
文件服务
1 前言
一个问题,一篇文章,一出故事。
之前的章节我们部署了NXRM(Nexus Repository Manager),详细见以下章节,
本章将配置NXRM的SSL,以便用户使用安全的HTTP链接,由于https需要域名,我们将使用如下链接访问,
https://repo.cmdschool.org
2 最佳实践
2.1 配置名称解析
In Windows Client,
notepad \Windows\System32\drivers\etc\hosts
加入如下配置,
10.168.0.67 repo.cmdschool.org
2.2 配置SSL证书
注:以上只能用于测试,生产环境中请配置DNS代替
2.2.1 部署证书到目录
cp wildcard.cmdschool.org.jks /etc/nexus/ssl/keystore.jks
注:证书可到腾讯云申请,详细请查阅下文,此处不再详述,
https://cloud.tencent.com/product/ssl
2.2.2 声明SSL服务端口
vim /etc/nexus/nexus-default.properties
配置修改如下,
application-port-ssl=8443 nexus-args=${jetty.etc}/jetty.xml,${jetty.etc}/jetty-http.xml,${jetty.etc}/jetty-https.xml,${jetty.etc}/jetty-requestlog.xml
根据以上配置的“${jetty.etc}/jetty-https.xml”定义,我们需要修改以下配置文件,
cp /etc/nexus/jetty/jetty-https.xml /etc/nexus/jetty/jetty-https.xml.default vim /etc/nexus/jetty/jetty-https.xml
配置修改如下,
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server"> <Set name="KeyStorePath"><Property name="ssl.etc"/>/keystore.jks</Set> <Set name="KeyStorePassword">ssl_password</Set> <Set name="KeyManagerPassword">ssl_password</Set> <Set name="TrustStorePath"><Property name="ssl.etc"/>/keystore.jks</Set> <Set name="TrustStorePassword">ssl_password</Set> <Set name="EndpointIdentificationAlgorithm"></Set> <Set name="NeedClientAuth"><Property name="jetty.ssl.needClientAuth" default="false"/></Set> <Set name="WantClientAuth"><Property name="jetty.ssl.wantClientAuth" default="false"/></Set> <Set name="IncludeProtocols"> <Array type="java.lang.String"> <Item>TLSv1.2</Item> </Array> </Set> </New>
2.2.3 重启服务使配置生效
systemctl restart nexus.service
然后,可以使用如下命令查看端口倾听,
netstat -anp | grep java
可见如下显示,
tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN 3365/java tcp 0 0 127.0.0.1:39953 0.0.0.0:* LISTEN 3365/java tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 3365/java unix 3 [ ] STREAM CONNECTED 50367 3365/java unix 3 [ ] STREAM CONNECTED 53264 3365/java unix 3 [ ] STREAM CONNECTED 50368 3365/java unix 2 [ ] STREAM CONNECTED 51459 3365/java unix 3 [ ] STREAM CONNECTED 53265 3365/java unix 2 [ ] STREAM CONNECTED 53250 3365/java
2.2.4 开放应用所需的端口
firewall-cmd --permanent --add-port 8443/tcp firewall-cmd --reload firewall-cmd --list-all
2.2.5 浏览器测试链接访问
https://repo.cmdschool.org
参阅文档
===============
https://help.sonatype.com/repomanager3/nexus-repository-administration/configuring-ssl
没有评论