Running the Nexus 3 Docker Container with SSL

Permalink | Tags:  docker
Posted: Saturday, 18 June 2016
Share:  

Well that was harder than it needed to be. Better write this down while it's fresh.

The container itself does not run with SSL, so you have to use a reverse proxy to do that for you.

Here's how to do it...

Create a Docker Network

We'll use this to allow our Nexus container to talk to our NGINX SSL Proxy container.

docker network create my-nexus-network

Run the Nexus Docker Container

Nothing too fancy here:

docker pull sonatype/nexus3
docker run -d -p 8081:8081 --name nexus sonatype/nexus3 --net=my-nexus-network

Note: You probably want to run a volume to hold the nexus repository data outside your container for ease of updating - and y'know reboots. That's all explained here under "Persistent Data".

Create an NGINX Proxy Container

Copy your SSL .crt and .key files to your host machine along with this nginx.conf:

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    proxy_send_timeout 120;
    proxy_read_timeout 300;
    proxy_buffering    off;
    keepalive_timeout  5 5;
    tcp_nodelay        on;

    server {
        listen         80;
        server_name    your.domain.com;

	return         301 https://$server_name$request_uri;
    }

    server {
        listen   *:443 ssl;
        server_name  your.domain.com;

        # allow large uploads of files - refer to nginx documentation
        client_max_body_size 1024m;

        # optimize downloading files larger than 1G - refer to nginx doc before adjusting
        #proxy_max_temp_file_size 2048m

        ssl on;
        ssl_certificate      /etc/nginx/ssl.crt;
        ssl_certificate_key  /etc/nginx/ssl.key;

        location / {
            proxy_pass http://nexus:8081/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	    proxy_set_header X-Forwarded-Proto "https";
        }
    }
}

From here, run:

docker run --name nginx-proxy -v host-path-to/nginx.conf:/etc/nginx/nginx.conf:ro
    -v host-path-to/ssl.key:/etc/nginx/ssl.key:ro -v host-path-to/ssl.crt:/etc/nginx/ssl.crt:ro
    -p 443:443 -p 80:80 --net=my-nexus-network -d nginx

That's it.

Key Points

After much, much trying:

  1. Nexus seems to only work properly with an SSL reverse proxy on port 443 with redirects from port 80
  2. Nexus seems to have to be at the root, there can be no subfolders