环境信息：

系统：CentOS 7
配置: CPU 4核(建议最少4核)、内存4G 、磁盘200G
IP：192.168.86.9
nexus3版本：nexus-3.27.0-03-unix.tar.gz
nexus3安装包下载地址：

wget http://download.sonatype.com/nexus/3/nexus-3.27.0-03-unix.tar.gz
或者
链接：https://pan.baidu.com/s/1OFruEz3aIU1NxHVQf5YBFQ 提取码：demo

JDK下载地址
JDK版本：jdk-8u151-linux-x64

https://www.oracle.com/cn/java/technologies/javase/javase-jdk8-downloads.html
或者
链接：https://pan.baidu.com/s/1dPIVFRi8hGdP7wOztoX6lg 提取码：demo

一、源码包方式部署

1>安装jdk并配置环境变量并验证

tar -xf jdk-8u151-linux-x64.tar -C /usr/local/
ln -s /usr/local/jdk1.8.0_151 /usr/local/java
echo "JAVA_HOME=/usr/local/java" >>/etc/profile
echo "PATH=\$JAVA_HOME/bin:\$PATH">>/etc/profile
echo "export JAVA_HOME PATH" >>/etc/profile
source /etc/profile
java -version

2>安装nexus

tar -xf nexus-3.27.0-03-unix.tar.gz -C /usr/local/
ln -s /usr/local/nexus-3.27.0-03 /usr/local/nexus
useradd -d "/home/nexus" -m -s "/sbin/nologin" nexus
chown -R nexus:nexus  /usr/local/nexus
chown -R nexus:nexus /usr/local/sonatype-work
echo run_as_user='"nexus"' >>/usr/local/nexus/bin/nexus.rc

配置systemctl管理nexus

cat <<EOF >/etc/systemd/system/nexus.service
[Install]
WantedBy=multi-user.target[Unit]
Description=nexus service
After=network.target[Service]
Type=forking
LimitNOFILE=65536
ExecStart=/usr/local/nexus/bin/nexus start
ExecStop=/usr/local/nexus/bin/nexus stop
User=nexus
Restart=on-abort[Install]
WantedBy=multi-user.target
EOF

启动nexus

systemctl daemon-reload
systemctl  start nexus.service
systemctl  enable nexus.service

3>登录nexus（hostIP:8081）

查看nexus的admin用户密码，使用admin用户登录
cat /usr/local/sonatype-work/nexus3/admin.password

设置新密码

设置仓库访问权限

4>配置https访问

生成服务端需要配置的认证文件

NEXUS_DOMAIN=192.168.86.9
NEXUS_IP_ADDRESS=192.168.86.9
PASSWD=passwordkeytool -genkeypair -keystore keystore.jks -storepass ${PASSWD}  -keypass ${PASSWD} -alias nexus -keyalg RSA -keysize 2048 -validity 5000 -dname "CN=${NEXUS_DOMAIN}, OU=demo, O=demo, L=Beijing, ST=Beijing, C=CN" -ext "SAN=IP:${NEXUS_IP_ADDRESS}" -ext "BC=ca:true"mv keystore.jks /usr/local/nexus/etc/ssl/keytool -export -alias nexus -keystore /usr/local/nexus/etc/ssl/keystore.jks -file keystore.cer -storepass passwordmv keystore.cer /usr/local/nexus/etc/ssl/

生产客户端证书

口令都配置password
keytool -importkeystore -srckeystore /usr/local/nexus/etc/ssl/keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12openssl pkcs12 -in keystore.p12 -nokeys -out keystore.crt
mv keystore.crt keystore.p12 /usr/local/nexus/etc/ssl/

配置 Nexus 使用证书，开启 https

cp /usr/local/nexus/etc/nexus-default.properties /usr/local/nexus/etc/nexus-default.properties.baksed -i '/application-port=/i\\ application-port-ssl=8443' /usr/local/nexus/etc/nexus-default.propertiessed -i '/nexus-args/d' /usr/local/nexus/etc/nexus-default.propertiesecho 'nexus-args=${jetty.etc}/jetty.xml,${jetty.etc}/jetty-http.xml,${jetty.etc}/jetty-https.xml,${jetty.etc}/jetty-requestlog.xml' >>/usr/local/nexus/etc/nexus-default.properties重启nexus验证https访问
systemctl  restart nexus.service

二、k8s方式部署

1、环境信息
ingress入口：192.168.86.36
域名规划：
主站点：repository.onap.vip
2、生成证书（参考:certbot生成证书）

certbot --server https://acme-v02.api.letsencrypt.org/directory -d "repository.onap.vip" -d "*.repository.onap.vip" --manual --preferred-challenges dns-01 certonly

3、nexus3部署yaml

#创建namespace
kubectl create ns repository
#生成ingress使用htts需要的secret
kubectl -n repository create secret tls repository-onap-vip-tls-secret --cert=repository.onap.vip.fullchain.pem --key=repository.onap.vip.privkey.pem
kubectl -n repository apply -f nexus3-deploy.yaml

nexus3-deploy.yaml

apiVersion: v1
kind: Service
metadata:name: sonatype-nexuslabels:app: sonatype-nexus
spec:type: NodePortports:- name: sonatype-nexusport: 8081targetPort: 8081protocol: TCP- name: dockerio-proxyport: 10001targetPort: 10001nodePort: 32001protocol: TCP- name: local-dockerport: 10002targetPort: 10002protocol: TCPselector:app: sonatype-nexus
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:name: repository.onap.vipannotations:kubernetes.io/ingress.class: "nginx"
spec:rules:- host: repository.onap.viphttp:paths:- path:backend:serviceName: sonatype-nexusservicePort: 8081tls:- hosts:- repository.onap.vipsecretName: repository-onap-vip-tls-secret
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: sonatype-nexus
spec:accessModes:- ReadWriteOncevolumeMode: Filesystemresources:requests:storage: 10GistorageClassName: csi-rbd-sc
---
apiVersion: apps/v1
kind: Deployment
metadata:name: sonatype-nexuslabels:app: sonatype-nexus
spec:replicas: 1selector:matchLabels:app: sonatype-nexustemplate:metadata:labels:app: sonatype-nexusspec:containers:- name: sonatype-nexusimage: sonatype/nexus3:3.34.0imagePullPolicy: IfNotPresentports:- name: servercontainerPort: 8081containerPort: 10001containerPort: 10002livenessProbe:httpGet:path: /port: 8081initialDelaySeconds: 30periodSeconds: 30failureThreshold: 6readinessProbe:httpGet:path: /port: 8081initialDelaySeconds: 30periodSeconds: 30failureThreshold: 6env:- name: INSTALL4J_ADD_VM_PARAMSvalue: "-Xms4096M -Xmx6096M -XX:MaxDirectMemorySize=4G -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap"resources:limits:cpu: 4000mmemory: 4096Mi   requests:cpu: 2000mmemory: 2048MivolumeMounts:- name: sonatype-nexus-datamountPath: /nexus-datavolumes:- name: sonatype-nexus-datapersistentVolumeClaim:claimName: sonatype-nexus