Using your existing Nexus Repository configuration and key-store inside a Docker image

nxrm3
ssl
docker

#1

So you’ve installed Nexus Repository Manager 3 on a dedicated server, configured it to meet the needs of your organisation and have it populated with a vast number of OSS artefacts and components that are consumed across your CI/CD pipeline.

Your organisation recognises the value of Docker and decides to deploy NXRM3 in a docker container. This poses the question: How to retain all of the configuration and content within your existing deployment?

If you don’t have SSL configured, you can follow the instructions in the Nexus 3 Docker Image Instructions which informs how to pass the nexus-data volume to the docker container:

docker run -d -p 8081:8081 --name nexus3 -v native-host-install-dir/sonatype-work/nexus3:/nexus-data sonatype/nexus3

With SSL configured, you need to enable the docker image to reference your existing key-store. A minor addition to the above command is required:

docker run -d -p 8443:8443 --name nexus3 -v native-host-install-dir/sonatype-work/nexus3:/nexus-data -v native-host-install-dir/nexus-3.14.0-04/etc/ssl:/opt/sonatype/nexus/etc/ssl sonatype/nexus3

Note:

  1. Ensure you correctly replace native-host-install-dir before using the above commands.
  2. The keystore.jks is located in the $NEXUS_HOME/etc/ssl. The second volume passed to the docker run command defines this mount point.
  3. The ‘docker inspect #container-id#’ command enables you to identify the location of $NEXUS_HOME within your container.

#3

another option, you can put this in your sonatype-work/nexus3/etc/nexus.properties to relocate the path of the keystore. for example, if you put it in your sonatype-work, then you don’t need the second volume mount. this doesn’t save much with docker, but in a local install, it saves you from having to copy or recreate the keystore every time you upgrade nexus (since it’s in the 3.14 directory by default)

#put the ssl keystore in sonatype-work 
ssl.etc=${karaf.data}/etc/ssl

for bonus points, take a look inside of /nexus-3.14.0-04/etc/jetty/jetty-https.xml and you’ll see where that ssl.etc variable is used, along with the rest of the ssl configuration.