为 https 配置 Nexus 2
Configure Nexus 2 for https
我们已经安装并成功运行了 Nexus Manager 2 的实例,并配置了 http://repo1.maven.org/maven2/ but starting from 15/01/2020 Central Maven repo denied access via HTTP protocol. We reconfigured nexus proxy repo to use https://repo1.maven.org/maven2/ 的代理,但现在我们从 repo 获取依赖项时出错:
jvm 1 | 2020-02-03 14:58:14 WARN [pool-1-thread-1] - com.sonatype.nexus.plugins.healthcheck.task.HealthCheckTask - Scheduled task (Health Check: central) failed :: Health Check Management for Repository central (started 2020-02-03T14:58:13+02:00, runtime 0:00:00.438)
jvm 1 | javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
jvm 1 | at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:421) ~[na:1.7.0_80]
jvm 1 | at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:628) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:232) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at org.apache.http.impl.conn.AbstractPoolEntry.layerProtocol(AbstractPoolEntry.java:279) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at org.apache.http.impl.conn.AbstractPooledConnAdapter.layerProtocol(AbstractPooledConnAdapter.java:146) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:837) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:644) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at com.sonatype.nexus.plugins.healthcheck.service.impl.InsightServiceImpl.doGet(InsightServiceImpl.java:321) ~[na:na]
jvm 1 | at com.sonatype.nexus.plugins.healthcheck.service.impl.InsightServiceImpl.getNextRunDeltas(InsightServiceImpl.java:118) ~[na:na]
jvm 1 | at com.sonatype.nexus.plugins.healthcheck.task.HealthCheckTask.doDeltaCheck(HealthCheckTask.java:411) ~[na:na]
jvm 1 | at com.sonatype.nexus.plugins.healthcheck.task.HealthCheckTask.doRunSafe(HealthCheckTask.java:177) ~[na:na]
jvm 1 | at com.sonatype.nexus.plugins.healthcheck.task.HealthCheckTask.doRun(HealthCheckTask.java:132) ~[na:na]
jvm 1 | at org.sonatype.nexus.scheduling.AbstractNexusTask.call(AbstractNexusTask.java:166) ~[nexus-app-2.3.1-01.jar:2.3.1-01]
jvm 1 | at org.sonatype.scheduling.DefaultScheduledTask.call(DefaultScheduledTask.java:459) [sisu-task-scheduler-1.7.jar:na]
jvm 1 | at java.util.concurrent.FutureTask.run(FutureTask.java:262) [na:1.7.0_80]
jvm 1 | at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access1(ScheduledThreadPoolExecutor.java:178) [na:1.7.0_80]
jvm 1 | at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292) [na:1.7.0_80]
jvm 1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_80]
jvm 1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_80]
jvm 1 | at java.lang.Thread.run(Thread.java:745) [na:1.7.0_80]
jvm 1 | 2020-02-03 14:58:48 INFO [.jenkins-ci.org] - org.sonatype.nexus.proxy.registry.DefaultRepositoryRegistry-repo.jenkins-ci.org - Next attempt to auto-unblock the "repo.jenkins-ci.org" (id=repo.jenkins-ci.org) repository by checking its remote peer health will occur in 1 minute 20 seconds.
这可能是什么原因?
虽然并不总是需要 https://issues.sonatype.org/browse/NEXUS-5524 leads me to believe you may need to trust the certificate in the https version of repo1.maven.org. See https://help.sonatype.com/display/NXRM2/Managing+Outbound+SSL+Certificates 了解更多详细信息。如果这没有帮助,您可以检查您是否有防火墙或类似性质的东西阻止这个新的 URL(例如,您可以在网络浏览器中访问它或不通过 NXRM 从它下载)。
顺便说一句,根据您对其中一条评论的回复,如果您使用的是 Java 7,您可能使用的是旧版本 (https://help.sonatype.com/display/NXRM2/System+Requirements#SystemRequirements-Java),升级可能会有所帮助。 Sonatype 强烈建议使用最新版本,以避免使用旧版本可能解决的调试问题,并且至少 运行 不到一年的版本。在上面的 link 中,您会注意到所有不到一年的版本都不会使用 Java 7.
