This is the third and last part of a series of posts on Sonatype Nexus Repository 3 and how to use it as a repository for several technologies. (Part 1. Part 2.)
NOTE: We are constantly improving Sonatype Nexus Repository. This blog may no longer be accurate. You can find the latest instructions here.
Check out the first part of this series to see how we installed and ran Sonatype Nexus Repository 3 using a single Docker command. Just do that and the installation is done.
What we will do:
I suggest you create a new blob store for each new repository you want to create. That way, the data for every repository will be in a different folder in /nexus-data (inside the Docker container). But this is not mandatory for it to work.
By default, the Docker client communicates with the repository using HTTPS. In my use case, I had to configure it with HTTP, because we didn't have the certificate or the knowledge on how to obtain it.
Important to notice: the Docker repository requires two different ports. We are going to use 8082 for pull from the proxy repository and 8083 for pull and push to the private repository.
I had some problems with slightly older versions of Docker, so I strongly suggesting you to start with the version that I've tested with, that is 1.12.3.
A private repository in this case is a repository for Docker images that your team creates.
Create a new Docker (hosted) repository and configure it like so:
A proxy repository in this case is a repository that proxies everything you download from the official registry - Docker Hub. Next time you download the same dependency, it will be cached in your Sonatype Nexus Repository.
Create a new Docker (proxy) repository and configure it like so:
This repository will group all the above repositories and provide you with a single URL to configure your clients to download from.
Create a new Docker (group) repository and configure it like so:
You can create as many repositories as you need and group them all in the group repository.
This step is actually optional to use Sonatype Nexus Repository 3 as a Docker repository, because we can stick to pulling and pushing to the proxy and hosted repositories as will be discussed later.
To interact with your repo, the first thing is to configure the Docker daemon in your machine to accept working with HTTP instead of HTTPS.
How exactly to do this config depends on your operating system, so you should check dockerd documentation. On RHEL I did it putting this content in /etc/docker/daemon.json
:
{
"insecure-registries": [
"your-repo:8082",
"your-repo:8083"
],
"disable-legacy-registry": true
}
You have to restart the daemon after setting this (sudo systemctl restart docker
).
On Windows or Mac you should config your deamon in a box like this:
Now we have to authenticate your machine to the repository with:
docker login -u admin -p admin123 your-repo:8082
docker login -u admin -p admin123 your-repo:8083
This will create an entry in ~/.docker/config.json
:
{
"auths": {
"your-repo:8082": {
"auth": "YWRtaW46YWRtaW4xMjM="
},
"your-repo:8083": {
"auth": "YWRtaW46YWRtaW4xMjM="
}
}
To pull images from your repository, use (notice port 8082 being used):
docker pull your-repo:8082/httpd:2.4-alpine
To push your own images to your repository, you have to tag the image with a tag that points to the repository. This is strange to me, since I was trying to think about Docker tags the same way I do about Git tags, but they seem be somewhat different (notice port 8083 being used):
docker tag your-own-image:1 your-repo:8083/your-own-image:1
docker push your-repo:8083/your-own-image:1
To pull your own images from the repository, you can use:
docker tag your-own-image:1 your-repo:8082/your-own-image:1
# or
docker tag your-own-image:1 your-repo:8083/your-own-image:1
Both ports will work. I suspect that is because using port 8083 will connect directly to the hosted repository, whilst using port 8082 will connect to the group repository, which contains the hosted repository. I suggest you to stick to port 8083 to avoid duplicate images in your machines. If you chose to stick with port 8083 to pull your own images, you probably could skip creating the group repository, if you prefer.