Nexus Repository Manager 是一个强大的制品仓库管理器,支持 Maven、npm、Docker、Helm、PyPI 等多种格式。

Docker 部署

docker-compose.yml

1
2
3
4
5
6
7
8
9
10
11
12
version: '2.0'

services:
  nexus:
    image: sonatype/nexus3
    container_name: nexus
    restart: always
    ports:
      - "127.0.0.1:8081:8081"  # Web UI
      - "127.0.0.1:5000:5000"  # Docker Registry
    volumes:
      - ${HOME}/nexus-data:/nexus-data

启动:

1
docker-compose up -d

初始化

1
2
3
4
5
# 获取初始密码
docker exec nexus cat /nexus-data/admin.password

# 访问 Web UI
open http://localhost:8081

Nginx 反向代理配置

Web UI 反代

repo.example.com - Nexus 管理界面

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
server {
    listen 80;
    server_name repo.example.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name repo.example.com;

    # SSL 证书
    ssl_certificate /etc/letsencrypt/live/repo.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/repo.example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    # 允许大文件上传
    client_max_body_size 1G;

    location / {
        proxy_pass http://localhost:8081/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto "https";
    }
}

Docker Registry 反代

docker.example.com - Docker 镜像仓库

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
server {
    listen 80;
    server_name docker.example.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name docker.example.com;

    ssl_certificate /etc/letsencrypt/live/repo.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/repo.example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    # Docker 镜像可能很大
    client_max_body_size 10G;

    location / {
        proxy_pass http://localhost:5000/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto "https";
    }
}

配置仓库

创建 Docker Hosted 仓库

  1. 登录 Nexus Web UI
  2. Settings → Repositories → Create repository
  3. 选择 docker (hosted)
  4. 配置:
    • HTTP 端口:5000
    • Allow anonymous docker pull:勾选

使用 Docker Registry

1
2
3
4
5
6
7
8
9
# 登录
docker login docker.example.com

# 推送镜像
docker tag myapp:latest docker.example.com/myapp:latest
docker push docker.example.com/myapp:latest

# 拉取镜像
docker pull docker.example.com/myapp:latest

支持的仓库类型

类型 说明 端口建议
Docker 容器镜像 5000
Helm Kubernetes Chart 8081 (Web)
npm Node.js 包 8081 (Web)
PyPI Python 包 8081 (Web)
Maven Java 依赖 8081 (Web)

Helm 仓库配置

添加 Helm 仓库:

1
2
3
4
5
6
7
# 在 Nexus 中创建 helm (hosted) 仓库
helm repo add myrepo https://repo.example.com/repository/helm-hosted/ \
  --username admin --password password

# 推送 Chart
curl -u admin:password https://repo.example.com/repository/helm-hosted/ \
  --upload-file mychart-0.1.0.tgz

npm 仓库配置

1
2
3
4
5
6
7
8
# 配置 npm registry
npm config set registry https://repo.example.com/repository/npm-group/

# 登录
npm login --registry=https://repo.example.com/repository/npm-hosted/

# 发布
npm publish --registry=https://repo.example.com/repository/npm-hosted/

PyPI 仓库配置

~/.pypirc

1
2
3
4
5
6
7
[distutils]
index-servers = nexus

[nexus]
repository: https://repo.example.com/repository/pypi-hosted/
username: admin
password: password

发布:

1
2
pip install twine
twine upload --repository nexus dist/*

参考资料

注意事项

  • 定期备份 /nexus-data 目录
  • 生产环境建议配置外部数据库
  • Docker Registry 需要 HTTPS(或配置 insecure-registries)
  • 建议为不同类型的仓库使用不同的子域名