This guide is still work in progress
version: '3'
services:
traefik:
image: traefik
container_name: traefik
command:
- "--providers.docker"
- "--certificatesResolvers.myresolver.acme.storage=/data/acme.json"
- "--certificatesresolvers.myresolver.acme.caServer=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./data/traefik/:/data"
labels:
- "traefik.http.middlewares.httpsonly.redirectscheme.scheme=https"
- "traefik.http.middlewares.httpsonly.redirectscheme.permanent=true"
nexus:
image: sonatype/nexus3
container_name: nexus
volumes:
- "./data/nexus:/nexus-data"
labels:
- "traefik.http.routers.nexus.rule=Host(`nexus.example.com`)"
- "traefik.http.routers.nexus.tls=true"
- "traefik.http.routers.nexus.tls.certresolver=myresolver"
- "traefik.http.routers.nexus.service=nexus-service"
- "traefik.http.services.nexus-service.loadBalancer.server.port=8081"
- "traefik.http.routers.registry.rule=Host(`registry.example.com`)"
- "traefik.http.routers.registry.tls=true"
- "traefik.http.routers.registry.tls.certresolver=myresolver"
- "traefik.http.routers.registry.service=registry-service"
- "traefik.http.services.registry-service.loadBalancer.server.port=5000"
This docker-compose file will start a traefik exposing ports 80 and 443.
Nexus Repository will be reachable under nexus.example.com.
The domain registry.example.com will be the interface for a docker daemon, which redirects to port 5000 where we will open a HTTP connector for docker.
In nexus create a new repository of type docker hosted.
Under Security → Realms add activate Docker Baerer Token Realms, otherwise the docker daemon will not be able to authenticate.