Installing Sonatype Nexus Repository OSS on CentOS 7

Sonatype Nexus is a popular repository manager used worldwide for most of the components, binaries, and build artifacts.

Sonatype Nexus is a popular repository manager used worldwide for most of the components, binaries, and build artifacts. It comes with support for the Java Virtual Machine (JVM) ecosystem, including Gradle, Ant, Maven, and Ivy.

Compatible with standard tools including Eclipse, IntelliJ, Hudson, Jenkins, Puppet, Chef, Docker, etc., Sonatype Nexus repo can manage dev components through delivery for the binaries containers, assemblies, and finished goods.

In this tutorial, we will provide you a comprehensive guide on setting up Sonatype Nexus Repository OSS version on CentOS 7.

Installing Sonatype Nexus Repository OSS on CentOS 7

Before starting the tutorial, let’s look at the minimum system requirements for running the Sonatype Nexus Repo.

System requirements

  • Minimum CPUs: 4, Recommended CPUs: 8+
  • Minimum physical/RAM on the host 8GB

1. Pre-installation

Begin with setting the Hostname.

hostnamectl set-hostname nexus

Update your CentOS system.

 yum update -y

Install Java using the following command:

yum -y install java-1.8.0-openjdk java-1.8.0-openjdk-devel

Install JAVA
Install JAVA

After installation is complete, check the java version to make sure you are all set to go to the next step of downloading the Repo.

java -version

JAVA Version
JAVA Version

2. Download Nexus Repository Manager 3

Navigate to the opt directory:

cd /opt

Copy the latest URL of the Repo from the official website and then download it using wget.

wget https://download.sonatype.com/nexus/3/latest-unix.tar.gz

Extract the tar file.

tar -xvzf latest-unix.tar.gz

You should see two directories, including nexus files and nexus data directory.

ls -lh

Extracted Files
Extracted Folders

Rename the folders.

mv nexus-3.20.1-01 nexus
mv sonatype-work nexusdata

Rename Directories
Rename Directories

3. Set User/Permissions and Configurations

I. Add a user for a nexus service.

useradd --system --no-create-home nexus

II. Set the ownership for nexus files and nexus data.

chown -R nexus:nexus /opt/nexus
chown -R nexus:nexus /opt/nexusdata

III. Change Nexus configuration and set the custom data directory

Edit “nexus.vmoptions”.

vim /opt/nexus/bin/nexus.vmoptions

Change the data directory.

-Xms2703m
-Xmx2703m
-XX:MaxDirectMemorySize=2703m
-XX:+UnlockDiagnosticVMOptions
-XX:+LogVMOutput
-XX:LogFile=../nexusdata/nexus3/log/jvm.log
-XX:-OmitStackTraceInFastThrow
-Djava.net.preferIPv4Stack=true
-Dkaraf.home=.
-Dkaraf.base=.
-Dkaraf.etc=etc/karaf
-Djava.util.logging.config.file=etc/karaf/java.util.logging.properties
-Dkaraf.data=../nexusdata/nexus3
-Dkaraf.log=../nexusdata/nexus3/log
-Djava.io.tmpdir=../nexusdata/nexus3/tmp
-Dkaraf.startLocalConsole=false

Save and exit the file.

Change Nexus Data Directory
Change Nexus Data Directory

IV. Change the user for the nexus service account.

Edit “nexus.rc” file.

vim /opt/nexus/bin/nexus.rc

Uncomment “run_as_user” parameter and add new value.

run_as_user="nexus"

V. Stop listening for remote connections.

We need to modify the “nexus-default.properties” file.

vim /opt/nexus/etc/nexus-default.properties

Change application-host=0.0.0.0 to application-host=127.0.0.1.

Change Application Host
Change Application Host

VI. Configure the open file limit of the nexus user.

vim /etc/security/limits.conf

Add the below values to the file.

nexus - nofile 65536

Save and the exit file.

4. Set Nexus as a System Service

Create the Systemd service file in “/etc/systemd/system/”.

vim /etc/systemd/system/nexus.service

Add the following to the file.

[Unit]
Description=Nexus Service
After=syslog.target network.target

[Service]
Type=forking
LimitNOFILE=65536
ExecStart=/opt/nexus/bin/nexus start
ExecStop=/opt/nexus/bin/nexus stop
User=nexus
Group=nexus
Restart=on-failure

[Install]
WantedBy=multi-user.target

Reload systemctl.

systemctl daemon-reload

Enable service on system boot.

systemctl enable nexus.service

Start service.

systemctl start nexus.service

Monitor the log file.

tail -f /opt/nexusdata/nexus3/log/nexus.log

Log file
Logfile

Check the service port.

netstat -tunlp | grep 8081

Check Port
Check Port

5. Setup up Nginx

Setup epel Repositories.

yum install -y epel-release

List the repositories.

yum repolist

Install Nginx.

yum install nginx

set nginx on system boot

systemctl enable nginx

check the status of Nginx and start service if the service is not running.

systemctl status nginx
systemctl start nginx

6. Set DNS records for the servers.

Then go to your DNS manager and add A record for your server.

A Domain Name Server IP

Here we have used AWS route 53 to setup our DNS.

DNS Record
DNS Record

7. Configure SSL using certbot

I. Install certbot packages first.

yum install certbot python2-certbot-nginx

II. Install certificates.

certbot --nginx

It will ask a few questions and enter email, domain name, and needed inputs as follows.

Generate SSL
Generate SSL

After installation is done, open nginx.conf.

vim /etc/nginx/nginx.conf

You can see certbot SSL configuration.

III. Add Proxy pass

Add the following contents to a Location Blocks.

location / {

      proxy_pass "http://127.0.0.1:8081";
      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;
      proxy_set_header        X-Forwarded-Ssl on;
      proxy_read_timeout      300;
      proxy_connect_timeout   300;

 }

Proxy Pass
Proxy Pass

Save and exit the file.

Check nginx syntax:

nginx -t

Restart Nginx:

systemctl restart nginx

8. Set firewall rules

Now enable https access to a specific public IP. