Public | Automated Build

Last pushed: 2 years ago
Short Description
Nexus 3
Full Description


A Dockerfile for Sonatype Nexus Repository Manager 3, based on CentOS.

To run, binding the exposed port 8081 to the host.

$ docker run -d -p 8081:8081 -p 8443:8443 --name nexus sonatype/nexus3

To test:

$ curl -u admin:admin123 http://localhost:8081/service/metrics/ping

To (re)build the image:

Copy the Dockerfile and do the build-

$ docker build --rm=true --tag=sonatype/nexus3 .


  • Default credentials are: admin / admin123

  • It can take some time (2-3 minutes) for the service to launch in a
    new container. You can tail the log to determine once Nexus is ready:

$ docker logs -f nexus
  • Installation of Nexus is to /opt/sonatype/nexus.

  • A persistent directory, /nexus-data, is used for configuration,
    logs, and storage.

  • /etc/sonatype/nexus is used for configuration files

  • Three environment variables can be used to control the JVM arguments

    • JAVA_MAX_HEAP, passed as -Xmx. Defaults to 1200m.

    • JAVA_MIN_HEAP, passed as -Xms. Defaults to 1200m.

    • EXTRA_JAVA_OPTS. Additional options can be passed to the JVM via
      this variable.

    These can be used supplied at runtime to control the JVM:

    $ docker run -d -p 8081:8081 --name nexus -e JAVA_MAX_HEAP=768m sonatype/nexus3

Configure HTTPS

  1. Add ${karaf.etc}/jetty-https.xml to nexus-args in

  2. Add application-port-ssl=8443 to

  3. Generate self-signed server certificate.

    keytool -genkeypair -keystore server-keystore.jks -storepass changeit -keypass changeit -alias jetty -keyalg RSA -keysize 2048 -validity 5000 -dname "CN=*.${NEXUS_DOMAIN}, OU=Example, O=Sonatype, L=Unspecified, ST=Unspecified, C=US" -ext "SAN=DNS:${NEXUS_DOMAIN},IP:${NEXUS_IP_ADDRESS}" -ext "BC=ca:true"
  4. Set TrustStorePath and KeyStorePath in jetty-https.xml.

  5. Set passwords for KeyStorePassword, KeyManagerPassword and TrustStorePassword.

Docker Registry

  1. Export the certificate from the keystore.

    keytool -export -alias jetty -keystore server-keystore.jks -rfc
  2. Create registry and configure HTTPS repository connector on port 5000.

  3. Allow the Docker daemon to trust the certificate.
    Copy the certifcate to /etc/docker/certs.d/
    and restart the Docker daemon.

  4. Login to the registry. Use the port mapped to the host.

    docker login myregistrydomain:5000

Persistent Data

There are two general approaches to handling persistent storage requirements
with Docker. See Managing Data in Containers
for additional information.

  1. Use a data volume container. Since data volumes are persistent
    until no containers use them, a container can created specifically for
    this purpose. This is the recommended approach.

    $ docker run -d --name nexus-data sonatype/nexus3 echo "data-only container for Nexus"
    $ docker run -d -p 8081:8081 --name nexus --volumes-from nexus-data sonatype/nexus3
  2. Mount a host directory as the volume. This is not portable, as it
    relies on the directory existing with correct permissions on the host.
    However it can be useful in certain situations where this volume needs
    to be assigned to certain specific underlying storage.

    $ mkdir -p /some/dir/nexus-data && mkdir -p /some/dir/nexus-config
    $ docker run -d -p 8081:8081 --name nexus -v /some/dir/nexus-data:/nexus-data -v /some/dir/nexus-config:/etc/sonatype/nexus sonatype/nexus3
Docker Pull Command
Source Repository