public_git
/
nexus-vagrant
mirror of https://github.com/rgl/nexus-vagrant.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: public_git:6846e19dcb5ffb4c9c2d1e67b0c083b837223de3
Branches Tags
public_git:master
public_git:dependabot/pip/hello-world-pypi-package/urllib3-2.0.7
public_git:dependabot/pip/hello-world-pypi-package/cryptography-41.0.4
...
compare: public_git:a8291359217feb63560bb4d44218eb6e700ad395
Branches Tags
public_git:master
public_git:dependabot/pip/hello-world-pypi-package/urllib3-2.0.7
public_git:dependabot/pip/hello-world-pypi-package/cryptography-41.0.4

3 Commits
6846e19dcb ... a829135921

Author SHA1 Message Date
Rui Lopes a829135921 upgrade the nginx tls configuration based on the mozilla intermediate configuration recommendation 2025-08-25 22:23:23 +00:00
Rui Lopes 8c46c08622 upgrade to nexus 3.82.0-08 2025-08-25 22:23:23 +00:00
Rui Lopes 1da6f4380f upgrade dependencies 2025-08-25 22:23:23 +00:00
11 changed files with 53 additions and 55 deletions
Show Stats Expand all files Collapse all files

2
README.md
View File

@ -155,7 +155,7 @@ You can also access the database cli shell as:
sudo su -l # switch to the root user. sudo su -l # switch to the root user.
systemctl stop nexus # make sure nexus is not running while you use the database. systemctl stop nexus # make sure nexus is not running while you use the database.
su -s /bin/bash nexus # switch to the nexus user. su -s /bin/bash nexus # switch to the nexus user.
nexus_home=/opt/nexus/nexus-3.81.1-01 # make sure you have the correct version here. nexus_home=/opt/nexus/nexus-3.82.0-08 # make sure you have the correct version here.
nexus_data="$(realpath $nexus_home/../sonatype-work/nexus3)" nexus_data="$(realpath $nexus_home/../sonatype-work/nexus3)"
function h2-shell { function h2-shell {
java \ java \

26
hello-world-pypi-package/requirements.txt
View File

@ -1,34 +1,34 @@
backports.tarfile==1.2.0 backports.tarfile==1.2.0
build==1.2.2.post1 build==1.3.0
certifi==2025.6.15 certifi==2025.8.3
cffi==1.17.1 cffi==1.17.1
charset-normalizer==3.4.2 charset-normalizer==3.4.3
cryptography==45.0.4 cryptography==45.0.6
docutils==0.21.2 docutils==0.22
id==1.5.0 id==1.5.0
idna==3.10 idna==3.10
importlib_metadata==8.7.0 importlib_metadata==8.7.0
jaraco.classes==3.4.0 jaraco.classes==3.4.0
jaraco.context==6.0.1 jaraco.context==6.0.1
jaraco.functools==4.1.0 jaraco.functools==4.3.0
jeepney==0.9.0 jeepney==0.9.0
keyring==25.6.0 keyring==25.6.0
markdown-it-py==3.0.0 markdown-it-py==4.0.0
mdurl==0.1.2 mdurl==0.1.2
more-itertools==10.7.0 more-itertools==10.7.0
nh3==0.2.21 nh3==0.3.0
packaging==25.0 packaging==25.0
pycparser==2.22 pycparser==2.22
Pygments==2.19.1 Pygments==2.19.2
pyproject_hooks==1.2.0 pyproject_hooks==1.2.0
readme_renderer==44.0 readme_renderer==44.0
requests==2.32.4 requests==2.32.5
requests-toolbelt==1.0.0 requests-toolbelt==1.0.0
rfc3986==2.0.0 rfc3986==2.0.0
rich==14.0.0 rich==14.1.0
SecretStorage==3.3.3 SecretStorage==3.3.3
tomli==2.2.1 tomli==2.2.1
twine==6.1.0 twine==6.1.0
typing_extensions==4.14.0 typing_extensions==4.14.1
urllib3==2.4.0 urllib3==2.5.0
zipp==3.23.0 zipp==3.23.0

