企业官网建设流程全解析

构建 Docker 镜像

stage('构建Docker镜像'){steps{sh 'docker build-t spring-demo:$BUILD_ID.'}}

当Jenkins的流程到了这一步的时候一直报错

点击立即构建后报错
+ docker build -t spring-demo:1 .DEPRECATED: The legacy builder is deprecated and will be removed in a future release. Install the buildx component to build images with BuildKit:https://docs.docker.com/go/buildx/Sending build context to Docker daemon 9.266MBStep 1/4 : FROM openjdk:17-jdk-slim failed to resolve reference "docker.io/library/openjdk:17-jdk-slim": failed to authorize: failed to fetch anonymous token: Get "https://m.daocloud.io/auth/token?scope=repository%3Alibrary%2Fopenjdk%3Apull&service=docker.m.daocloud.io": dialing m.daocloud.io:443 container via direct connection because Docker Desktop has no HTTPS proxy: connecting to m.daocloud.io:443: dial tcp: lookup m.daocloud.io: no such host [Pipeline] } [Pipeline] // withEnv [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (推送到 Nexus 镜像仓库) Stage "推送到 Nexus 镜像仓库" skipped due to earlier failure(s) [Pipeline] getContext [Pipeline] } [Pipeline] // stage [Pipeline] } [Pipeline] // withEnv [Pipeline] } [Pipeline] // withEnv [Pipeline] } [Pipeline] // node [Pipeline] End of Pipeline ERROR: script returned exit code 1 Finished: FAILURE

你现在的结构是这样的（秒懂）

你的电脑（Windows/Mac） ← 运行着 Docker Desktop ← 运行着 Jenkins 容器

• Jenkins 容器内部没有 Docker 引擎
• 它只是调用外面电脑的 Docker
• 所以service docker restart必然报错

🚀 正确解决方法（100% 成功）
你要改的是你电脑上的 Docker，不是容器里的！

步骤 1：退出容器

exit

步骤 2：打开你电脑本机的 Docker 设置

如果你是Windows / Mac

1. 点 Docker Desktop 图标
2. 打开Settings
3. 找到Docker Engine

步骤 3：把下面配置粘贴进去

{"debug":false,"experimental":false,"insecure-registries":[],"registry-mirrors":["https://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn","https://mirror.baidubce.com"]}

步骤 4：点击Apply & Restart

在拉取jdk17的时候频繁报错，上面的错误也是由于拉取不到
Step 1/4 : FROM registry.aliyuncs.com/openjdk:17-jdk-slim failed to resolve reference "registry.aliyuncs.com/openjdk:17-jdk-slim": failed to authorize: failed to fetch anonymous token: Get "https://dockerauth.cn-hangzhou.aliyuncs.com/auth?scope=repository%3Aopenjdk%3Apull&service=registry.aliyuncs.com%3Acn-hangzhou%3A26842": dialing dockerauth.cn-hangzhou.aliyuncs.com:443 container via direct connection because Docker Desktop has no HTTPS proxy: connecting to dockerauth.cn-hangzhou.aliyuncs.com:443: dial tcp: lookup dockerauth.cn-hangzhou.aliyuncs.com: no such host [Pipeline] } [Pipeline] // withEnv [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (推送到 Nexus 镜像仓库) Stage "推送到 Nexus 镜像仓库" skipped due to earlier failure(s) [Pipeline] getContext [Pipeline] } [Pipeline] // stage [Pipeline] } [Pipeline] // withEnv [Pipeline] } [Pipeline] // withEnv [Pipeline] } [Pipeline] // node [Pipeline] End of Pipeline ERROR: script returned exit code 1 Finished: FAILURE

最终解决方法

之所以拉取不到，跟你的配置没啥关系，主要是网络的问题，再就是需要配置DNS，如果你的域名无法解析需要先配置DNS，主要是要在docker-compose里面添加

dns: #只加这里
- 223.5.5.5
- 114.114.114.114

# 2. CI核心 Jenkins image: jenkins/jenkins:lts-jdk17 jenkinsci/blueoceanjenkins: build:.# 重点：用本地Dockerfile构建image: my-jenkins-docker:latest# 你自己的镜像名字ports: -"8080:8080"-"50000:50000"volumes: - jenkins-data:/var/jenkins_home - /var/run/docker.sock:/var/run/docker.sock restart: always dns:#只加这里-223.5.5.5 -114.114.114.114 user: root

由于网络的问题
我还修改了Dockerfile

#FROMopenjdk:17-jdk-slimFROMdocker.io/library/eclipse-temurin:17-jre-focal #FROMregistry.aliyuncs.com/openjdk:17-jdk-slimWORKDIR/appCOPYtarget/*.jar app.jar ENTRYPOINT ["java","-jar","app.jar"]

