Use Maven and Docker + Nexus 3 behind NGinx with HTTPS

I generated certificates for my docker client and deamon following Docker recommendations:

But… I’m using Sonatype Nexus 3 as my private docker registry.

  • Why use docker? Aren't java files like WAR files already running on JVM?
  • Docker-compose set user and group on mounted volume
  • The size of docker.qcow2 on mac is much larger than the images that I have
  • Connection fail for Apache LDAP Authentication
  • Workflow for Python with Docker + IDE for non-web applications
  • MongoDB Script with rs.add() Not Executing As Expected
  • And I have a frontal NGinX.

    I would like to setup NGinx with a self-signed certificate to be able to use Nexus as a registry.

    Basically, I have that setup for NGinx:

        ssl_certificate                 /home/AAA/certificates/adgroupe.priv/server-cert.pem;
        ssl_certificate_key             /home/AAA/certificates/adgroupe.priv/server-key.pem;
        ssl_protocols                   SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers                     RC4:HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers       on;

    The 2 certificates being the ones generated with Docker documentation (link above).

    I then can add with keytool my server.cert to my keystore, but how can I make both Maven and Docker trust that certificate? I mean, no one trust my CA since I generated it myself…

  • Go imageproxy inaccessible from docker container
  • Docker private registry can't find tags when pulling
  • creating new SSH keys during docker run
  • Slow connection to mysql running in docker
  • docker how to commit but exclude directory from image
  • Setting the hostname for a container running in Kubernetes
  • One Solution collect form web for “Use Maven and Docker + Nexus 3 behind NGinx with HTTPS”

    I’m on a Debian based operating system, And i did it that way.
    On your client AND your server, you just have to take the cert file and add it to the ca-certificates.

    root@test:~/certs mkdir /usr/share/ca-certificates/
    root@test:~/certs cp certificate.crt /usr/share/ca-certificates/
    root@test:~/certs echo "" >> /etc/ca-certificates.conf
    root@test:~/certs update-ca-certificates
    Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done.
    Running hooks in /etc/ca-certificates/update.d....done.
    # restart docker to refresh trusted CA
    root@test:~/certs systemctl restart docker

    You will only be able to acces with the Common Name you gave it (for me it’s ):
    Because I specified it when i created the cert

    Common Name (e.g. server FQDN or YOUR name) [] 

    hope this helps

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.