47
provision/provision-base.sh
View File

@ -99,13 +99,30 @@ popd
# install and configure nginx to proxy to nexus. # install and configure nginx to proxy to nexus.
# see https://help.sonatype.com/repomanager3/planning-your-implementation/run-behind-a-reverse-proxy # see https://help.sonatype.com/repomanager3/planning-your-implementation/run-behind-a-reverse-proxy
apt-get install -y --no-install-recommends nginx apt-get install -y --no-install-recommends nginx
rm -f /etc/nginx/sites-enabled/default wget -qO /etc/ssl/certs/dhparam.pem https://ssl-config.mozilla.org/ffdhe2048.txt
cat >/etc/nginx/sites-available/$config_fqdn.conf <<EOF sed -i -E 's/^(\s*)((ssl_protocols|ssl_ciphers|ssl_prefer_server_ciphers)\s)/\1# \2/' /etc/nginx/nginx.conf
ssl_session_cache shared:SSL:4m; cat >/etc/nginx/conf.d/local.conf <<EOF
ssl_session_timeout 6h; # NB this is based on the mozilla intermediate configuration.
# see https://ssl-config.mozilla.org/#server=nginx&version=1.18.0&config=intermediate&openssl=3.0.2&guideline=5.7
# see https://packages.ubuntu.com/jammy/nginx
# see https://packages.ubuntu.com/jammy/openssl
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve X25519:prime256v1:secp384r1;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m; # about 40000 sessions.
ssl_session_timeout 1d;
ssl_session_tickets on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# NB our example ca does not support stapling, so this is commented.
#ssl_stapling on; #ssl_stapling on;
#ssl_stapling_verify on; #ssl_stapling_verify on;
#ssl_trusted_certificate /etc/ssl/certs/jenkins-ca.pem;
#resolver 127.0.0.53 valid=30s;
#resolver_timeout 5s;
EOF
rm -f /etc/nginx/sites-enabled/default
cat >/etc/nginx/sites-available/$config_fqdn.conf <<EOF
server { server {
listen 80; listen 80;
server_name _; server_name _;
@ -119,11 +136,6 @@ server {
ssl_certificate /etc/ssl/private/$config_fqdn-crt.pem; ssl_certificate /etc/ssl/private/$config_fqdn-crt.pem;
ssl_certificate_key /etc/ssl/private/$config_fqdn-keypair.pem; ssl_certificate_key /etc/ssl/private/$config_fqdn-keypair.pem;
ssl_protocols TLSv1.2 TLSv1.3;
# see https://github.com/cloudflare/sslconfig/blob/master/conf
# see https://blog.cloudflare.com/it-takes-two-to-chacha-poly/
# see https://blog.cloudflare.com/do-the-chacha-better-mobile-performance-with-cryptography/
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!aNULL:!MD5;
tcp_nodelay on; tcp_nodelay on;
client_max_body_size 1G; client_max_body_size 1G;
@ -159,11 +171,6 @@ server {
ssl_certificate /etc/ssl/private/$config_fqdn-crt.pem; ssl_certificate /etc/ssl/private/$config_fqdn-crt.pem;
ssl_certificate_key /etc/ssl/private/$config_fqdn-keypair.pem; ssl_certificate_key /etc/ssl/private/$config_fqdn-keypair.pem;
ssl_protocols TLSv1.2 TLSv1.3;
# see https://github.com/cloudflare/sslconfig/blob/master/conf
# see https://blog.cloudflare.com/it-takes-two-to-chacha-poly/
# see https://blog.cloudflare.com/do-the-chacha-better-mobile-performance-with-cryptography/
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!aNULL:!MD5;
tcp_nodelay on; tcp_nodelay on;
client_max_body_size 10G; client_max_body_size 10G;
@ -188,11 +195,6 @@ server {
ssl_certificate /etc/ssl/private/$config_fqdn-crt.pem; ssl_certificate /etc/ssl/private/$config_fqdn-crt.pem;
ssl_certificate_key /etc/ssl/private/$config_fqdn-keypair.pem; ssl_certificate_key /etc/ssl/private/$config_fqdn-keypair.pem;
ssl_protocols TLSv1.2 TLSv1.3;
# see https://github.com/cloudflare/sslconfig/blob/master/conf
# see https://blog.cloudflare.com/it-takes-two-to-chacha-poly/
# see https://blog.cloudflare.com/do-the-chacha-better-mobile-performance-with-cryptography/
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!aNULL:!MD5;
tcp_nodelay on; tcp_nodelay on;
client_max_body_size 10G; client_max_body_size 10G;
@ -217,11 +219,6 @@ server {
ssl_certificate /etc/ssl/private/$config_fqdn-crt.pem; ssl_certificate /etc/ssl/private/$config_fqdn-crt.pem;
ssl_certificate_key /etc/ssl/private/$config_fqdn-keypair.pem; ssl_certificate_key /etc/ssl/private/$config_fqdn-keypair.pem;
ssl_protocols TLSv1.2 TLSv1.3;
# see https://github.com/cloudflare/sslconfig/blob/master/conf
# see https://blog.cloudflare.com/it-takes-two-to-chacha-poly/
# see https://blog.cloudflare.com/do-the-chacha-better-mobile-performance-with-cryptography/
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!aNULL:!MD5;
tcp_nodelay on; tcp_nodelay on;
client_max_body_size 10G; client_max_body_size 10G;