并且修改了Docker的加速配置

{
“debug”: false,
“experimental”: false,
“insecure-registries”: null,
“registry-mirrors”: [
“https://docker.1panel.live”,
“https://docker.m.daocloud.io”,
“https://hub-mirror.c.163.com”
]
}

到这一步基本可以正常运行Jenkinsfile的下面这一步了

stage('构建Docker镜像'){steps{sh 'docker build-t spring-demo:$BUILD_ID.'}}

推送到 Nexus 镜像仓库

• 最后只剩nexus入库的操作了，这里我又遇到报错了
  failed to do request: Head "https://172.17.0.1:8081/v2/spring-demo/blobs/sha256:da05df3c7c22b5c5d105ab134dac83a5406e41e1b4698b66d2a449c1523b69ed": dialing 172.17.0.1:8081 container via direct connection because Docker Desktop has no HTTPS proxy: connecting to 172.17.0.1:8081: dial tcp 172.17.0.1:8081: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. [Pipeline] } [Pipeline] // withEnv [Pipeline] } [Pipeline] // stage [Pipeline] } [Pipeline] // withEnv [Pipeline] } [Pipeline] // withEnv [Pipeline] } [Pipeline] // node [Pipeline] End of Pipeline ERROR: script returned exit code 1 Finished: FAILURE
  连接不上nexus的仓库
  🔍 问题诊断：为什么连不上？

1. Nexus 里没有配置 Docker 镜像仓库：
   你需要先在 Nexus 中创建一个支持docker格式的仓库，否则无法接收镜像推送。

2. Docker 没有信任你的 Nexus 仓库：
   默认情况下，Docker 不允许向非 HTTPS 的 HTTP 仓库推送镜像，必须在配置中显式信任它。

3. 推送地址的格式不对：
   推送命令中的地址必须和你在 Docker 中配置的insecure-registries完全一致。

🛠️ 一步到位的解决方案

第一步：在 Nexus 中创建 Docker 仓库

1. 点击左侧的Settings（齿轮图标），然后选择Repositories。
2. 点击Create repository，选择docker (hosted)。
3. 配置关键信息：
   • Name:docker-hosted（随便取一个，好记就行）
   • HTTP: 勾选，端口号填8082（或其他未被占用的端口，不要和 Nexus 管理界面的 8081 冲突）
   • Allow anonymous docker pull: 建议先关闭，等调试通了再配置权限。
4. 点击Create repository完成创建。

⚠️ 注意：你推送镜像时用的端口，必须是这个仓库的HTTP端口，而不是管理界面的8081。

第二步：配置 Docker 信任你的 Nexus 仓库

在 **宿主机（运行 Docker Desktop 的 Windows 电脑）**上，打开 Docker 设置，找到Docker Engine，修改配置文件：

{"registry-mirrors":["https://docker.1panel.live","https://docker.m.daocloud.io","https://hub-mirror.c.163.com"],"insecure-registries":["host.docker.internal:8082"]}

点击Apply & Restart重启 Docker。

第三步：修改 Jenkinsfile 中的推送地址

将之前的推送阶段修改为：

stage('推送到 Nexus 镜像仓库'){steps{// 这里的端口号 8082 必须和你在 Nexus 里创建的 Docker 仓库端口一致sh'docker tag spring-demo:$BUILD_ID host.docker.internal:8082/spring-demo:$BUILD_ID'sh'docker push host.docker.internal:8082/spring-demo:$BUILD_ID'}}

第四步：在 Jenkins 里登录 Nexus（可选但推荐）

在推送之前，添加一个登录步骤，避免权限问题：

stage('推送到 Nexus 镜像仓库'){steps{sh'docker login -u admin -p admin123 host.docker.internal:8082'sh'docker tag spring-demo:$BUILD_ID host.docker.internal:8082/spring-demo:$BUILD_ID'sh'docker push host.docker.internal:8082/spring-demo:$BUILD_ID'}}

请将admin123替换为你 Nexus 的实际密码12345678。

上面方法一直尝试始终报错，知道我运行到了第三十五次才算运行成功

最终解决方法

• 就用端口8081跑就行了，不要换成其他端口
• 需要使用host.docker.internal进行访问其他的会出错
• 需要自己提前在nexus里面创建对应的库
• 给admin这个用户合理的权限
• 使用Path based routing而不是用http模式
• 最终完整配置如下：
  Jenkinsfile

