Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.riad.com.bd/llms.txt

Use this file to discover all available pages before exploring further.

Introduction

In modern software development, managing dependencies and artifacts efficiently is crucial for maintaining a streamlined workflow. A centralized repository management system, such as Nexus Repository Manager, provides a robust solution for storing, organizing, and distributing software components, including Linux distribution packages and container images. This guide explores the integration of a centralized repository management system for Linux distributions and container images, highlighting best practices and implementation strategies.

Benefits of Centralized Repository Management

  1. Improved Dependency Management: Centralized repositories allow teams to manage dependencies effectively, ensuring that all team members have access to the same versions of libraries and packages.
  2. Enhanced Security: By controlling access to repositories, organizations can enforce security policies and monitor the usage of software components.
  3. Faster Builds: Local caching of dependencies reduces build times by minimizing the need to fetch packages from external sources repeatedly.
  4. Version Control: Centralized repositories facilitate versioning of artifacts, making it easier to track changes and revert to previous versions if needed.
  5. Support for Multiple Formats: Nexus Repository Manager supports various package formats, including Docker images, RPM, DEB, and more, making it a versatile choice for managing different types of artifacts.

Prerequisites

Before we begin, ensure you have the following prerequisites in place:
  • A server or virtual machine with Docker installed.
  • A domain name pointing to your server’s IP address.
  • Basic knowledge of Docker and Nexus Repository Manager.

Overview of the Deployment

The deployment involves setting up Nexus Repository Manager in a Docker container, configuring it to host Linux distribution packages (RPM and DEB), and managing container images (Docker). The following steps outline the process:
  1. Deploy Nexus Repository Manager: Use Docker to deploy Nexus Repository Manager on your server.
  2. Configure Repositories: Set up repositories for Linux distributions and container images.
  3. Integrate with CI/CD Pipelines: Connect the repository manager with your CI/CD pipelines to automate the publishing and retrieval of artifacts.
  4. Implement Security Measures: Configure access controls and security settings to protect your repositories.

Logical Diagram

Step 1: Deploy Nexus Repository Manager

a. Create a Docker Compose file named docker-compose.yml with the following content: 
services:
  nexus:
    image: sonatype/nexus3:3.87.2-alpine
    ports:
      - "8081:8081" # UI
      - "8083:8083" # Docker Registry
    networks:
      - traefik
    environment:
      - TZ=Asia/Dhaka
      # Dynamic Memory: Starts small, grows up to 75% of the 4GB limit
      - INSTALL4J_ADD_VM_PARAMS=-XX:MaxRAMPercentage=75.0 -XX:MinRAMPercentage=25.0 -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=/nexus-data/javaprefs
    volumes:
      # Database and Config on your specific NFS path
      - /mnt/nfs-share/nexus/data:/nexus-data
      # Package Blobs (The heavy files) on your specific NFS path
      - /mnt/nfs-share/nexus/storage:/nexus-storage
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints: [node.role == manager]
      resources:
        limits:
          memory: 4G    # Max allowed RAM
        reservations:
          memory: 1G    # Guaranteed RAM
      labels:
        - "traefik.enable=true"
        - "traefik.swarm.network=traefik"

        # UI ROUTER: Port 8081
        - "traefik.http.routers.nexus-ui.rule=Host(`repo.riad.com.bd`)"
        - "traefik.http.routers.nexus-ui.entrypoints=web"
        - "traefik.http.routers.nexus-ui.service=nexus-ui-svc"
        - "traefik.http.services.nexus-ui-svc.loadbalancer.server.port=8081"

