說明:Nexus是Sonatype提供的倉庫管理平台,Nuexus Repository OSS3能夠支持Maven、npm、Docker、YUM、Helm等格式數據的存儲和發布。
一、安裝jdk
1)安裝JDK
yum install -y java-1.8.0-openjdk*
2)配置環境
vim /etc/profile # set java environment export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.222.b10-0.el7_6.x86_64 export PATH=$PATH:$JAVA_HOME/bin export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
3)重載
source /etc/profile echo "source /etc/profile" >> /etc/bashrc java -version
二、安裝nexus
2.1 下載
mkdir -p /opt/nexus && cd /opt/nexus wget https://sonatype-download.global.ssl.fastly.net/repository/repositoryManager/3/nexus-3.18.1-01-unix.tar.gz tar -zxvf nexus-3.18.1-01-unix.tar.gz mv nexus-3.18.1-01 nexus3.18
2.2 配置
2.2.1 修改jdk
vim /opt/data/nexus/nexus3.18/bin/nexus
INSTALL4J_JAVA_PREFIX="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.222.b10-0.el7_6.x86_64"
2.2.2 修改啟動用戶
vim /opt/data/nexus/nexus3.18/bin/nexus.rc run_as_user="root"
2.2.3 修改數據和日志存儲位置
vim /opt/data/nexus/nexus3.18/bin/nexus.vmoptions -XX:LogFile=/opt/data/blob-stores/others/sonatype-work/nexus3/log/jvm.log -Dkaraf.data=/opt/data/blob-stores/others/sonatype-work/nexus3 -Djava.io.tmpdir=/opt/data/blob-stores/others/sonatype-work/nexus3/tmp
2.2.4 查看默認端口
cat /opt/data/nexus/nexus3.18/etc/nexus-default.properties |grep application-port
2.3 啟動
2.3.1 啟動腳本
vim /usr/lib/systemd/system/nexus.service [Unit] Description=nexus service [Service] Type=forking LimitNOFILE=65536 ExecStart=/opt/nexus/nexus3.18/bin/nexus start ExecReload=/opt/nexus/nexus3.18/bin/nexus restart ExecStop=/opt/nexus/nexus3.18/bin/nexus stop Restart=on-failure [Install] WantedBy=multi-user.target
2.3.2 自啟動
將服務加入開機啟動
systemctl daemon-reload
systemctl enable nexus
systemctl start nexus
三、安裝nginx
3.1 安裝
yum install -y nginx
3.2 證書申請
申請ssl證書,並存放在 /etc/nginx/cert 目錄下
mkdir /etc/nginx/cert
3.3 配置nginx.conf
vim /etc/nginx/nginx.conf #注釋server,添加如下: upstream nexusserver{ server 172.16.2.158:8081; } upstream mirrornexus{ server 172.16.2.158:6001; } upstream nexusdocker{ server 172.16.2.158:6000; }
說明:
1)8081 為 nexus server 的端口,nexus本身服務程序;
2)6001 為 docker proxy 的端口,作為中央倉庫的代理;
3)6000 為 docker hosted 的端口,推送拉取鏡像
4)6001 和 6000 需登入后台進行相應的配置生成端口,這里是提前設置好nginx。
3.4 配置服務
3.4.1 服務程序
vim /etc/nginx/conf.d/nexusserver.conf server { listen 443; server_name nexus.wmq.com; ssl on; ssl_certificate cert/1566822_nexus.wmq.com.pem; ssl_certificate_key cert/1566822_nexus.wmq.com.key; client_max_body_size 0; index index.html; location / { proxy_pass http://nexusserver; #proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto "https"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 80; server_name nexus.wmq.com; client_max_body_size 0; index index.html; location / { return 301 https://$server_name$request_uri; } }
3.4.2 代理倉庫
vim /etc/nginx/conf.d/mirrornexus.conf server { listen 443; server_name mirror.nexus.wmq.com; ssl on; ssl_certificate cert/mirror.nexus.wmq.com.pem; ssl_certificate_key cert/mirror.nexus.wmq.com.key; client_max_body_size 0; index index.html; location / { proxy_pass http://mirrornexus; #proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto "https"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 80; server_name mirror.nexus.wmq.com; client_max_body_size 0; index index.html; location / { return 301 https://$server_name$request_uri; } }
3.4.3 鏡像倉庫
vim /etc/nginx/conf.d/nexusdocker.conf server { listen 443; server_name reg.nexus.wmq.com; ssl on; ssl_certificate cert/reg.nexus.wmq.pem; ssl_certificate_key cert/reg.nexus.wmq.key; client_max_body_size 0; index index.html; location / { proxy_pass http://nexusdocker; #proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto "https"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 80; server_name reg.nexus.wmq.com; client_max_body_size 0; index index.html; location / { return 301 https://$server_name$request_uri; } }
3.5 啟動 nginx
nginx -t
systemctl enable nginx
systemctl start nginx
3.6 域名解析
nexus.wmq.com、mirror.nexus.wmq.com、reg.nexus.wmq.com 三個域名都解析到 nexus 主機內網地址
四、定時清理鏡像
4.1 下載工具
github地址:https://github.com/mlabouardy/nexus-cli
mkdir /opt/nexus/clean-docker-images && cd /opt/nexus/clean-docker-images wget https://s3.eu-west-2.amazonaws.com/nexus-cli/1.0.0-beta/linux/nexus-cli chmod +x nexus-cli
4.2 配置
./nexus-cli configure Enter Nexus Host: http://127.0.0.1:8081 Enter Nexus Repository Name: docker-wmqe Enter Nexus Username: admin Enter Nexus Password: *******
會在當前目錄生成 .credentials 文件,該文件記錄了上面輸入的信息。
4.3 腳本
vim clean-docker-images.sh #! /bin/sh CLI_HOME=/opt/nexus/clean-docker-images cd $CLI_HOME KEEP_VERSION_NUM=10 IMAGES=$($CLI_HOME/nexus-cli image ls|grep -v Total) clean_images() { for imgs in $(echo $IMAGES); do echo "清理$imgs"; $CLI_HOME/nexus-cli image delete -name $imgs -keep $KEEP_VERSION_NUM done } clean_images
4.4 計划任務
crontab -e 0 1 * * * sh /opt/nexus/clean-docker-images/clean-docker-images.sh > /opt/nexus/clean-docker-images/clean-docker-images.log 2>&1