1. 使用 Podman 部署 Nexus 3
podman run --name nexus -d \-p 8081:8081 \-v /data:/nexus-data \-v /etc/localtime:/etc/localtime \-e TZ="Asia/Shanghai" \-e INSTALL4J_ADD_VM_PARAMS="-Xms10240m -Xmx10240m -XX:MaxDirectMemorySize=4096m" \docker.io/sonatype/nexus3
说明:
- Nexus 服务默认监听端口:
8081 - 数据持久化目录:
/data - Java 启动参数可根据宿主机内存进行调整
2. 编译安装 Nginx 1.22(支持 HTTPS)
# 解压源码
cd /opt
tar -zvxf nginx-1.22.0.tar.gz
cd nginx-1.22.0# 安装编译依赖
yum -y install gcc zlib zlib-devel pcre-devel openssl openssl-devel# 编译并安装
./configure --prefix=/usr/local/nginx --with-http_ssl_module
make && make install
3. 配置 Nginx 主配置文件
文件路径:/usr/local/nginx/conf/nginx.conf
user nobody;
worker_processes 1;error_log logs/error.log info;
pid logs/nginx.pid;events {worker_connections 1024;
}http {include mime.types;default_type application/octet-stream;log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';access_log logs/access.log main;sendfile on;tcp_nopush on;keepalive_timeout 65;gzip on;# 安全 Headersadd_header X-Content-Type-Options nosniff;add_header X-Frame-Options DENY;add_header X-XSS-Protection "1; mode=block";include conf.d/*.conf;# 限制上传体积client_max_body_size 5000m;
}
4. 创建反向代理配置 /usr/local/nginx/conf/conf.d/mirror.conf
# 定义后端 Nexus 容器
upstream backend {server 127.0.0.1:8081;
}# HTTP 配置(重定向到 HTTPS)
server {listen 80;server_name mirrors.benlai.com mirrors.benlai-io.com;return 301 https://$host$request_uri;
}# HTTPS 配置
server {listen 443 ssl;server_name mirrors.benlai.com mirrors.benlai-io.com;ssl_certificate /usr/local/nginx/conf/ssl/benlai-io.com.crt;ssl_certificate_key /usr/local/nginx/conf/ssl/benlai-io.com.key;ssl_session_cache shared:SSL:1m;ssl_session_timeout 5m;ssl_ciphers HIGH:!aNULL:!MD5;ssl_prefer_server_ciphers on;location ^~/repository/ {allow all;proxy_pass http://backend;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}location ^~/admin/ {allow 10.93.152.0/21;allow 10.86.160.0/21;allow 10.93.64.131;deny all;proxy_pass http://backend;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}location / {proxy_pass http://backend;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}
}
说明:
- 支持自动将 HTTP 请求重定向到 HTTPS
/repository/:公开访问路径/admin/:仅限内网 IP 白名单,其他全部拒绝
5. 创建 SSL 证书目录(示例使用自签名)
mkdir -p /usr/local/nginx/conf/ssl
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \-keyout /usr/local/nginx/conf/ssl/benlai-io.com.key \-out /usr/local/nginx/conf/ssl/benlai-io.com.crt \-subj "/C=CN/ST=Beijing/L=Beijing/O=Benlai/OU=IT/CN=mirrors.benlai-io.com"
如果使用正式证书,替换上述 .crt 和 .key 即可。
6. 启动 Nginx 并测试配置
cd /usr/local/nginx/sbin
./nginx -t # 测试配置语法
./nginx # 启动服务
如需重启或重新加载配置:
./nginx -s reload
7. 可选:配置 systemd 启动项
建议将 Podman Nexus 容器与 Nginx 一并加入开机启动。
创建 /etc/systemd/system/nginx.service:
[Unit]
Description=The Nginx HTTP and reverse proxy server
After=network.target[Service]
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PIDFile=/usr/local/nginx/logs/nginx.pid
Restart=on-failure[Install]
WantedBy=multi-user.target
启用服务:
systemctl daemon-reexec
systemctl enable nginx
systemctl start nginx
8. 测试访问
# 测试重定向
curl -I http://mirrors.benlai.com/repository/# 测试代理访问
curl -k https://mirrors.benlai.com/repository/# 测试限制访问路径
curl -k https://mirrors.benlai.com/admin/ -H "X-Real-IP: 1.2.3.4"
)
: 深入解析 lm48100q I2C 音频编解码器驱动模型(基于 i.MX8MP))
)
)
