Enabling SSL for Nexus 3
Talend Administration Center is provided together with
Nexus artifact repository. It is used to store software updates, ESB and Data Integration
artifacts. This document describes steps to enable SSL for Nexus 3.
Setting up Talend Administration Center as the SSL server
Tomcat 8.5 is shipped with Talend 7.x.
In the <installation_path>/tac/apache-tomcat/conf/server.xml file,
the default configuration of the SSL part is shown below:
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation. The default
SSLImplementation will depend on the presence of the APR/native
library and the useOpenSSL attribute of the
AprLifecycleListener.
Either JSSE or OpenSSL style configuration may be used regardless of
the SSLImplementation selected. JSSE style configuration is used below.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
</SSLHostConfig>
</Connector>
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the APR/native implementation which always uses
OpenSSL for TLS.
Either JSSE or OpenSSL style configuration may be used. OpenSSL style
configuration is used below.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
certificateFile="conf/localhost-rsa-cert.pem"
certificateChainFile="conf/localhost-rsa-chain.pem"
type="RSA" />
</SSLHostConfig>
</Connector> <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true"
keystoreFile="D:/Talend/7.0.1/SSL/talend.localhost.jks"
keystorePass="talend"
clientAuth="false">
<!--
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
</SSLHostConfig>
-->
</Connector>set "JAVA_OPTS=%JAVA_OPTS% -Xmx2048m -Dfile.encoding=UTF-8 -Djavax.net.debug=ssl
-Djavax.net.ssl.trustStore=D:/Talend/7.0.1/SSL/talend.localhost.cert.jks
-Djavax.net.ssl.trustStorePassword=talend"Setting up Nexus as the SSL server
Nexus 3 is also shipped with Talend 7.x. To set up Nexus as an SSL server:
- Copy the keystore file into the
<installation_path>/tac/Artifact-Repository-Nexus-3.9.0-01-[OS]/nexus-3.9.0-01/etc/sslfolder. - Edit the
<installation_path>/tac/Artifact-Repository-Nexus-3.9.0-01-[OS]/sonatype-work/nexus3/etc/nexus.properties
file to add the ssl port and add the reference to the ssl configuration
file:
# Jetty section application-port=8081 application-port-ssl=8441 application-host=0.0.0.0 nexus-args=${jetty.etc}/jetty.xml,${jetty.etc}/jetty-http.xml,${jetty.etc}/jetty-https.xml,${jetty.etc}/jetty-requestlog.xml nexus-context-path=/ - Edit the ssl configuration file
<installation_path>/tac/Artifact-Repository-Nexus-3.9.0-01-win64/nexus-3.9.0-01/etc/jetty/jetty-https.xml
for the certificate and
password:
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory"> <Set name="KeyStorePath"><Property name="ssl.etc"/>/keystore.jks</Set> <Set name="KeyStorePassword">password</Set> <Set name="KeyManagerPassword">password</Set>The path must just be the name of the keystore file (preceded by a slash) as the file must be in a specific directory.
Start Nexus and you can login to Nexus URL using SSL port.