Running the Nexus 3 Docker Container with SSL

simon hardy

Better write this down while it’s fresh. The container itself does not run with SSL, so you have to use a reverse proxy to do that for you. Here’s how to do it…

Create a Docker Network

We’ll use this to allow our Nexus container to talk to our NGINX SSL Proxy container.

docker network create my-nexus-network

Run the Nexus Docker Container

Nothing too fancy here:

docker pull sonatype/nexus3
docker run -d -p 8081:8081 --name nexus sonatype/nexus3 --net=my-nexus-network

Note: You probably want to run a volume to hold the nexus repository data outside your container for ease of updating – and y’know reboots. That’s all explained here under “Persistent Data”.

Create an NGINX Proxy Container

Copy your SSL .crt and .key files to your host machine along with this nginx.conf:

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    proxy_send_timeout 120;
    proxy_read_timeout 300;
    proxy_buffering    off;
    keepalive_timeout  5 5;
    tcp_nodelay        on;

    server {
        listen         80;
        server_name    your.domain.com;

	return         301 https://$server_name$request_uri;
    }

    server {
        listen   *:443 ssl;
        server_name  your.domain.com;

        # allow large uploads of files - refer to nginx documentation
        client_max_body_size 1024m;

        # optimize downloading files larger than 1G - refer to nginx doc before adjusting
        #proxy_max_temp_file_size 2048m

        ssl on;
        ssl_certificate      /etc/nginx/ssl.crt;
        ssl_certificate_key  /etc/nginx/ssl.key;

        location / {
            proxy_pass http://nexus:8081/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	    proxy_set_header X-Forwarded-Proto "https";
        }
    }
}

From here, run:

docker run --name nginx-proxy -v host-path-to/nginx.conf:/etc/nginx/nginx.conf:ro -v host-path-to/ssl.key:/etc/nginx/ssl.key:ro -v host-path-to/ssl.crt:/etc/nginx/ssl.crt:ro -p 443:443 -p 80:80 --net=my-nexus-network -d nginx

That’s it.

Key Takeaways for Running Nexus 3 with Docker Containers Over SSL

  • Nexus seems to only work properly with an SSL reverse proxy on port 443 with redirects from port 80
  • Nexus seems to have to be at the root, there can be no subfolders

Running the Nexus 3 Docker Container with SSL was originally published on simon-hardy.com by Simon Hardy.

The following two tabs change content below.

Latest posts by Simon Hardy (see all)

Authors

Related posts

*

Top