- 生成证书
我是用acme.sh申请免费证书,然后转换为java的keystore格式
转换为pkcs12格式
openssl pkcs12 -export -inkey example.key -in cert-chain.txt -out nexus.pkcs12
生成keystore
keytool -importkeystore -srckeystore nexus.pkcs12 -srcstoretype PKCS12 -destkeystore keystore.jks - 把证书放在${jetty.etc}/ssl/keystore.jks
- 编辑nexus.properties
data-dir/etc/nexus.properties中添加application-port-ssl=8443
反注释nexus-args,确保它的值里面包含{jetty.etc}/jetty-https.xml
添加ssl.etc={karaf.data}/etc/ssl(如果有这一行ssl目录会放在data目录下面,如果没有则放在{jetty.etc}里面) - 编辑$install-dir/etc/jetty/jetty-https.xml
有三处需要填写私钥密码
指定私钥别名(这个不写也可以)
jetty - 在仓库管理里面把Base URL修改为域名
- 重启nexus
注意:以上证书和配置文件需要权限正确
参考:
https://help.sonatype.com/repomanager3/nexus-repository-administration/capabilities/base-url-capability
https://www.cnblogs.com/Smbands/p/14430775.html
附件:
nexus的docker-compose.yaml配置
services:
nexus:
image: sonatype/nexus3
restart: always
hostname: nexus
ports:
- "8081:8081/tcp"
- "8082:8082/tcp"
- "8083:8083/tcp"
- "8084:8084/tcp"
- "8085:8085/tcp"
- "80:8081/tcp"
- "443:8443/tcp"
volumes:
- ./data:/nexus-data
- ./deploy:/opt/sonatype/nexus/deploy
- ./ssl:/opt/sonatype/nexus/etc/ssl
- ./jetty-https.xml:/opt/sonatype/nexus/etc/jetty/jetty-https.xml
- /etc/localtime:/etc/localtime