← back to the blog


Running the Nexus 3 Docker Container with SSL

Posted on June 18th, 2016 in linux, docker, nexus, nginx by Simon

Well that was harder than it needed to be. Better write this down while it's fresh.

The container itself does not run with SSL, so you have to use a reverse proxy to do that for you.

Here's how to do it...

Create a Docker Network

We'll use this to allow our Nexus container to talk to our NGINX SSL Proxy container.

docker network create my-nexus-network

Run the Nexus Docker Container

Nothing too fancy here:

docker pull sonatype/nexus3
docker run -d -p 8081:8081 --name nexus sonatype/nexus3 --net=my-nexus-network

Note: You probably want to run a volume to hold the nexus repository data outside your container for ease of updating - and y'know reboots. That's all explained here under "Persistent Data".

Create an NGINX Proxy Container

Copy your SSL .crt and .key files to your host machine along with this nginx.conf:

user  nginx;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

proxy_send_timeout 120;
proxy_read_timeout 300;
proxy_buffering off;
keepalive_timeout 5 5;
tcp_nodelay on;

server {
listen 80;
server_name your.domain.com;

return 301 https://$server_name$request_uri;
}

server {
listen *:443 ssl;
server_name your.domain.com;

# allow large uploads of files - refer to nginx documentation
client_max_body_size 1024m;

# optimize downloading files larger than 1G - refer to nginx doc before adjusting
#proxy_max_temp_file_size 2048m

ssl on;
ssl_certificate /etc/nginx/ssl.crt;
ssl_certificate_key /etc/nginx/ssl.key;

location / {
proxy_pass http://nexus:8081/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
}
}
}

From here, run:

docker run --name nginx-proxy -v host-path-to/nginx.conf:/etc/nginx/nginx.conf:ro -v host-path-to/ssl.key:/etc/nginx/ssl.key:ro -v host-path-to/ssl.crt:/etc/nginx/ssl.crt:ro -p 443:443 -p 80:80 --net=my-nexus-network -d nginx

That's it.

Key Points

After much, much trying:

  1. Nexus seems to only work properly with an SSL reverse proxy on port 443 with redirects from port 80
  2. Nexus seems to have to be at the root, there can be no subfolders