        # DOCKER ROUTER: Port 8083 (Standard pulls)
        - "traefik.http.routers.nexus-docker.rule=Host(`repo.riad.com.bd`) && PathPrefix(`/v2`)"
        - "traefik.http.routers.nexus-docker.entrypoints=web"
        - "traefik.http.routers.nexus-docker.service=nexus-docker-svc"
        - "traefik.http.services.nexus-docker-svc.loadbalancer.server.port=8083"

networks:
  traefik:
    external: true
b. Create the necessary directories on your NFS share: +Create the necessary directories on your NFS share: 
mkdir -p /mnt/nfs-share/nexus/data
mkdir -p /mnt/nfs-share/nexus/storage
c. Give file system permissions to the nexus user (UID 200): +Give file system permissions to the nexus user (UID 200), which runs the Nexus process inside the container: 
sudo chown -R 200:200 /opt/nexus-data
sudo chown -R 200:200 /mnt/nfs-share/nexus-storage
sudo chown -R 200:200 /mnt/nfs-share/nexus/data
d. Deploy the Nexus Repository Manager using Docker Compose: +Deploy the Nexus Repository Manager as a Docker stack: 
docker stack deploy -c docker-compose.yml nexus

Step 2: Configure Repositories

a. Access the Nexus Repository Manager UI by navigating to http://repo.riad.com.bd in your web browser. The default admin credentials are:
  • Username: admin
  • Password: (found in /mnt/nfs-share/nexus/data/admin.password) b. Create repositories for Linux distributions (RPM and DEB) and Docker images:
  1. RPM Repository: GO to Settings > Repositories > Create repository > yum (proxy).
  2. DEB Repository: GO to Settings > Repositories > Create repository > apt (proxy). a. Go to Settings > Repositories > Create repository > apt (proxy). b. GIve it a name, e.g., ubuntu-focal-proxy. consider creating separate repositories for different Ubuntu versions like ubuntu-bionic-proxy, ubuntu-jammy-proxy, etc. c. Dicstribution: focal d. Remote Storage: https://archive.ubuntu.com/ubuntu e. Blob Store: default or create a new one. f. Cleanup Policy: Leave default or set as per your retention policy. or create a new one. g. Click Create repository.
  3. Docker Repository: GO to Settings > Repositories > Create repository > apt (proxy). a. Go to Settings > Repositories > Create repository > docker (hosted). b. Give it a name, e.g., docker-hosted. c. Remote Storage: https://download.docker.com/linux/ubuntu d. Blob Store: default or create a new one. e. Click Create repository.
  4. Docker image Repository: GO to Settings > Repositories > Create repository > docker (proxy). a. Go to Settings > Repositories > Create repository > docker (proxy). b. Give it a name, e.g., docker-apt-proxy. c. URL: https://repo.riad.com.bd/repository/docker-hub-proxy/ d. http: 8083 e. Allow anonymous docker pull: checked f. Enable docker API V1: checked g. Remote Storage: https://registry-1.docker.io h. Docker Index: Docker Hub i. Blob Store: default or create a new one. j. Cleanup Policy: Leave default or set as per your retention policy. or create a new one. k. Click Create repository.

Step 3: Client Side Configuration

a. Linux Distributions

  1. RPM-based Systems (e.g., CentOS, RHEL):
    • Create a new repo file in /etc/yum.repos.d/:
    [nexus-rpm]
name=Nexus RPM Repository
baseurl=http://repo.riad.com.bd/repository/rpm-repo/  
enabled=1
gpgcheck=0
  2. DEB-based Systems (e.g., Ubuntu, Debian):
    • Add the repository to your sources list:
    • For Ubuntu Nobel:
    • create a file /etc/apt/sources.list.d/nexus-deb.list with the following content:
    Types: deb
Types: deb
 URIs: https://repo.riad.com.bd/repository/ubuntu-noble-proxy/
 Suites: noble noble-updates noble-backports
 Components: main restricted universe multiverse
 Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg

 Types: deb
 URIs: https://repo.riad.com.bd/repository/ubuntu-noble-proxy/
 Suites: noble-security
 Components: main restricted universe multiverse
 Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
    • for jammy:
    • create a file /etc/apt/sources.list (Remove all other lines):
    deb https://repo.riad.com.bd/repository/ubuntu-jammy-proxy/ jammy main restricted universe multiverse
deb https://repo.riad.com.bd/repository/ubuntu-jammy-proxy/ jammy-updates main restricted universe multiverse
deb https://repo.riad.com.bd/repository/ubuntu-jammy-proxy/ jammy-backports main restricted universe multiverse
deb https://repo.riad.com.bd/repository/ubuntu-jammy-proxy/ jammy-security main restricted universe multiverse
    • Update the package list:
    sudo apt update

b. Docker upgradation:

