Use Maven and Docker + Nexus 3 behind NGinx with HTTPS

I generated certificates for my docker client and deamon following Docker recommendations: https://docs.docker.com/engine/security/https/#create-a-ca-server-and-client-keys-with-openssl

But… I’m using Sonatype Nexus 3 as my private docker registry.

  • Can I export a container with data and everything to spawn a complete copy on another computer?
  • Can ALL untagged docker.io images be safely removed?
  • Java stack trace overlaps error message
  • How WordPress should be runned on Docker
  • fail to access mysql via docker link
  • Meteor build locally or on aws host
  • And I have a frontal NGinX.

    I would like to setup NGinx with a self-signed certificate to be able to use Nexus as a registry.

    Basically, I have that setup for NGinx:

        ssl_certificate                 /home/AAA/certificates/adgroupe.priv/server-cert.pem;
        ssl_certificate_key             /home/AAA/certificates/adgroupe.priv/server-key.pem;
        ssl_protocols                   SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers                     RC4:HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers       on;
    

    The 2 certificates being the ones generated with Docker documentation (link above).

    I then can add with keytool my server.cert to my keystore, but how can I make both Maven and Docker trust that certificate? I mean, no one trust my CA since I generated it myself…

  • docker and jwilder/nginx-proxy http/https issue
  • io.rancher.lb_service.target not working
  • build context for docker image very large
  • Configure 3 Mesos instance with 1 master using docker and docker-compose
  • File as command line argument of Docker python app
  • Inotify don't work on Docker for mac
  • One Solution collect form web for “Use Maven and Docker + Nexus 3 behind NGinx with HTTPS”

    I’m on a Debian based operating system, And i did it that way.
    On your client AND your server, you just have to take the cert file and add it to the ca-certificates.

    root@test:~/certs mkdir /usr/share/ca-certificates/myRegistry.example.com
    root@test:~/certs cp certificate.crt /usr/share/ca-certificates/myRegistry.example.com/
    root@test:~/certs echo "myRegistry.example.com/certificate.crt" >> /etc/ca-certificates.conf
    root@test:~/certs update-ca-certificates
    Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done.
    Running hooks in /etc/ca-certificates/update.d....done.
    # restart docker to refresh trusted CA
    root@test:~/certs systemctl restart docker
    

    You will only be able to acces with the Common Name you gave it (for me it’s ): myRegistry.example.com.
    Because I specified it when i created the cert

    Common Name (e.g. server FQDN or YOUR name) []:myRegistry.example.com 
    

    hope this helps

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.