cat key.sh
#!/bin/bash
NEXUS_DOMAIN=nexus.yunshicloud.com
NEXUS_IP_ADDRESS=192.168.43.235
PASSWD=password
keytool -genkeypair -keystore keystore.jks -storepass ${PASSWD} -keypass ${PASSWD} -alias nexus -keyalg RSA -keysize 2048 -validity 5000 -dname "CN=${NEXUS_DOMAIN}, OU=Nexus, O=Nexus, L=Beijing, ST=Beijing, C=CN" -ext "SAN=IP:${NEXUS_IP_ADDRESS}" -ext "BC=ca:true"
生成keystore.jks
,然后指定改文件,生成keystore.cer
文件
keytool -export -alias nexus -keystore keystore.jks -file keystore.cer -storepass password
将生成的证书拷贝到nexus的指定目录
cp keystore.* /usr/local/nexus/etc/ssl/
修改nexus-default.properties
配置文件
cat /usr/local/nexus/etc/nexus-default.properties
## DO NOT EDIT - CUSTOMIZATIONS BELONG IN $data-dir/etc/nexus.properties
##
# Jetty section
application-port=8082
application-port-ssl=8443
application-host=0.0.0.0
nexus-args=${jetty.etc}/jetty.xml,${jetty.etc}/jetty-http.xml,${jetty.etc}/jetty-requestlog.xml,${jetty.etc}/jetty-https.xml,${jetty.etc}/jetty-requestlog.xml
nexus-context-path=/
# Nexus section
nexus-edition=nexus-pro-edition
nexus-features=\
nexus-pro-feature
nexus.hazelcast.discovery.isEnabled=true
修改jetty-https.xml
,指定我们刚才设置的密码
文件在:/usr/local/nexus/etc/jetty/jetty-https.xml
重启nexus
/usr/local/nexus/bin/nexus restart
https的端口监听在8443上,如果使用nginx做反向代理的话可以反代到此端口上。