AAber/FreeSSLcertificate2JavaKeystore.sow.txt

## FreeSSLcertificate2JavaKeystore.sow.txt
## == Certificate for any setup for free (4 months) == ##
## 1. Open http and https from all the world to the host

## == For openvpn server == ##
# systemctl stop openvpnas.service

## 2. Become root and run let's encrypt docker tool
$ sudo -i
# export LETSENCRYPT_EMAIL=info@mydomain.com
# export DNSNAME=myhost.mydomain.com
# docker run --rm -p 443:443 -p 80:80 --name letsencrypt -v "/etc/letsencrypt:/etc/letsencrypt"  -v "/var/lib/letsencrypt:/var/lib/letsencrypt"  certbot/certbot  certonly -n -m $LETSENCRYPT_EMAIL -d $DNSNAME --standalone --agree-tos

## 3. Close http and https from all the world
## 4. Result:
ubuntu@myhost:~$ ls /etc/letsencrypt/live/myhost.mydomain.com/
README  cert.pem  chain.pem  fullchain.pem  privkey.pem

## == Add certificate to Nexus == ##
## 1. Convert certificate to pkcs12, use password changeit for all password prompts
ubuntu@myhost:~$ openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out cert.pkcs12
## 2. Create keystore from cert.pkcs12
ubuntu@myhost:~$ keytool -importkeystore -destkeystore keystore.jks -srckeystore cert.pkcs12 -srcstoretype PKCS12
## 3. Use new keystore keystore.jks with you Nexus 3.2.0 docker
ubuntu@myhost:~$ docker run -d -p 8443:8443 -p 80:8081 -p 5000:5000 -p 5001:5001 -p 2375:2375 --name nexus -v /home/ubuntu/nexus_data:/nexus-data -v /home/ubuntu/keystore.jks:/nexus-data/keystore.jks -e JKS_PASSWORD="changeit" -e JAVA_MAX_MEM=2048M clearent/nexus:3.2.0-01
	## == Certificate for any setup for free (4 months) == ##
	## 1. Open http and https from all the world to the host

	## == For openvpn server == ##
	# systemctl stop openvpnas.service

	## 2. Become root and run let's encrypt docker tool
	$ sudo -i
	# export LETSENCRYPT_EMAIL=info@mydomain.com
	# export DNSNAME=myhost.mydomain.com
	# docker run --rm -p 443:443 -p 80:80 --name letsencrypt -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/lib/letsencrypt:/var/lib/letsencrypt" certbot/certbot certonly -n -m $LETSENCRYPT_EMAIL -d $DNSNAME --standalone --agree-tos

	## 3. Close http and https from all the world
	## 4. Result:
	ubuntu@myhost:~$ ls /etc/letsencrypt/live/myhost.mydomain.com/
	README cert.pem chain.pem fullchain.pem privkey.pem

	## == Add certificate to Nexus == ##
	## 1. Convert certificate to pkcs12, use password changeit for all password prompts
	ubuntu@myhost:~$ openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out cert.pkcs12
	## 2. Create keystore from cert.pkcs12
	ubuntu@myhost:~$ keytool -importkeystore -destkeystore keystore.jks -srckeystore cert.pkcs12 -srcstoretype PKCS12
	## 3. Use new keystore keystore.jks with you Nexus 3.2.0 docker
	ubuntu@myhost:~$ docker run -d -p 8443:8443 -p 80:8081 -p 5000:5000 -p 5001:5001 -p 2375:2375 --name nexus -v /home/ubuntu/nexus_data:/nexus-data -v /home/ubuntu/keystore.jks:/nexus-data/keystore.jks -e JKS_PASSWORD="changeit" -e JAVA_MAX_MEM=2048M clearent/nexus:3.2.0-01