Use Maven and Docker + Nexus 3 behind NGinx with HTTPS

I generated certificates for my docker client and deamon following Docker recommendations: https://docs.docker.com/engine/security/https/#create-a-ca-server-and-client-keys-with-openssl

But… I’m using Sonatype Nexus 3 as my private docker registry.

  • JVM memory settings in docker container in AWS beanstalk
  • Docker seems to be migrating database on the server instead of migrating on RDS
  • docker ubuntu container: shell linked to bash still starts shell
  • How does supervisord stop processes inside a Docker container (trap kill signals)
  • Python script for creating docker container using Remote API
  • Detect if Docker image would change on running build
  • And I have a frontal NGinX.

    I would like to setup NGinx with a self-signed certificate to be able to use Nexus as a registry.

    Basically, I have that setup for NGinx:

        ssl_certificate                 /home/AAA/certificates/adgroupe.priv/server-cert.pem;
        ssl_certificate_key             /home/AAA/certificates/adgroupe.priv/server-key.pem;
        ssl_protocols                   SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers                     RC4:HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers       on;
    

    The 2 certificates being the ones generated with Docker documentation (link above).

    I then can add with keytool my server.cert to my keystore, but how can I make both Maven and Docker trust that certificate? I mean, no one trust my CA since I generated it myself…

  • Docker - Node.js + MongoDB - “Error: failed to connect to [localhost:27017]”
  • docker mysql persistent storage
  • docker dead but pidfile exists
  • Secure Docker Daemon with wild card domain certificate
  • Error building syntaxnet using Dockerfile
  • How to import my db dump into mariadb on start?
  • One Solution collect form web for “Use Maven and Docker + Nexus 3 behind NGinx with HTTPS”

    I’m on a Debian based operating system, And i did it that way.
    On your client AND your server, you just have to take the cert file and add it to the ca-certificates.

    root@test:~/certs mkdir /usr/share/ca-certificates/myRegistry.example.com
    root@test:~/certs cp certificate.crt /usr/share/ca-certificates/myRegistry.example.com/
    root@test:~/certs echo "myRegistry.example.com/certificate.crt" >> /etc/ca-certificates.conf
    root@test:~/certs update-ca-certificates
    Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done.
    Running hooks in /etc/ca-certificates/update.d....done.
    # restart docker to refresh trusted CA
    root@test:~/certs systemctl restart docker
    

    You will only be able to acces with the Common Name you gave it (for me it’s ): myRegistry.example.com.
    Because I specified it when i created the cert

    Common Name (e.g. server FQDN or YOUR name) []:myRegistry.example.com 
    

    hope this helps

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.