2
provision/provision-docker.sh
View File

@ -3,7 +3,7 @@ set -euxo pipefail
# see https://github.com/moby/moby/releases # see https://github.com/moby/moby/releases
# renovate: datasource=github-releases depName=moby/moby # renovate: datasource=github-releases depName=moby/moby
default_docker_version='28.2.2' default_docker_version='28.3.3'
# see https://github.com/moby/moby/releases # see https://github.com/moby/moby/releases
docker_version="${1:-$default_docker_version}"; shift || true docker_version="${1:-$default_docker_version}"; shift || true

4
provision/provision-nexus.sh
View File

@ -35,12 +35,12 @@ pushd /opt/nexus
# see https://help.sonatype.com/repomanager3/product-information/download/download-archives---repository-manager-3 # see https://help.sonatype.com/repomanager3/product-information/download/download-archives---repository-manager-3
# see https://help.sonatype.com/repomanager3/product-information/release-notes # see https://help.sonatype.com/repomanager3/product-information/release-notes
# see https://help.sonatype.com/repomanager3 # see https://help.sonatype.com/repomanager3
nexus_version=3.81.1-01 nexus_version=3.82.0-08
nexus_home=/opt/nexus/nexus-$nexus_version nexus_home=/opt/nexus/nexus-$nexus_version
nexus_tarball=nexus-$nexus_version-linux-x86_64.tar.gz nexus_tarball=nexus-$nexus_version-linux-x86_64.tar.gz
nexus_download_url=https://download.sonatype.com/nexus/3/$nexus_tarball nexus_download_url=https://download.sonatype.com/nexus/3/$nexus_tarball
wget -q $nexus_download_url wget -q $nexus_download_url
tar xf $nexus_tarball # NB this creates the $nexus_home (e.g. nexus-3.81.1-01) and sonatype-work directories. tar xf $nexus_tarball # NB this creates the $nexus_home (e.g. nexus-3.82.0-08) and sonatype-work directories.
rm $nexus_tarball rm $nexus_tarball
install -d -o nexus -g nexus -m 700 .java # java preferences are saved here (the default java.util.prefs.userRoot preference). install -d -o nexus -g nexus -m 700 .java # java preferences are saved here (the default java.util.prefs.userRoot preference).
install -d -o nexus -g nexus -m 700 sonatype-work/nexus3/etc install -d -o nexus -g nexus -m 700 sonatype-work/nexus3/etc

2
provision/provision-nexus/Makefile
View File

@ -17,7 +17,7 @@ binaries: binaries-download
binaries-download: binaries-download:
mkdir -p binaries mkdir -p binaries
wget -qO- https://download.sonatype.com/nexus/3/nexus-3.81.1-01-unix.tar.gz \ wget -qO- https://download.sonatype.com/nexus/3/nexus-3.82.0-08-unix.tar.gz \
| tar xzf - --strip-components 1 -C binaries | tar xzf - --strip-components 1 -C binaries
clean: clean:

2
provision/provision-nexus/pom.xml
View File

@ -8,7 +8,7 @@
<version>1.0-SNAPSHOT</version> <version>1.0-SNAPSHOT</version>
<properties> <properties>
<nx-version>3.81.1-01</nx-version> <nx-version>3.82.0-08</nx-version>
</properties> </properties>
<dependencies> <dependencies>
<dependency> <dependency>

2
provision/use-docker-repository.sh
View File

@ -24,7 +24,7 @@ mkdir -p tmp/use-docker-repository && cd tmp/use-docker-repository
# see https://github.com/golang/go/tags # see https://github.com/golang/go/tags
# renovate: datasource=github-tags depName=golang/go extractVersion=go(?<version>.+) # renovate: datasource=github-tags depName=golang/go extractVersion=go(?<version>.+)
go_version='1.24.4' go_version='1.25.0'
cat >main.go <<'EOF' cat >main.go <<'EOF'
package main package main

