This is a solution of a common problem with Nexus Docker repositories. The administrator has to expose port for "pull", another port for "push", other ports for each hosted repository. This solution is about leveraging Nginx reverse proxy to avoid using these ports.
Given :
- Nexus hostname is "nexus.example.com"
- Nexus web port is 8081
- A hosted repository is named "docker-hosted"
- A group repository is named "docker-group"
- Your nginx (with the nginx.conf of this gist) will run for example under cregistry.example.com
The following Nginx configuration file is for a reverse proxy without the need to expose connector ports from nexus :
docker pull cregistry.example.com/myimage
lets Nginx forward the request to "docker-group"docker push cregistry.example.com/myimage
lets Nginx forward the request to "docker-hosted"
-
If you have more than one hosted repository, create another Nginx reverse proxy for it, then aggregate them using a parent Nginx reverse proxy that forwards the request according to certain criteria (.i.e: Host header).
-
All Nexus repositories must have consistent configuration of authentication: Either all require authentication, or all don't.
-
If TLS is enabled with Nexus, change
proxy_set_header X-Forwarded-Proto "http";
byproxy_set_header X-Forwarded-Proto "https";
Hello everyone, I have never configured a Nexus before. I received a request to maintain our Docker images in Nexus by setting up a Nexus artifacts server.
My arrangement:
Operating System: Ubuntu 22.04
Nexus: Sonatype RepositoryOSS 3.63.0-01 for Nexus
Nginx in reverse proxy mode.
My Requirement: Docker-proxy is needed to pull the docker images, and Docket-host repository is needed to push the images.
I have set up Nexus and Nginx, and by using the nginx configuration below—which is available in the Sonatype documentation at https://help.sonatype.com/en/docker-repository-reverse-proxy-strategies.html—I can access both the Nexus and the URL. However, the Docker login does not function. Could you please help me obtain the correct nginx configuration file? I sincerely appreciate anyone's assistance with this. Thank you in advance.
server {
listen 80;
server_name nexus.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name nexus.example.com;
ssl on;
}