  1. Configure Docker to use the Nexus Docker repository:
    • create or edit the Docker daemon configuration file /etc/docker/daemon.json with the following content:
    Types: deb
 Types: deb
 URIs: https://repo.riad.com.bd/repository/docker-apt-proxy-nobel/
 Suites: noble
 Components: stable
 Signed-By: /etc/apt/keyrings/docker.asc
  2. for jammy:
    • create or edit the Docker daemon configuration file /etc/docker/daemon.json with the following content:
    deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://repo.riad.com.bd/repository/docker-apt-proxy/ jammy stable
  3. Restart the Docker service to apply the changes: 
    sudo systemctl restart docker

C. Docker image repo configuration

  1. edit the Docker daemon configuration file /etc/docker/daemon.json with the following content:
{
  "registry-mirrors": ["https://repo.riad.com.bd"],
  "max-concurrent-downloads": 1
}
  1. Restart the Docker service to apply the changes: 
    sudo systemctl restart docker

d. Pull the local certificate and add it to the trusted certificates

  1. If you are using HTTPS for your Nexus Repository Manager, ensure that the SSL certificate is trusted by your clients. You may need to download the certificate from your Nexus server and add it to the trusted certificate store on your client machines.
openssl s_client -showcerts -connect repo.riad.com.bd:443 </dev/null 2>/dev/null | openssl x509 -outform PEM > /tmp/nexus.crt
  1. Install the certificate:
  • For RPM-based systems:
sudo cp /tmp/nexus.crt /usr/local/share/ca-certificates/nexus.crt
sudo update-ca-certificates
  • For DEB-based systems:
sudo cp /tmp/nexus.crt /etc/pki/ca-trust
sudo update-ca-trust

Conclusion

Integrating a centralized repository management system like Nexus Repository Manager for Linux distributions and container images significantly enhances the efficiency and security of software development workflows. By following the steps outlined in this guide, organizations can streamline dependency management, improve build times, and enforce robust security measures. As software ecosystems continue to evolve, adopting centralized repository management practices will remain a critical component of successful DevOps strategies.

Additional Resources

FAQ

Q1: Can Nexus Repository Manager handle multiple package formats simultaneously? A1: Yes, Nexus Repository Manager supports a wide range of package formats, including Docker images, RPM, DEB, Maven, npm, and more, allowing you to manage various types of artifacts in a single platform.
Q2: How can I secure access to my Nexus repositories? A2: Nexus Repository Manager provides robust security features, including role-based access control (RBAC), LDAP integration, and SSL/TLS encryption to ensure that only authorized users can access your repositories. Q3: What are the best practices for maintaining a Nexus Repository Manager instance? A3: Regularly back up your Nexus data, monitor repository usage, update to the latest version for security patches, and implement cleanup policies to manage storage effectively.

Troubleshooting

  • Issue: Unable to access Nexus Repository Manager UI.
    • Solution: Ensure that the Docker container is running and that the correct ports are exposed. Check firewall settings to allow traffic on port 8081.
  • Issue: Docker clients cannot pull images from the Nexus Docker repository.
    • Solution: Verify that the Docker daemon is configured correctly to use the Nexus repository as a registry mirror. Check network connectivity between the Docker client and the Nexus server.
  • Issue: Slow package downloads from the repository.
    • Solution: Check the network bandwidth and latency. Ensure that the Nexus server has sufficient resources (CPU, memory) to handle requests efficiently. Consider enabling caching for frequently accessed packages.

Acknowledgments

We would like to thank the open-source community for their contributions to Nexus Repository Manager and Docker, which have made this integration possible. Special thanks to the developers and maintainers who continuously improve these tools, enabling organizations to build efficient and secure software delivery pipelines.