12
provision/use-maven-repository-from-gradle.sh
View File

@ -13,7 +13,7 @@ cd tmp/use-maven-repository-from-gradle
# download and install gradle. # download and install gradle.
# see https://gradle.org/releases/ # see https://gradle.org/releases/
# renovate: datasource=github-releases depName=gradle/gradle # renovate: datasource=github-releases depName=gradle/gradle
gradle_version='8.14.2' gradle_version='9.0.0'
if [ ! -f /opt/gradle/gradle-$gradle_version/bin/gradle ]; then if [ ! -f /opt/gradle/gradle-$gradle_version/bin/gradle ]; then
apt-get install -y unzip apt-get install -y unzip
wget -qO/tmp/gradle-$gradle_version-bin.zip https://services.gradle.org/distributions/gradle-$gradle_version-bin.zip wget -qO/tmp/gradle-$gradle_version-bin.zip https://services.gradle.org/distributions/gradle-$gradle_version-bin.zip
@ -36,8 +36,8 @@ cat >settings.gradle <<'EOF'
rootProject.name = 'gradle-greeter' rootProject.name = 'gradle-greeter'
EOF EOF
cat >build.gradle <<'EOF' cat >build.gradle <<'EOF'
// see https://docs.gradle.org/8.14.2/userguide/java_library_plugin.html // see https://docs.gradle.org/9.0.0/userguide/java_library_plugin.html
// see https://docs.gradle.org/8.14.2/userguide/maven_plugin.html // see https://docs.gradle.org/9.0.0/userguide/maven_plugin.html
plugins { plugins {
id 'java-library' id 'java-library'
@ -104,10 +104,10 @@ rootProject.name = 'gradle-greeter-application'
EOF EOF
# see https://mvnrepository.com/artifact/com.gradleup.shadow/shadow-gradle-plugin # see https://mvnrepository.com/artifact/com.gradleup.shadow/shadow-gradle-plugin
# renovate: datasource=maven depName=com.gradleup.shadow:shadow-gradle-plugin # renovate: datasource=maven depName=com.gradleup.shadow:shadow-gradle-plugin
com_gradleup_shadow_version='8.3.6' com_gradleup_shadow_version='9.0.2'
cat >build.gradle <<EOF cat >build.gradle <<EOF
// see https://docs.gradle.org/8.14.2/userguide/java_plugin.html // see https://docs.gradle.org/9.0.0/userguide/java_plugin.html
// see https://docs.gradle.org/8.14.2/userguide/application_plugin.html // see https://docs.gradle.org/9.0.0/userguide/application_plugin.html
// see https://gradleup.com/shadow/ // see https://gradleup.com/shadow/
// see https://github.com/GradleUp/shadow // see https://github.com/GradleUp/shadow

2
provision/windows/use-npm-repository.ps1
View File

@ -30,7 +30,7 @@ Set-Location tmp/use-npm-repository
# install node LTS. # install node LTS.
# see https://community.chocolatey.org/packages/nodejs-lts # see https://community.chocolatey.org/packages/nodejs-lts
choco install -y nodejs-lts --version 22.16.0 choco install -y nodejs-lts --version 22.18.0
Import-Module C:\ProgramData\chocolatey\helpers\chocolateyInstaller.psm1 Import-Module C:\ProgramData\chocolatey\helpers\chocolateyInstaller.psm1
Update-SessionEnvironment Update-SessionEnvironment
node --version node --version

7
renovate.sh
View File

@ -13,11 +13,12 @@ gitea_container_name="$(basename "$(dirname "$(realpath "${BASH_SOURCE[0]}")")")
# see https://hub.docker.com/r/gitea/gitea/tags # see https://hub.docker.com/r/gitea/gitea/tags
# renovate: datasource=docker depName=gitea/gitea # renovate: datasource=docker depName=gitea/gitea
gitea_version='1.24.0' gitea_version='1.24.5'
# see https://hub.docker.com/r/renovate/renovate/tags # see https://hub.docker.com/r/renovate/renovate/tags
# see https://github.com/renovatebot/renovate/releases
# renovate: datasource=docker depName=renovate/renovate # renovate: datasource=docker depName=renovate/renovate
renovate_version='40.49.8' renovate_version='41.82.8'
# clean. # clean.
echo 'Deleting existing Gitea...' echo 'Deleting existing Gitea...'
@ -29,7 +30,7 @@ install -d tmp
# start gitea in background. # start gitea in background.
# see https://docs.gitea.io/en-us/config-cheat-sheet/ # see https://docs.gitea.io/en-us/config-cheat-sheet/
# see https://github.com/go-gitea/gitea/releases # see https://github.com/go-gitea/gitea/releases
# see https://github.com/go-gitea/gitea/blob/v1.24.0/docker/root/etc/s6/gitea/setup # see https://github.com/go-gitea/gitea/blob/v1.24.5/docker/root/etc/s6/gitea/setup
echo 'Starting Gitea...' echo 'Starting Gitea...'
docker run \ docker run \
--detach \ --detach \