pipeline{agent any tools{maven'M3'// 对应你刚才配置的 Maven 别名}stages{stage('拉取代码'){steps{git url:'http://gitea:3000/admin/demo.git',credentialsId:'gitea-account'}}stage('编译打包'){steps{sh 'mvn cleanpackage-DskipTests'}}stage('Sonar代码扫描'){steps{sh 'mvn sonar:sonar \-Dsonar.host.url=http://sonar:9000\-Dsonar.login=admin \-Dsonar.password=123456'}}stage('构建Docker镜像'){steps{sh 'docker build-t spring-demo:$BUILD_ID.'}}stage('推送到Nexus镜像仓库'){steps{// sh 'docker tag spring-demo:$BUILD_ID 172.17.0.1:8081/spring-demo:$BUILD_ID'// sh 'docker push 172.17.0.1:8081/spring-demo:$BUILD_ID'// 这里的端口号 8082 必须和你在 Nexus 里创建的 Docker 仓库端口一致// sh 'docker login -u admin -p 12345678 host.docker.internal:8082'// sh 'docker tag spring-demo:$BUILD_ID host.docker.internal:8082/spring-demo:$BUILD_ID'// sh 'docker push host.docker.internal:8082/spring-demo:$BUILD_ID'// sh 'docker login -u admin -p 12345678 nexus:8082'// sh 'docker tag spring-demo:$BUILD_ID nexus:8082/spring-demo:$BUILD_ID'// sh 'docker push nexus:8082/spring-demo:$BUILD_ID'// sh 'docker login -u admin -p 12345678 localhost:8082'// sh 'docker tag spring-demo:$BUILD_ID localhost:8082/spring-demo:$BUILD_ID'// sh 'docker push localhost:8082/spring-demo:$BUILD_ID'// // 登录 Nexus 主端口 8081// sh 'docker login -u admin -p 12345678 host.docker.internal:8081'// // 给镜像打上路径标签，格式：仓库地址/repository/仓库名/镜像名:构建号// sh 'docker tag spring-demo:$BUILD_ID host.docker.internal:8081/repository/docker-hosted/spring-demo:$BUILD_ID'// // 推送镜像// sh 'docker push host.docker.internal:8081/repository/docker-hosted/spring-demo:$BUILD_ID'sh 'docker login-u admin-p12345678host.docker.internal:8081' sh 'docker tag spring-demo:$BUILD_IDhost.docker.internal:8081/docker-hosted/spring-demo:$BUILD_ID' sh 'docker push host.docker.internal:8081/docker-hosted/spring-demo:$BUILD_ID'}}}}

Dockerfile

#FROMopenjdk:17-jdk-slimFROMdocker.io/library/eclipse-temurin:17-jre-focal #FROMregistry.aliyuncs.com/openjdk:17-jdk-slimWORKDIR/appCOPYtarget/*.jar app.jar ENTRYPOINT ["java","-jar","app.jar"]

Docker Engine的相关配置

{"debug":false,"experimental":false,"insecure-registries":["host.docker.internal:8082","localhost:8082","172.18.0.5:8082","172.18.32.1:8082","host.docker.internal:8081","localhost:8081","172.18.0.5:8081","172.18.32.1:8081"],"registry-mirrors":["https://docker.1panel.live","https://docker.m.daocloud.io","https://hub-mirror.c.163.com"]}

Docker-compose.yml

version:'3.8'# 企业级DevOps全栈本地环境（WSL专用稳定版） services:#1.代码仓库（替代GitLab） gitea:image:gitea/gitea:latest ports:-"3000:3000"-"222:22"volumes:-gitea-data:/data restart:always #2.CI核心Jenkinsimage:jenkins/jenkins:lts-jdk17 jenkinsci/blueocean jenkins:build:.# 重点：用本地Dockerfile构建 image:my-jenkins-docker:latest # 你自己的镜像名字 ports:-"8080:8080"-"50000:50000"volumes:-jenkins-data:/var/jenkins_home-/var/run/docker.sock:/var/run/docker.sock-/etc/docker/daemon.json:/etc/docker/daemon.json:ro #加上这一行！让Jenkins用宿主机的Docker配置！ restart:always dns:#只加这里-223.5.5.5-114.114.114.114user:root #3.代码质量SonarQubesonar:image:sonarqube:lts-community ports:-"9000:9000"environment:-SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=truevolumes:-sonar-data:/opt/sonarqube/data-sonar-ext:/opt/sonarqube/extensions restart:always #4.制品仓库Nexus(jar+镜像)nexus:image:sonatype/nexus3:latest ports:-"8081:8081"-"8082:8082"volumes:-nexus-data:/nexus-data restart:always #5.配置中心Nacosnacos:image:nacos/nacos-server:v2.2.3ports:-"8848:8848"-"9848:9848"environment:-MODE=standalone-JVM_XMS=256m-JVM_XMX=256m volumes:-nacos-data:/home/nacos/data restart:always #6.监控Prometheusprometheus:image:prom/prometheus:latest ports:-"9090:9090"volumes:-prom-data:/prometheus restart:always #7.可视化监控Grafanagrafana:image:grafana/grafana:latest ports:-"3001:3000"volumes:-grafana-data:/var/lib/grafana restart:always #======================WSL专用数据卷（永不报错、永久保存）======================volumes:gitea-data:jenkins-data:sonar-data:sonar-ext:nexus-data:nacos-data:prom-data:grafana-data:

nexus的仓库配置如下

权限相关配置