Creating docker host

Make sure you create a new key pair or select an existing one before creating the instance.
Also make sure that the security group has all the required rules. If you know you will be accessing the host from a static IP or a single subnet set the source to that IP or IP range, if you are not sure just select Anywhere

Instance settings:

  • Instance type: t2.medium
  • EBS volume: 80 GB SSD
  • Image: CoreOS: CoreOS-stable-723.3.0-hvm
  • VPC: default
  • Subnet: default
  • Security Group: default
  • Security Groups Rules:
    • SSH - 22
    • TCP - 8081
    • ICMP - ALL

Docker host access

To enable remote access, first associate an Elastic IP with the instance.
You can also create a custom domain with DNS Route 53 service but to begin with you can simply add an entry to your /etc/hosts file 52.1.13.202 docker01.aws.cloud

With CoreOS the password authentication is disabled via SSH so make sure to select a key pair when creating the instance.
The root user is disabled for SSH access, use the user core instead.
To make access more convenient you can configure the identity file with a given host.

  1. First copy the key file to ~/.ssh
  2. Edit ~/.ssh/config and add the following
    • Host docker01.aws.cloud
    • IdentityFile ~/.ssh/aws-dev.pem

Now you should be able to access you docker host by typing ssh core@docker01.aws.cloud

Another option is to simply reference the key identity file when accessing the host ssh -i aws-dev.pem core@docker01.aws.cloud

Running nexus container

We decided to use the official sonatype nexus image
The recommended way to run nexus is by keeping its data in a data volume which gives the flexibility of updating nexus without loosing all its data and configuration.

  1. Create data volume docker run -d --name nexus-data sonatype/nexus echo "data-only container for Nexus"
  2. Run nexus container docker run -d -p 8081:8081 --restart=always --name nexus --volumes-from nexus-data sonatype/nexus

You should be able to access your nexus repo at http://docker01.aws.cloud:8081/

Uploading private artifacts

  1. In the Views/Repositories menu, select Repositories
  2. Click in the 3rd party repository
  3. Go to the Artifact Upload tab

Upload artifact

Browse Index

Hardening security

By default nexus is pre-configured with three users:

  • admin - admin123
  • deployment - deployment123
  • anonymous

Make sure you change the admin user password and delete both the deployment and anonymous users.

In some cases having anonymous access enabled might be required, but in that situation you can re-create the anonymous user and re-enable anonymous access with the correct set of roles and privileges. If you don't have a use case to enable anonymous access then simply don't.

To disable anonymous access:

  1. Under the Administration menu, select Server
  2. In the Security Settings group, disabled the check box for Anonymous Access

After anonymous access has been disabled you must configure a new Privilege, Role and User to access your private group.

Creating privilege

Nexus has 3 types of privileges

  • Application privileges - covers actions a user can execute in Nexus,
  • Repository target privileges - governs the level of access a user has to a particular repository or repository target, and
  • Repository view privileges - controls whether a user can view a repository

In our case we are creating a privilege to the Cloud Dynamics group, which has our 3rd party plus public artifacts.

Create privilege

Creating role

A Nexus role is comprised of other Nexus roles and individual Nexus privileges.

Our custom role gives access to the previous created privilege

Create role

Creating user

I suggest you create a user for each developer that needs access to nexus, both from an administrative perspective or simply to download the artifacts required for a given project

Create User

Configuring maven

Now with the nexus repo installed and configured the last step is to update the maven settings to use the nexus repo instead of the default central one.

Update the $M2_HOME/conf/settings.xml file

<?xml version="1.0" encoding="UTF-8"?>  
<settings>  
  <mirrors>
    <mirror>
      <id>cdi</id>
      <mirrorOf>*</mirrorOf>
      <url>http://docker01.aws.cloud:8081/content/groups/cdi</url>
    </mirror>
  </mirrors>
  <servers>
    <server>
      <id>cdi</id>
      <username>diogogmt</username>
     <password>your-password</password>
    </server>
  </servers>
</settings>  

The server section specifies the credentials for your nexus user while the mirror sets the URL maven will look for when downloading the pom dependencies for your projects.
If you don't want to change your global maven settings you can always add the server and mirror configuration to the pom.xml for a given project.