Skip to content

Instantly share code, notes, and snippets.

@arsalanyavari

arsalanyavari/docker-compose.yml

Created October 17, 2025 21:51
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save arsalanyavari/3e5174aa213c4ed933f877cafda14b25 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save arsalanyavari/3e5174aa213c4ed933f877cafda14b25 to your computer and use it in GitHub Desktop.
Download ZIP
A script to setup Nexus with SSL
Raw
docker-compose.yml
services:
nexus:
image: sonatype/nexus3
expose:
- 8081
- 8082
- 8083
- 8443
ports:
- "8081:8081"
- "8082:8082"
- "8083:8083"
- "8443:8443"
volumes:
- ./volume:/nexus-data
- ./jetty-https.xml:/opt/sonatype/nexus/etc/jetty/jetty-https.xml:ro
restart: always
Raw
setup-nexus-ssl.sh
#!/usr/bin/env bash
set -euo pipefail
DATA_DIR="${DATA_DIR:-./volume}"
HTTPS_PORT="${HTTPS_PORT:-8443}"
HTTP_PORT="${HTTP_PORT:-8081}"
DOMAIN="${DOMAIN:-mydocker.ddns.net}"
CERTBOT_EMAIL="${CERTBOT_EMAIL:-arsalan@gmail.com}"
KEYSTORE_PASS="${KEYSTORE_PASS:-changeit}"
ESC_PASS="${KEYSTORE_PASS//\\/\\\\}"
ESC_PASS="${ESC_PASS//&/\\&}"
ESC_PASS="${ESC_PASS//\//\\/}"
mkdir -p "${DATA_DIR}/etc/ssl"
chmod 700 "${DATA_DIR}/etc"
mkdir -p ./letsencrypt/conf ./letsencrypt/lib
docker run --rm \
-p 80:80 \
-v "$PWD/letsencrypt/conf:/etc/letsencrypt" \
-v "$PWD/letsencrypt/lib:/var/lib/letsencrypt" \
certbot/certbot certonly --standalone -d "${DOMAIN}" --agree-tos -m "${CERTBOT_EMAIL}" --no-eff-email --non-interactive
openssl pkcs12 -export \
-in "letsencrypt/conf/live/${DOMAIN}/fullchain.pem" \
-inkey "letsencrypt/conf/live/${DOMAIN}/privkey.pem" \
-out "${DATA_DIR}/etc/ssl/keystore.p12" \
-name jetty \
-passout pass:"${KEYSTORE_PASS}"
chown -R 200:200 ${DATA_DIR}
cat > "${DATA_DIR}/etc/nexus.properties" <<EOF
application-port=${HTTP_PORT}
application-port-ssl=${HTTPS_PORT}
ssl.etc=\${karaf.data}/etc/ssl
nexus-args=\${jetty.etc}/jetty.xml,\${jetty.etc}/jetty-http.xml,\${jetty.etc}/jetty-https.xml,\${jetty.etc}/jetty-requestlog.xml
EOF
if [ ! -f ./jetty-https.xml ]; then
cid="$(docker create sonatype/nexus3)"
docker cp "${cid}:/opt/sonatype/nexus/etc/jetty/jetty-https.xml" ./jetty-https.xml
docker rm -f "${cid}" >/dev/null
fi
sed -i '/<Set name="KeyStorePath">/,/<\/Set>/c\<Set name="KeyStorePath"><Property name="ssl.etc"\/>\/keystore.p12<\/Set>' ./jetty-https.xml
sed -i '/<Set name="TrustStorePath">/,/<\/Set>/c\<Set name="TrustStorePath"><Property name="ssl.etc"\/>\/keystore.p12<\/Set>' ./jetty-https.xml
sed -i '/<New id="sslContextFactory" class="org\.eclipse\.jetty\.util\.ssl\.SslContextFactory\$Server">/,/<\/New>/{
/<Set name="KeyStoreType"/d
/<Set name="KeyStorePassword"/d
/<Set name="KeyManagerPassword"/d
/<Set name="TrustStoreType"/d
/<Set name="TrustStorePassword"/d
/<Set name="certAlias"/d
}' ./jetty-https.xml
sed -i '/<Set name="KeyStorePath">/a\ <Set name="KeyStoreType">PKCS12</Set>' ./jetty-https.xml
sed -i "/<Set name=\"KeyStorePath\">/a\ <Set name=\"KeyStorePassword\">${ESC_PASS}<\/Set>" ./jetty-https.xml
sed -i "/<Set name=\"KeyStorePath\">/a\ <Set name=\"KeyManagerPassword\">${ESC_PASS}<\/Set>" ./jetty-https.xml
sed -i '/<Set name="TrustStorePath">/a\ <Set name="TrustStoreType">PKCS12</Set>' ./jetty-https.xml
sed -i "/<Set name=\"TrustStorePath\">/a\ <Set name=\"TrustStorePassword\">${ESC_PASS}<\/Set>" ./jetty-https.xml
sed -i "/<Set name=\"KeyManagerPassword\">${ESC_PASS}<\/Set>/a\ <Set name=\"certAlias\">jetty<\/Set>" ./jetty-https.xml
docker compose up -d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment