将下载后的文件传输到服务器上
#修改配置文件
vi /etc/security/limits.conf
#添加
* soft nofile 65536
#修改服务配置
vi /etc/systemd/system.conf
#修改
DefaultLimitNOFILE=65536
#重启
reboot
#查看结果
ulimit -n
#将当前目标下的文件上传到目标服务器的指定路径
scp nexus-3.23.0-03-unix.tar root@192.168.0.5:/opt/
#解压
tar -xvf nexus-3.23.0-03-unix.tar
#做一个软链接方便访问和更新
ln -s /opt/nexus-3.23.0-03/ /nexus
#修改运行用户
vi /nexus/bin/nexus.rc
#修改运行用户,除非自己个人使用否则不要用root用户
run_as_user="root"
ln -s /nexus/bin/nexus /etc/init.d/nexus
#init.d设置
cd /etc/init.d
chkconfig --add nexus
chkconfig --levels 345 nexus on
service nexus start
#创建Nexus服务
vi /etc/systemd/system/nexus.service[Unit]
Description=nexus service
After=network.target
[Service]
Type=forking
LimitNOFILE=65536
ExecStart=/nexus/bin/nexus start
ExecStop=/nexus/bin/nexus stop
User=root
Restart=on-abort
TimeoutSec=600
[Install]
WantedBy=multi-user.target
如果没有安装JAVA,请看: 安装Java1.8
#重新加载服务
systemctl daemon-reload
#开机启动
systemctl enable nexus.service
#运行服务
systemctl start nexus.service
#查看日志
tail -f /opt/sonatype-work/nexus3/log/nexus.log访问http://192.168.0.5:8081 进入管理界面。
Nexus服务器域名和端口:repo.bluersw.com:8081
Proxy仓库:
- 仓库名称:aliyun-yum-proxy(属于repo-bluersw分组)
- 仓库类型:proxy
- 远程仓库地址:http://mirrors.aliyun.com/centos/
Group仓库:
- 仓库名称:repo-bluersw(含多个proxy仓库)
- 仓库类型:group
- 对外地址:http://repo.bluersw.com:8081/repository/repo-bluersw/
客户端配置:
#备份
cd /etc/yum.repos.d/
mkdir bak
cp *.repo bak/
vi /etc/yum.repos.d/CentOS-Base.repo修改CentOS-Base文件内容:
[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
baseurl=http://repo.bluersw.com:8081/repository/repo-bluersw/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#released updates
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
baseurl=http://repo.bluersw.com:8081/repository/repo-bluersw/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
baseurl=http://repo.bluersw.com:8081/repository/repo-bluersw/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
baseurl=http://repo.bluersw.com:8081/repository/repo-bluersw/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
yum clean all
yum makecache
#更新系统第一次会比较慢
yum update -y下载的RPM包都存储在Nexus服务器上,以后其他服务器照此配置就不用从外网下载了。
Proxy仓库:
- 仓库名称:hub-docker-proxy
- 仓库类型:proxy
- 远程仓库地址:https://registry-1.docker.io
- Repository Connectors:不创建(由Group仓库负责)
- Allow anonymous docker pull ( Docker Bearer Token Realm required ):true(勾选)
- Enable Docker V1 API:勾选
- Docker Index:Use Docker Hub
Hosted仓库:
- 仓库名称:my-docker-host
- 仓库类型:hosted
- Repository Connectors:HTTP 8082端口(负责Push Image)
- Allow anonymous docker pull ( Docker Bearer Token Realm required ):true(勾选)
- Enable Docker V1 API:勾选
- 对外地址:http://repo.bluersw.com:8082
Group仓库:
- 仓库名称:docker-bluersw(含hub-docker-proxy和my-docker-host)
- 仓库类型:group
- Repository Connectors:HTTP 8083端口(负责Pull Image)
-
- Allow anonymous docker pull ( Docker Bearer Token Realm required ):true(勾选)
- 对外地址:http://repo.bluersw.com:8083
group类型的Docker仓库只能pull不能push。
在Security中打开Realms界面,激活Docker Bearer Token Realm 选项。
客户端配置:
vi /etc/docker/daemon.json修改Docker的daemon配置文件,添加上述两个Docker私服地址。
{
"insecure-registries": ["http://repo.bluersw.com:8082","http://repo.bluersw.com:8083"]
}#重启服务
systemctl restart docker
#登录
docker login http://repo.bluersw.com:8082
docker login http://repo.bluersw.com:8083
#使用代理服务器下载镜像,镜像会存在代理服务器上供其他人下载
docker pull repo.bluersw.com:8083/hello-world
[root@ops docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
repo.bluersw.com:8083/hello-world latest bf756fb1ae65 4 months ago 13.3kB
#改名
docker tag repo.bluersw.com:8083/hello-world repo.bluersw.com:8082/hello-world
#上传到Docker私有仓库
docker push repo.bluersw.com:8082/hello-world如果需要用HTTPS访问Nexus Repository则nginx的反向代理设置是:
server {
listen 443 ssl;
#配置HTTPS的默认访问端口为443。
#如果未在此处配置HTTPS的默认访问端口,可能会造成Nginx无法启动。
#如果您使用Nginx 1.15.0及以上版本,请使用listen 443 ssl代替listen 443和ssl on。
server_name repo.bluersw.com; #需要将yourdomain.com替换成证书绑定的域名。
ssl_certificate /opt/6016769_repo.bluersw.com.pem; #需要将cert-file-name.pem替换成已上传的证书文件的名称。
ssl_certificate_key /opt/6016769_repo.bluersw.com.key; #需要将cert-file-name.key替换成已上传的证书密钥文件的名称。
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
#表示使用的加密套件的类型。
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #表示使用的TLS协议的类型。
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https; # 转发时使用https协议
proxy_pass http://localhost:8081;
}
}