nexus配置https(在nexus上配置jks证书方式):
cd /usr/local/nexus3/etc/ssl/
将已有的.crt和.key证书文件转为p12格式:
openssl pkcs12 -export -out keystore.pkcs12 -inkey ming.key -in ming.crt
设置密码
再将p12格式文件转为.jks格式:
keytool -v -importkeystore -srckeystore keystore.pkcs12 -srcstoretype PKCS12 -destkeystore keystore.jks -deststoretype JKS
输入上步设置的密码并设置新密码(可同上步密码)
chown nexus:nexus /usr/local/nexus3/etc/ssl/keystore.jks
vi /usr/local/nexus3/etc/nexus-default.properties
DO NOT EDIT - CUSTOMIZATIONS BELONG IN $data-dir/etc/nexus.properties
Jetty section
application-port-ssl=8443 application-port=8081 application-host=0.0.0.0 nexus-args=${jetty.etc}/jetty.xml,${jetty.etc}/jetty-http.xml,${jetty.etc}/jetty-https.xml,${jetty.etc}/jetty-requestlog.xml nexus-context-path=/
Nexus section
nexus-edition=nexus-pro-edition
nexus-features=
nexus-pro-feature
:wq
vi /usr/local/nexus3/etc/jetty/jetty-https.xml (xxxxx为上面设置的密码)
<Set name="KeyStorePath"><Property name="ssl.etc"/>/keystore.jks</Set>
<Set name="KeyStorePassword">xxxx</Set>
<Set name="KeyManagerPassword">xxxxxx</Set>
<Set name="TrustStorePath"><Property name="ssl.etc"/>/keystore.jks</Set>
<Set name="TrustStorePassword">xxxxx</Set>
<Set name="EndpointIdentificationAlgorithm"></Set>
:wq
/usr/local/nexus3/bin/nexus stop
/usr/local/nexus3/bin/nexus start
netstat -nplt | grep 8443
客户端访问:
安装docker略
vi /etc/docker/daemon.json (daemon.json的方式可以兼容http方式)
{ "insecure-registries": [ "dockerqa.ming.com:8082", "dockerqa.ming.com:8083" ], "disable-legacy-registry": true }
:wq
或
mkdir /etc/docker/certs.d/dockerqa.ming.com:8083 -p
vi /etc/docker/certs.d/dockerqa.unisoc.com:8083/ca.crt (将nexus的crt证书内容贴进来)
:wq
注: ca.crt方式不兼容http方式
