No, there is no other solution. Docker repositories must run on web context path “/”. This limitation is imposed by the docker format, not by Nexus Repo. But because of this limitation Docker repositories must either use a different hostname or port. The built in mechanism uses different ports, but this won’t scale beyond a few dozen repositories, the Jetty web server is not designed to simultaneously listen on hundreds of ports. A reverse proxy will be needed.
Or alternatively, you could come up with a design for repository usage that does not require so many repositories. You’ll find that scales a lot better than trying to use hundreds of repositories, and is easier to manage. The way to do that is to use content selector privileges to slice up a docker repository, creating namespaces that each team can use.
Docker images are stored like this in Nexus:
The blobs are docker layers, and they can (and often are) shared between multiple docker images. This sharing of layers is the reason why docker is an efficient format for storing VM’s. The upshot of this is that you can’t restrict access to layers. So you’ll need to create a content selector privilege that allows access to all layers. Additionally, you need to allow access to “/v2/” for docker login, and “/v1/search” for search".
So you’ll need a content selector privilege like this that allows access to the things everyone needs:
path =~ "/v2/|/v2/blobs/.*|/v2/search/.*"
After this, you can selectively allow access to manifests and tags by using content selectors like this:
path =^ "/v2/some-docker-image/"
path =^ "/v2/library/ubuntu/"
Rich