Nexus3部署私有源-企业版 1.匿名拉取镜像 docker pull 这一点很重要所以写在开头 2.容器化部署nexus3 docker run -itd -p 8081:8081 -p 8082:8082 -p 8083:8083 -p 8084:8084 --name nexus --privileged=true -v /home/ubuntu/local-repo:/nexus-data sonatype/nexus3:3.19.1 3.创建docker仓库 创建存储目录 创建docker仓库 仓库配置 4.创建用户用于push 镜像 5.为repo仓库添加SSL证书 # ip地址可以换成内网ip upstream nexus_docker_get { server 127.0.0.1:8082; } #upstream nexus_docker_put { # server 127.0.0.1:8083; #} server { listen 80; listen 443 ssl; listen [::]:443 ; server_name docker-hub.xxx.tech; ssl_certificate /etc/ssl/xxx.tech_bundle.crt; ssl_certificate_key /etc/ssl/xxx.tech.key; ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers "!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:"; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; # disable any limits to avoid HTTP 413 for large image uploads client_max_body_size 0; # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) chunked_transfer_encoding on; access_log /var/log/nginx/access-docker-hub.log; error_log /var/log/nginx/error-docker-hub.log; # 设置默认使用推送代理 #set $upstream "nexus_docker_put"; # 当请求是GET,也就是拉取镜像的时候,这里改为拉取代理,如此便解决了拉取和推送的端口统一 #if ( $request_method ~* "GET") { # set $upstream "nexus_docker_get"; #} # 只有本地仓库才支持搜索,所以将搜索请求转发到本地仓库,否则出现500报错 index index.html index.htm index.php; #if ($request_method != "GET") { # set $upstream "nexus_docker_put"; #} location / { proxy_pass http://127.0.0.1:8082; proxy_set_header Host $host; proxy_connect_timeout 3600; proxy_send_timeout 3600; proxy_read_timeout 3600; proxy_set_header X-Real-IP $remote_addr; proxy_buffering off; proxy_request_buffering off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto "http"; } } server { listen 80; listen 443 ssl; listen [::]:443 ; server_name registry.xxx.tech; access_log /var/log/nginx/registry.xxx.log; # 证书 ssl_certificate /etc/ssl/xxx.tech_bundle.crt; ssl_certificate_key /etc/ssl/xxx.tech.key; ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers "!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:"; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; # disable any limits to avoid HTTP 413 for large image uploads client_max_body_size 0; # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) chunked_transfer_encoding on; index index.html index.htm index.php; location / { proxy_pass http://127.0.0.1:8081; proxy_set_header Host $host; proxy_connect_timeout 3600; proxy_send_timeout 3600; proxy_read_timeout 3600; proxy_set_header X-Real-IP $remote_addr; proxy_buffering off; proxy_request_buffering off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_set_header X-Forwarded-Proto http; proxy_set_header X-Forwarded-Proto "https"; access_log /var/log/nginx/access-registry.log; error_log /var/log/nginx/error-registry.log debug; } } 6.登陆repo #docker login -u zj -p 12345676 docker-hub.xxx.tech #docker tag (images ID) 345gfeeo9n docker-hub.xxx.tech/nginx:latest 修改tag #docker push docker-hub.xxx.tech/nginx:latest 推送镜像到docker repo 里面 7.Docker pull 匿名拉取 随便在什么机器上 #docker pull docker-hub.xxx.tech/nginx:latest 匿名拉取repo中的镜像。