通过https设置Nexus 3(Ubuntu 16.04)

时间:2017-09-18 15:33:14

标签: java ssl jetty nexus

我正在尝试将Nexus 3设置为通过HTTPS运行。我做了:

wget http://download.sonatype.com/nexus/3/latest-unix.tar.gz

然后,我解压缩并更改了文件nexus/etc/jetty/jetty-https.xml以添加我的SSL证书:

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure id="Server" class="org.eclipse.jetty.server.Server">

  <!--
  ==== HTTPS ====
  Set the following inside nexus.properties:
  application-port-ssl: the port to listen for https connections
  -->

  <Ref refid="httpConfig">
    <Set name="secureScheme">https</Set>
    <Set name="securePort"><Property name="application-port-ssl" /></Set>
  </Ref>

  <New id="httpsConfig" class="org.eclipse.jetty.server.HttpConfiguration">
    <Arg><Ref refid="httpConfig"/></Arg>
    <Call name="addCustomizer">
      <Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
    </Call>
  </New>

  <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
    <Set name="KeyStorePath"><Property name="ssl.etc"/>/home/nexus/nexus/ssl/keystore.jks</Set>
    <Set name="KeyStorePassword">pwd</Set>
    <Set name="KeyManagerPassword">pwd</Set>
    <Set name="TrustStorePath"><Property name="ssl.etc"/>/home/nexus/nexus/ssl/myTrustStore</Set>
    <Set name="TrustStorePassword">pwd</Set>
    <Set name="EndpointIdentificationAlgorithm">/home/nexus/nexus/ssl/keystore.jks</Set>
    <Set name="NeedClientAuth"><Property name="jetty.ssl.needClientAuth" default="false"/></Set>
    <Set name="WantClientAuth"><Property name="jetty.ssl.wantClientAuth" default="false"/></Set>
    <Set name="ExcludeCipherSuites">
      <Array type="String">
        <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
        <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
        <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
        <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>

        <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
        <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
        <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
      </Array>
    </Set>
  </New>

  <Call  name="addConnector">
    <Arg>
      <New id="httpsConnector" class="org.eclipse.jetty.server.ServerConnector">
        <Arg name="server"><Ref refid="Server" /></Arg>
        <Arg name="acceptors" type="int"><Property name="jetty.https.acceptors" default="-1"/></Arg>
        <Arg name="selectors" type="int"><Property name="jetty.https.selectors" default="-1"/></Arg>
        <Arg name="factories">
          <Array type="org.eclipse.jetty.server.ConnectionFactory">
            <Item>
              <New class="org.sonatype.nexus.bootstrap.jetty.InstrumentedConnectionFactory">
                <Arg>
                  <New class="org.eclipse.jetty.server.SslConnectionFactory">
                    <Arg name="next">http/1.1</Arg>
                    <Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
                  </New>
                </Arg>
              </New>
            </Item>
            <Item>
              <New class="org.eclipse.jetty.server.HttpConnectionFactory">
                <Arg name="config"><Ref refid="httpsConfig" /></Arg>
              </New>
            </Item>
          </Array>
        </Arg>

        <Set name="host"><Property name="application-host" /></Set>
        <Set name="port"><Property name="application-port-ssl" /></Set>
        <Set name="idleTimeout"><Property name="jetty.https.timeout" default="30000"/></Set>
        <Set name="soLingerTime"><Property name="jetty.https.soLingerTime" default="-1"/></Set>
        <Set name="acceptorPriorityDelta"><Property name="jetty.https.acceptorPriorityDelta" default="0"/></Set>
        <Set name="selectorPriorityDelta"><Property name="jetty.https.selectorPriorityDelta" default="0"/></Set>
        <Set name="acceptQueueSize"><Property name="jetty.https.acceptQueueSize" default="0"/></Set>
      </New>
    </Arg>
  </Call>

</Configure>

我将端口8444jetty-https.xml添加到文件nexus.properties

# Jetty section
application-port=8081
application-port-ssl=8444
application-host=0.0.0.0
nexus-args=${jetty.etc}/jetty.xml,${jetty.etc}/jetty-http.xml,${jetty.etc}/jetty-https.xml,${jetty.etc}/jetty-http-redirect-to-https.xml,${jetty.etc}/jetty-requestlog.xml
nexus-context-path=/

# Nexus section
nexus-edition=nexus-pro-edition
nexus-features=\
 nexus-pro-feature

我将nexus/bin/nexus/etc/init.d/nexus相关联并运行/etc/init.d/nexus start

但是运行netstat -nlpt我只能

tcp        0      0 127.0.0.1:43303         0.0.0.0:*               LISTEN      9874/java

一段时间后它停止了......

我不知道在哪里找到日志以及如何调试它。任何帮助将不胜感激。

2 个答案:

答案 0 :(得分:0)

要调试的日志文件在$NEXUS_HOME/data/log内。您应该找到nexus.logrequest.log

失败的信息应在nexus.log之内。

答案 1 :(得分:0)

从您的配置说明中我可以看到您是Run Nexus as a Service under Linux

要启动Nexus服务并监控日志直到可以访问Web UI,我发现以下方法很有用:

service nexus start && tail -F /opt/nexus/sonatype-work/nexus3/log/*.log

它会立即输出所有日志并提供快速反馈。根据您在其中找到的信息,可以继续进行。

相关问题
最新问题