手动部署

尚未完善，有空再整。

系统环境

RHEL 8.9

Docker 26.0.0

Nexus 3.66.0

系统参数调整

# 设置主机名映射
echo "192.168.100.239 nexus nexus.oso.plus" >> /etc/hosts

# 创建相关文件夹
mkdir -p /data/{docker,nexus}
mkdir -p /apps

安装docker

# 安装依赖
yum install -y dnf-utils device-mapper-persistent-data lvm2 fuse-overlayfs wget

# 个人家用 在欧拉系统上识别的 $releasever 不准确 所以注意修改为 8 其他识别有误的国产操作系统依此修改
cat > /etc/yum.repos.d/docker-ce.repo << 'EOF'
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://repos.oso.plus/docker-ce/linux/centos/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://repos.oso.plus/docker-ce/linux/centos/gpg
EOF

yum clean all

# 安装 docker-ce
dnf install -y docker-ce docker-ce-cli docker-compose-plugin docker-buildx-plugin docker-scan-plugin

mkdir -p /data/{docker,nexus}

# 按需调整默认配置
cat > /etc/docker/daemon.json <<EOF
{
    "insecure-registries": [
        "nexus.oso.plus"
    ],
    "exec-opts": [
        "native.cgroupdriver=systemd"
    ],
    "registry-mirrors": [
        "https://registry.docker-cn.com",
        "https://hub-mirror.c.163.com",
        "https://docker.mirrors.ustc.edu.cn"
    ],
    "data-root": "/data/docker",
    "log-driver": "json-file",
    "log-opts": {
        "max-size": "100m"
    },
    "experimental": true
}
EOF

# 启动服务
systemctl start docker
# 查看服务
systemctl status docker
# 关闭服务
systemctl stop docker
# 开机自启
systemctl enable docker

单机部署

设置静态IP地址

hostnamectl set-hostname nexus
nmcli con mod ens33 ipv4.gateway 192.168.100.1 ipv4.dns 192.168.100.254,202.98.198.167 ipv4.method manual ipv4.address 192.168.100.239/24
nmcli con mod ens33 ipv6.gateway fe80::1 ipv6.dns fe80::1 ipv6.method manual ipv6.address 240e:338:813:e4b1::a9c1:c239/64
nmcli con mod ens34 ipv6.method disabled
nmcli con mod ens34 ipv4.gateway 192.168.101.253 ipv4.method manual ipv4.address 192.168.101.239/24

注意：针对所有 Sonatype Nexus 存储库部署的关键漏洞修复 Sonatype Nexus Repository 3.68.1 修复了一个影响所有 Sonatype Nexus Repository 3 部署的严重漏洞。此漏洞可允许特制 URL 以下载形式返回任何文件，包括 Nexus Repository 应用程序范围之外的系统文件。据我们所知，这个漏洞没有被积极利用。有关完整详细信息，请参阅我们的 CVE-2024-4956 知识库文章。

# 安装JDK 必须是 jdk 8 且版本高于 261 不支持 jdk 11/17/21
# dnf install -y java-1.8.0-openjdk
tar -xf jdk-8u401-linux-x64.tar.gz -C /apps/
mv /apps/jdk1.8.0_401 /apps/jdk
echo 'export JAVA_HOME=/apps/jdk' >> /etc/profile
echo 'export PATH=$JAVA_HOME/bin:$PATH' >> /etc/profile
source /etc/profile
java -version

# 下载地址
# https://help.sonatype.com/repomanager3/product-information/download
# https://help.sonatype.com/en/download-archives---repository-manager-3.html
# 系统需求
# https://help.sonatype.com/repomanager3/product-information/sonatype-nexus-repository-system-requirements

# docker 容器镜像
# https://hub.docker.com/r/sonatype/nexus3/

# docker pull sonatype/nexus3

echo 'nexus - nofile 65536' >> /etc/security/limits.conf
echo 'nexus - nproc 65536' >> /etc/security/limits.conf

# wget https://download.sonatype.com/nexus/3/nexus-3.66.0-02-unix.tar.gz
tar -xf nexus-3.66.0-02-unix.tar.gz -C /apps/
mv /apps/nexus-3.66.0-02 /apps/nexus
sed -i 's/^#run_as_user=""/run_as_user="nexus"/' /apps/nexus/bin/nexus.rc
sed -i 's?^# INSTALL4J_JAVA_HOME_OVERRIDE=?INSTALL4J_JAVA_HOME_OVERRIDE=/apps/jdk?' /apps/nexus/bin/nexus

echo 'export PATH=/apps/nexus/bin:$PATH' >> /etc/profile
source /etc/profile

groupadd nexus
useradd -M -s /bin/false -g nexus nexus
echo 'nexus' | passwd --stdin nexus
chown -R nexus:nexus /apps/nexus

# chown -R nexus:nexus /apps/{nexus,sonatype-work}

# 修改默认的 sonatype-work 位置
mkdir -p /data/sonatype-work
chown -R nexus:nexus /data/sonatype-work
sed -i 's|../sonatype-work|/data/sonatype-work|g' /apps/nexus/bin/nexus.vmoptions

cat > /etc/systemd/system/nexus.service << 'EOF'
[Unit]
Description=Nexus Repository Manager
After=network.target

[Service]
Type=forking
LimitNPROC=65536
LimitNOFILE=65536
ExecStart=/apps/nexus/bin/nexus start
ExecStop=/apps/nexus/bin/nexus stop
User=nexus
Group=nexus
Restart=on-abort

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload; systemctl enable nexus
systemctl status nexus
systemctl restart nexus

# 查看初始密码
# cat /apps/sonatype-work/nexus3/admin.password
cat /data/sonatype-work/nexus3/admin.password
# 9a365a5c-3f41-4b01-a5dd-51e18a489438

# 浏览器打开 http://192.168.100.239:8081 或 http://nexus.oso.plus:8081 进行初始密码修改和其他配置

# jenkins 插件安装
# https://help.sonatype.com/iqserver/integrations/plugins-for-continuous-integration-platforms/nexus-platform-plugin-for-jenkins#NexusPlatformPluginforJenkins-RepositoryManager3Integration
# helm 插件
# https://github.com/sonatype-nexus-community/nexus-repository-helm

集群部署

专业版才支持

curl修改初始密码

cat /data/sonatype-work/nexus3/admin.password

curl -ifu admin:afefae90-f666-47f8-881b-e4b5ef532522 -X PUT -H 'Content-Type: text/plain' --data "i4Seeyon" http://192.168.100.150:8081/service/rest/internal/ui/onboarding/change-admin-password

编撰人：yangfc

快速跳转

• 手动部署
  • 系统环境
  • 系统参数调整
  • 安装docker
  • 单机部署
    • 设置静态IP地址
  • 集群部署
  • curl修改初始密码