当前位置：首页 > java >正文

Nexus 私有仓库 + Nginx 反向代理部署文档

java 2025/5/13 7:55:33

1. 使用 Podman 部署 Nexus 3

podman run --name nexus -d \-p 8081:8081 \-v /data:/nexus-data \-v /etc/localtime:/etc/localtime \-e TZ="Asia/Shanghai" \-e INSTALL4J_ADD_VM_PARAMS="-Xms10240m -Xmx10240m -XX:MaxDirectMemorySize=4096m" \docker.io/sonatype/nexus3

说明：

Nexus 服务默认监听端口：8081
数据持久化目录：/data
Java 启动参数可根据宿主机内存进行调整

2. 编译安装 Nginx 1.22（支持 HTTPS）

# 解压源码
cd /opt
tar -zvxf nginx-1.22.0.tar.gz
cd nginx-1.22.0# 安装编译依赖
yum -y install gcc zlib zlib-devel pcre-devel openssl openssl-devel# 编译并安装
./configure --prefix=/usr/local/nginx --with-http_ssl_module
make && make install

3. 配置 Nginx 主配置文件

文件路径：/usr/local/nginx/conf/nginx.conf

user  nobody;
worker_processes  1;error_log  logs/error.log info;
pid        logs/nginx.pid;events {worker_connections  1024;
}http {include       mime.types;default_type  application/octet-stream;log_format  main  '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';access_log  logs/access.log  main;sendfile        on;tcp_nopush      on;keepalive_timeout  65;gzip  on;# 安全 Headersadd_header X-Content-Type-Options nosniff;add_header X-Frame-Options DENY;add_header X-XSS-Protection "1; mode=block";include conf.d/*.conf;# 限制上传体积client_max_body_size 5000m;
}

4. 创建反向代理配置 `/usr/local/nginx/conf/conf.d/mirror.conf`

# 定义后端 Nexus 容器
upstream backend {server 127.0.0.1:8081;
}# HTTP 配置（重定向到 HTTPS）
server {listen 80;server_name mirrors.benlai.com mirrors.benlai-io.com;return 301 https://$host$request_uri;
}# HTTPS 配置
server {listen 443 ssl;server_name mirrors.benlai.com mirrors.benlai-io.com;ssl_certificate     /usr/local/nginx/conf/ssl/benlai-io.com.crt;ssl_certificate_key /usr/local/nginx/conf/ssl/benlai-io.com.key;ssl_session_cache   shared:SSL:1m;ssl_session_timeout 5m;ssl_ciphers         HIGH:!aNULL:!MD5;ssl_prefer_server_ciphers on;location ^~/repository/ {allow all;proxy_pass http://backend;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}location ^~/admin/ {allow 10.93.152.0/21;allow 10.86.160.0/21;allow 10.93.64.131;deny all;proxy_pass http://backend;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}location / {proxy_pass http://backend;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}
}

说明：

支持自动将 HTTP 请求重定向到 HTTPS
/repository/：公开访问路径
/admin/：仅限内网 IP 白名单，其他全部拒绝

5. 创建 SSL 证书目录（示例使用自签名）

mkdir -p /usr/local/nginx/conf/ssl
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \-keyout /usr/local/nginx/conf/ssl/benlai-io.com.key \-out /usr/local/nginx/conf/ssl/benlai-io.com.crt \-subj "/C=CN/ST=Beijing/L=Beijing/O=Benlai/OU=IT/CN=mirrors.benlai-io.com"

如果使用正式证书，替换上述 .crt 和 .key 即可。

6. 启动 Nginx 并测试配置

cd /usr/local/nginx/sbin
./nginx -t     # 测试配置语法
./nginx        # 启动服务

如需重启或重新加载配置：

./nginx -s reload

7. 可选：配置 systemd 启动项

建议将 Podman Nexus 容器与 Nginx 一并加入开机启动。

创建 /etc/systemd/system/nginx.service：

[Unit]
Description=The Nginx HTTP and reverse proxy server
After=network.target[Service]
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PIDFile=/usr/local/nginx/logs/nginx.pid
Restart=on-failure[Install]
WantedBy=multi-user.target

启用服务：

systemctl daemon-reexec
systemctl enable nginx
systemctl start nginx

8. 测试访问

# 测试重定向
curl -I http://mirrors.benlai.com/repository/# 测试代理访问
curl -k https://mirrors.benlai.com/repository/# 测试限制访问路径
curl -k https://mirrors.benlai.com/admin/ -H "X-Real-IP: 1.2.3.4"

查看全文

http://www.xdnf.cn/news/5665.html