启动
我们已经安装并成功运行了 Nexus Manager 2 的实例,并配置了 http://repo1.maven.org/maven2/ but starting from 15/01/2020 Central Maven repo denied access via HTTP protocol. We reconfigured nexus proxy repo to use https://repo1.maven.org/maven2/ 的代理,但现在我们从 repo 获取依赖项时出错:
jvm 1 | 2020-02-03 14:58:14 WARN [pool-1-thread-1] - com.sonatype.nexus.plugins.healthcheck.task.HealthCheckTask - Scheduled task (Health Check: central) failed :: Health Check Management for Repository central (started 2020-02-03T14:58:13+02:00, runtime 0:00:00.438)
jvm 1 | javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
jvm 1 | at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:421) ~[na:1.7.0_80]
jvm 1 | at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:628) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:232) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at org.apache.http.impl.conn.AbstractPoolEntry.layerProtocol(AbstractPoolEntry.java:279) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at org.apache.http.impl.conn.AbstractPooledConnAdapter.layerProtocol(AbstractPooledConnAdapter.java:146) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:837) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:644) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784) ~[httpclient-4.2.2.jar:4.2.2]
jvm 1 | at com.sonatype.nexus.plugins.healthcheck.service.impl.InsightServiceImpl.doGet(InsightServiceImpl.java:321) ~[na:na]
jvm 1 | at com.sonatype.nexus.plugins.healthcheck.service.impl.InsightServiceImpl.getNextRunDeltas(InsightServiceImpl.java:118) ~[na:na]
jvm 1 | at com.sonatype.nexus.plugins.healthcheck.task.HealthCheckTask.doDeltaCheck(HealthCheckTask.java:411) ~[na:na]
jvm 1 | at com.sonatype.nexus.plugins.healthcheck.task.HealthCheckTask.doRunSafe(HealthCheckTask.java:177) ~[na:na]
jvm 1 | at com.sonatype.nexus.plugins.healthcheck.task.HealthCheckTask.doRun(HealthCheckTask.java:132) ~[na:na]
jvm 1 | at org.sonatype.nexus.scheduling.AbstractNexusTask.call(AbstractNexusTask.java:166) ~[nexus-app-2.3.1-01.jar:2.3.1-01]
jvm 1 | at org.sonatype.scheduling.DefaultScheduledTask.call(DefaultScheduledTask.java:459) [sisu-task-scheduler-1.7.jar:na]
jvm 1 | at java.util.concurrent.FutureTask.run(FutureTask.java:262) [na:1.7.0_80]
jvm 1 | at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access1(ScheduledThreadPoolExecutor.java:178) [na:1.7.0_80]
jvm 1 | at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292) [na:1.7.0_80]
jvm 1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_80]
jvm 1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_80]
jvm 1 | at java.lang.Thread.run(Thread.java:745) [na:1.7.0_80]
jvm 1 | 2020-02-03 14:58:48 INFO [.jenkins-ci.org] - org.sonatype.nexus.proxy.registry.DefaultRepositoryRegistry-repo.jenkins-ci.org - Next attempt to auto-unblock the "repo.jenkins-ci.org" (id=repo.jenkins-ci.org) repository by checking its remote peer health will occur in 1 minute 20 seconds.
这可能是什么原因?
虽然并不总是需要 https://issues.sonatype.org/browse/NEXUS-5524 leads me to believe you may need to trust the certificate in the https version of repo1.maven.org. See https://help.sonatype.com/display/NXRM2/Managing+Outbound+SSL+Certificates 了解更多详细信息。如果这没有帮助,您可以检查您是否有防火墙或类似性质的东西阻止这个新的 URL(例如,您可以在网络浏览器中访问它或不通过 NXRM 从它下载)。
顺便说一句,根据您对其中一条评论的回复,如果您使用的是 Java 7,您可能使用的是旧版本 (https://help.sonatype.com/display/NXRM2/System+Requirements#SystemRequirements-Java),升级可能会有所帮助。 Sonatype 强烈建议使用最新版本,以避免使用旧版本可能解决的调试问题,并且至少 运行 不到一年的版本。在上面的 link 中,您会注意到所有不到一年的版本都不会使用 Java 7.
启动