Install Nexus on centos7

Posted wemux

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Install Nexus on centos7相关的知识,希望对你有一定的参考价值。

​https://blog.yasithab.com/centos/install-nexus-repository-oss-on-centos-7/ ​

Setting up Nexus Repository

Install prerequisites

yum install -y epel-release unzip wget rsync vim

Install openjdk

yum install -y java-1.8.0-openjdk java-1.8.0-openjdk-devel

Install Nexus

# Creating necessory folder structure
mkdir -p /data/nexus-data /opt/nexus

# Download latest Nexus artifact
wget -O /tmp/nexus.tar.gz http://download.sonatype.com/nexus/3/latest-unix.tar.gz

# Extract it to /opt/nexus
tar xvfz /tmp/nexus.tar.gz -C /opt/nexus --strip-components 1

# Adding a service account for nexus
sudo useradd --system --no-create-home nexus

# Provide necessory folder permissions
chown -R nexus:nexus /opt/nexus
chown -R nexus:nexus /data/nexus-data

Configure environment variables

# Setting up the default JDK
alternatives --config java

# Setting up JAVA_HOME by adding the following line at the bottom of /etc/bashrc
export JAVA_HOME=$(dirname $(dirname $(readlink $(readlink $(which javac)))))

# Setting up NEXUS_HOME by adding the following line at the bottom of /etc/bashrc
export NEXUS_HOME=/opt/nexus

# Get the updated JAVA_HOME and NEXUS_HOME into current shell
source /etc/bashrc

# Check the JAVA version
java -version

Change Nexus default values in $NEXUS_HOME/bin/nexus.vmoptions as follows

-Xms1200M
-Xmx1200M
-XX:MaxDirectMemorySize=4G
-XX:+UnlockDiagnosticVMOptions
-XX:+UnsyncloadClass
-XX:+LogVMOutput
-XX:LogFile=/data/nexus-data/nexus3/log/jvm.log
-Djava.net.preferIPv4Stack=true
-Dkaraf.home=.
-Dkaraf.base=.
-Dkaraf.etc=etc/karaf
-Djava.util.logging.config.file=etc/karaf/java.util.logging.properties
-Dkaraf.data=/data/nexus-data/nexus3
-Djava.io.tmpdir=/data/nexus-data/nexus3/tmp
-Dkaraf.startLocalConsole=false

Configure nexus service account in $NEXUS_HOME/bin/nexus.rc

run_as_user="nexus"

Create SystemD service file in /etc/systemd/system/nexus.service

[Unit]
Description=Nexus Server
After=syslog.target network.target

[Service]
Type=forking
LimitNOFILE=65536
ExecStart=/opt/nexus/bin/nexus start
ExecStop=/opt/nexus/bin/nexus stop
User=nexus
Group=nexus
Restart=on-failure

[Install]
WantedBy=multi-user.target

Increasing the open file limit of nexus user in /etc/security/limits.conf

nexus    -    nofile    65536

Start and Enable Nexus service

sudo systemctl daemon-reload
sudo systemctl start nexus.service
sudo systemctl enable nexus.service

Check whether the nexus service is running

netstat -tulpn | grep 8081

Monitoring nexus log files for issues

tail -f /data/nexus-data/nexus3/log/nexus.log

Setting up nginx Reverse Proxy

Install Nginx

yum install -y nginx

Configure SSL.

# Create SSL folder
mkdir /etc/nginx/ssl

# Generate custom DH parameters
openssl dhparam -out /etc/nginx/ssl/dhparams.pem 2048

# Create a Self-Signed SSL certificate for *.example.local
openssl req -newkey rsa:2048 -nodes -keyout /etc/nginx/ssl/tls.key -x509 -days 365 -out /etc/nginx/ssl/tls.crt -subj "/C=LK/ST=WP/L=Colombo/O=Example (Private) Limited/CN=*.example.local"

# Restores default SELinux contexts
restorecon -RF /etc/nginx/ssl

Replace the content of /etc/nginx/nginx.conf with the following.

# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events

worker_connections 1024;
multi_accept on;
use epoll;



http
log_format main $remote_addr - $remote_user [$time_local] "$request"
$status $body_bytes_sent "$http_referer"
"$http_user_agent" "$http_x_forwarded_for";

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

# Character set
charset utf-8;

# Required to prevent bypassing of DNS cache!!
resolver 127.0.0.1 ipv6=off;

# allow the server to close the connection after a client stops responding. Frees up socket-associated memory.
reset_timedout_connection on;

# Security Headers
server_tokens off;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
add_header "X-Permitted-Cross-Domain-Policies" "master-only";
add_header "X-Download-Options" "noopen";

# Buffers
client_header_timeout 300;
client_body_timeout 300;
fastcgi_read_timeout 300;
client_max_body_size 32m;
fastcgi_buffers 8 128k;
fastcgi_buffer_size 128k;

# Compression
gzip on;
gzip_vary on;
gzip_comp_level 1;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\\.";
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/x-javascript
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/xml
text/plain
text/javascript
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;


include /etc/nginx/mime.types;
default_type application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.

include /etc/nginx/conf.d/*.conf;

Create /etc/nginx/conf.d/nexus.conf file as follows.

server 

listen 80 default_server;
server_name nexus.example.local;
return 301 https://$server_name$request_uri;



server

listen 443 ssl http2 default_server;
server_name nexus.example.local;

client_max_body_size 5G;

# Fixing 414 Request-URI Too Large errors
client_header_buffer_size 128k;
large_client_header_buffers 8 128k;

# optimize downloading files larger than 1G
proxy_max_temp_file_size 2048M;

ssl_certificate /etc/nginx/ssl/tls.crt;
ssl_certificate_key /etc/nginx/ssl/tls.key;

# openssl dhparam -out /etc/nginx/ssl/dhparams.pem 2048
ssl_dhparam /etc/nginx/ssl/dhparams.pem;

ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

access_log off;
error_log /var/log/nginx/nexus.error;

location /

# redirect to docker registry
if ($http_user_agent ~ docker )

proxy_pass http://127.0.0.1:5000;



proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_read_timeout 300;

# Redirect to Nexus
proxy_pass http://127.0.0.1:8081;

# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_redirect http://127.0.0.1:8081 $scheme://$host;



SELinux policy to allow Nginx to connect to the network.

setsebool -P httpd_can_network_connect 1

Start and Enable Nginx.

systemctl start nginx
systemctl enable nginx

Open TCP port 80 and 443 through firewall.

firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --reload

以上是关于Install Nexus on centos7的主要内容,如果未能解决你的问题,请参考以下文章

Install odoo 11(10) on centos7

install OwnCloud9 on CentOS7

install mysql on centos7

Install gitlab-runner on centos7

Oracle12c install on CentOS7

docker-ce install on CentOS7-mini