TechOverflow Logo
TechOverflow

Simple 5-minute Sonatype Nexus OSS setup with Docker registry using docker-compose and Traefik reverse proxy

Sonatype Nexus OSS is a open-source multi-repository manager. It can be used to host Docker images, among other things. This guide will show you how to set up a Sonatype Nexus OSS instance with a Docker registry in just 5 minutes.

First, in the directory where you want nexus to reside in, run this initialization script

#!/bin/sh
mkdir nexus_data
chown -R 200 nexus_data

Then, create docker-compose.yml and enter your domain, resolver etc config in the traefik labels:

services:
  nexus:
    image: sonatype/nexus3
    restart: unless-stopped
    volumes:
      - "./nexus_data:/nexus-data"
    labels:
      - "traefik.enable=true"
      # Nexus (main webinterface)
      - "traefik.http.routers.nexus-mydomain.rule=Host(`nexus.mydomain.com`)"
      - "traefik.http.routers.nexus-mydomain.entrypoints=websecure"
      - "traefik.http.routers.nexus-mydomain.tls.certresolver=cloudflare-ec384"
      - "traefik.http.routers.nexus-mydomain.tls.domains[0].main=mydomain.com"
      - "traefik.http.routers.nexus-mydomain.tls.domains[0].sans=*.mydomain.com"
      - "traefik.http.services.nexus-mydomain.loadbalancer.server.port=8081"
      - "traefik.http.routers.nexus-mydomain.service=nexus-mydomain"
      - "traefik.http.middlewares.nexus-mydomain-compress.compress=true"
      - "traefik.http.routers.nexus-mydomain.middlewares=nexus-mydomain-compress"
      # Docker registry (runs on separate port 8089 and needs to be configured in Nexus first
      - "traefik.http.routers.registry-mydomain.rule=Host(`registry.mydomain.com`)"
      - "traefik.http.routers.registry-mydomain.entrypoints=websecure"
      - "traefik.http.routers.registry-mydomain.tls.certresolver=cloudflare-ec384"
      - "traefik.http.routers.registry-mydomain.tls.domains[0].main=mydomain.com"
      - "traefik.http.routers.registry-mydomain.tls.domains[0].sans=*.mydomain.com"
      - "traefik.http.services.registry-mydomain.loadbalancer.server.port=8089"
      - "traefik.http.routers.registry-mydomain.service=registry-mydomain"
      - "traefik.http.middlewares.registry-mydomain-compress.compress=true"
      - "traefik.http.routers.registry-mydomain.middlewares=nexus-mydomain-compress"

Now startup the container

docker-compose up -d

Wait for the container to startup, then get the initial admin password using

docker-compose exec nexus cat /nexus-data/admin.password

Now go to https://nexus.mydomain.com and login with the admin password.

Now configure a repository by clicking on the gear icon in the top right corner, then Repositories, then Create repository, then Docker (hosted), then fill in the details and save.

Sonatype Nexus - Create Docker repository

Now enable HTTP since it’s running behind a reverse proxy, then set the port to 8089 (this is not a special port but just the one we configured in the secondary Traefik router in the traefik labels in docker-compose.yml).

Sonatype Nexus - Configure Docker repository

Now you can access it using e.g

docker login registry.mydomain.com

and use your Nexus credentials for that.

Remember that while Sonatype Nexus is running at https://nexus.techoverflow.net, the registry is running at https://registry.techoverflow.net (or whatever your domain is). This does not apply to all repository types, but for Docker we have to use a dual-domain configuration.