Install Nexus on centos7
Posted wemux
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Install Nexus on centos7相关的知识,希望对你有一定的参考价值。
https://blog.yasithab.com/centos/install-nexus-repository-oss-on-centos-7/
Setting up Nexus Repository
Install prerequisites
yum install -y epel-release unzip wget rsync vim
Install openjdk
yum install -y java-1.8.0-openjdk java-1.8.0-openjdk-devel
Install Nexus
# Creating necessory folder structure
mkdir -p /data/nexus-data /opt/nexus
# Download latest Nexus artifact
wget -O /tmp/nexus.tar.gz http://download.sonatype.com/nexus/3/latest-unix.tar.gz
# Extract it to /opt/nexus
tar xvfz /tmp/nexus.tar.gz -C /opt/nexus --strip-components 1
# Adding a service account for nexus
sudo useradd --system --no-create-home nexus
# Provide necessory folder permissions
chown -R nexus:nexus /opt/nexus
chown -R nexus:nexus /data/nexus-data
Configure environment variables
# Setting up the default JDK
alternatives --config java
# Setting up JAVA_HOME by adding the following line at the bottom of /etc/bashrc
export JAVA_HOME=$(dirname $(dirname $(readlink $(readlink $(which javac)))))
# Setting up NEXUS_HOME by adding the following line at the bottom of /etc/bashrc
export NEXUS_HOME=/opt/nexus
# Get the updated JAVA_HOME and NEXUS_HOME into current shell
source /etc/bashrc
# Check the JAVA version
java -version
Change Nexus default values in $NEXUS_HOME/bin/nexus.vmoptions as follows
-Xms1200M
-Xmx1200M
-XX:MaxDirectMemorySize=4G
-XX:+UnlockDiagnosticVMOptions
-XX:+UnsyncloadClass
-XX:+LogVMOutput
-XX:LogFile=/data/nexus-data/nexus3/log/jvm.log
-Djava.net.preferIPv4Stack=true
-Dkaraf.home=.
-Dkaraf.base=.
-Dkaraf.etc=etc/karaf
-Djava.util.logging.config.file=etc/karaf/java.util.logging.properties
-Dkaraf.data=/data/nexus-data/nexus3
-Djava.io.tmpdir=/data/nexus-data/nexus3/tmp
-Dkaraf.startLocalConsole=false
Configure nexus service account in $NEXUS_HOME/bin/nexus.rc
run_as_user="nexus"
Create SystemD service file in /etc/systemd/system/nexus.service
[Unit]
Description=Nexus Server
After=syslog.target network.target
[Service]
Type=forking
LimitNOFILE=65536
ExecStart=/opt/nexus/bin/nexus start
ExecStop=/opt/nexus/bin/nexus stop
User=nexus
Group=nexus
Restart=on-failure
[Install]
WantedBy=multi-user.target
Increasing the open file limit of nexus user in /etc/security/limits.conf
nexus - nofile 65536
Start and Enable Nexus service
sudo systemctl daemon-reload
sudo systemctl start nexus.service
sudo systemctl enable nexus.service
Check whether the nexus service is running
netstat -tulpn | grep 8081
Monitoring nexus log files for issues
tail -f /data/nexus-data/nexus3/log/nexus.log
Setting up nginx Reverse Proxy
Install Nginx
yum install -y nginx
Configure SSL.
# Create SSL folder
mkdir /etc/nginx/ssl
# Generate custom DH parameters
openssl dhparam -out /etc/nginx/ssl/dhparams.pem 2048
# Create a Self-Signed SSL certificate for *.example.local
openssl req -newkey rsa:2048 -nodes -keyout /etc/nginx/ssl/tls.key -x509 -days 365 -out /etc/nginx/ssl/tls.crt -subj "/C=LK/ST=WP/L=Colombo/O=Example (Private) Limited/CN=*.example.local"
# Restores default SELinux contexts
restorecon -RF /etc/nginx/ssl
Replace the content of /etc/nginx/nginx.conf with the following.
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events
worker_connections 1024;
multi_accept on;
use epoll;
http
log_format main $remote_addr - $remote_user [$time_local] "$request"
$status $body_bytes_sent "$http_referer"
"$http_user_agent" "$http_x_forwarded_for";
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# Character set
charset utf-8;
# Required to prevent bypassing of DNS cache!!
resolver 127.0.0.1 ipv6=off;
# allow the server to close the connection after a client stops responding. Frees up socket-associated memory.
reset_timedout_connection on;
# Security Headers
server_tokens off;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
add_header "X-Permitted-Cross-Domain-Policies" "master-only";
add_header "X-Download-Options" "noopen";
# Buffers
client_header_timeout 300;
client_body_timeout 300;
fastcgi_read_timeout 300;
client_max_body_size 32m;
fastcgi_buffers 8 128k;
fastcgi_buffer_size 128k;
# Compression
gzip on;
gzip_vary on;
gzip_comp_level 1;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\\.";
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/x-javascript
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/xml
text/plain
text/javascript
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
Create /etc/nginx/conf.d/nexus.conf file as follows.
server
listen 80 default_server;
server_name nexus.example.local;
return 301 https://$server_name$request_uri;
server
listen 443 ssl http2 default_server;
server_name nexus.example.local;
client_max_body_size 5G;
# Fixing 414 Request-URI Too Large errors
client_header_buffer_size 128k;
large_client_header_buffers 8 128k;
# optimize downloading files larger than 1G
proxy_max_temp_file_size 2048M;
ssl_certificate /etc/nginx/ssl/tls.crt;
ssl_certificate_key /etc/nginx/ssl/tls.key;
# openssl dhparam -out /etc/nginx/ssl/dhparams.pem 2048
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
access_log off;
error_log /var/log/nginx/nexus.error;
location /
# redirect to docker registry
if ($http_user_agent ~ docker )
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_read_timeout 300;
# Redirect to Nexus
proxy_pass http://127.0.0.1:8081;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_redirect http://127.0.0.1:8081 $scheme://$host;
SELinux policy to allow Nginx to connect to the network.
setsebool -P httpd_can_network_connect 1
Start and Enable Nginx.
systemctl start nginx
systemctl enable nginx
Open TCP port 80 and 443 through firewall.
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --reload
以上是关于Install Nexus on centos7的主要内容,如果未能解决你的问题,请参考以下文章
Install odoo 11(10) on centos7