08-14T19:49:29.000+02:00
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
-FROM codeclou/docker-oracle-jdk:8u131
+FROM codeclou/docker-oracle-jdk:8u141
 
-ENV NEXUS_OSS_VERSION 3.3.0-01
-ENV NEXUS_OSS_MD5SUM  54cf2d9da3cdeb6ab7dc54f0008bf9a7
+ENV NEXUS_OSS_VERSION 3.5.0-02
+ENV NEXUS_OSS_MD5SUM  12e92c23a17366c6a9838a4033d0e9e0
 
 RUN addgroup -g 10777 worker && \
     adduser -h /work -H -D -G worker -u 10777 worker && \
@@ -35,18 +35,20 @@ RUN addgroup -g 10777 worker && \
 COPY docker-entrypoint.sh /work-private/docker-entrypoint.sh
 RUN chmod u+rx,g+rx,o+rx,a-w /work-private/docker-entrypoint.sh && \
     chown -R worker:worker /work-private/
-    
+
 #
 # WORKDIR
 #
 WORKDIR /work
-EXPOSE 8333
+EXPOSE 8443
 
 #
 # RUN
 #
 USER worker
 ENV NEXUS_OSS_BASE /nexus-home
+ENV NEXUS_DOMAIN localhost
+ENV NEXUS_IP_ADDRESS 127.0.0.1
 VOLUME ["/work"]
 VOLUME ["/nexus-home"]
 ENTRYPOINT ["/work-private/docker-entrypoint.sh"]
diff --git a/README.md b/README.md
@@ -27,7 +27,7 @@ Add the alias on your Docker-Host machine. Or configure a valid hostname in your
 
 ```bash
 sudo su
-echo "127.0.0.1  nexus-oss" >> /etc/hosts
+echo "127.0.0.1  nexus.home.codeclou.io" >> /etc/hosts
 ```
 
 **(2) Prepare the shared volume directory**
@@ -49,20 +49,38 @@ chown 10777:10777 /opt/nexus-oss-home
 ```bash
 docker create \
     --name nexus \
-    -p 8333:8333 \
+    -p 8443:8443 \
     -v /opt/nexus-oss-home:/nexus-home \
-    codeclou/docker-sonatype-nexus-repository-oss:3.3.0-01
+    -e NEXUS_DOMAIN="nexus.home.codeclou.io" \
+    -e NEXUS_IP_ADDRESS="192.168.178.66" \
+    codeclou/docker-sonatype-nexus-repository-oss:3.5.0-02
 
 docker start nexus
 ```
 
- 
- 
+Now it will print out the created self signed certificate which you will have to trust on all clients.
+
+```
+DOCKER ENTRYPOINT >> =================================
+DOCKER ENTRYPOINT >>
+DOCKER ENTRYPOINT >> PLEASE TRUST THIS CERTIFICATE WHERE DOCKER RUNS AND ON CLIENT MACHINES
+
+-----BEGIN CERTIFICATE-----
+MIID3DCCAsSgAwIBAgIEUMxHVjANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMC
+...
+DlK8j8uOTohm/VxF3yd0CEWBOATh2iOHB2xL5LDphrQ=
+-----END CERTIFICATE-----
+
+DOCKER ENTRYPOINT >>
+DOCKER ENTRYPOINT >> =================================
+DOCKER ENTRYPOINT >> you have 20sec to copy the cert and then nexus will start
+```
+
 &nbsp;
 
 **(2) Start Post Configuration**
 
-Now go to **[http://localhost:8333/](http://localhost:8333/)** and log in as `admin` with password `admin123`.
+Now go to **[https://nexus.home.codeclou.io:8443/](https://nexus.home.codeclou.io:8443/)** and log in as `admin` with password `admin123`.
 
 Configure the Instance to your liking.
 
@@ -88,7 +106,7 @@ Configure the Instance to your liking.
    * Ubuntu and Canonical are registered [trademarks of Canonical Ltd.](https://www.ubuntu.com/legal/short-terms)
  * **Apple**
    * macOS®, Mac and OS X are [trademarks of Apple Inc.](http://www.apple.com/legal/intellectual-property/trademark/appletmlist.html), registered in the U.S. and other countries.
-   
+
 -----
 
 &nbsp;
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -11,9 +11,42 @@ umask u+rxw,g+rwx,o-rwx
 sed -i 's@-Dkaraf.data=../sonatype-work/nexus3@-Dkaraf.data=/nexus-home@g' /nexus/nexus-latest/bin/nexus.vmoptions
 sed -i 's@-Djava.io.tmpdir=../sonatype-work/nexus3/tmp@-Djava.io.tmpdir=/nexus-home/tmp@g' /nexus/nexus-latest/bin/nexus.vmoptions
 sed -i 's@-XX:LogFile=../sonatype-work/nexus3/log/jvm.log@-XX:LogFile=/nexus-home/log/jvm.log@g' /nexus/nexus-latest/bin/nexus.vmoptions
-# see: http://books.sonatype.com/nexus-book/reference3/install.html#config-http-port
-sed -i 's@application-port=8081@application-port=8333@g' /nexus/nexus-latest/etc/nexus-default.properties
+sed -i 's@jetty-http.xml,@jetty-http.xml,${jetty.etc}/jetty-https.xml,@g' /nexus/nexus-latest/etc/nexus-default.properties
 
+echo "" >> /nexus/nexus-latest/etc/nexus-default.properties
+echo "application-port-ssl=8443" >> /nexus/nexus-latest/etc/nexus-default.properties
+# We use default password 'password' for keystrore, so we do not have to patch
+# /nexus/nexus-latest/etc/jetty/jetty-https.xml
+
+#
+# SSL (see doc: https://support.sonatype.com/hc/en-us/articles/217542177-Using-Self-Signed-Certificates-with-Nexus-Repository-Manager-and-Docker-Daemon)
+#
+keytool -genkeypair -keystore keystore.jks \
+        -storepass password \
+        -keypass password \
+        -alias jetty \
+        -keyalg RSA \
+        -keysize 2048 \
+        -validity 5000 \
+        -dname "CN=${NEXUS_DOMAIN}, OU=Example, O=Sonatype, L=Unspecified, ST=Unspecified, C=US" \
+        -ext "SAN=DNS:${NEXUS_DOMAIN},IP:${NEXUS_IP_ADDRESS}" \
+        -ext "BC=ca:true"
+mv keystore.jks /nexus/nexus-latest/etc/ssl/
+
+echo "DOCKER ENTRYPOINT >> ================================="
+echo "DOCKER ENTRYPOINT >> "
+echo "DOCKER ENTRYPOINT >> PLEASE TRUST THIS CERTIFICATE WHERE DOCKER RUNS AND ON CLIENT MACHINES"
+keytool -list -rfc -keystore /nexus/nexus-latest/etc/ssl/keystore.jks  -storepass password
+echo "DOCKER ENTRYPOINT >> "
+echo "DOCKER ENTRYPOINT >> ================================="
+echo "DOCKER ENTRYPOINT >> you have 20sec to copy the cert and then nexus will start"
+sleep 20
+
+
+
+#
+# DIR CHECKS
+#
 if [ ! -d /nexus-home/etc ];  then mkdir /nexus-home/etc; fi
 if [ ! -d /nexus-home/log ];  then mkdir /nexus-home/log; fi
 if [ ! -d /nexus-home/tmp ];  then mkdir /nexus-home/tmp; fi
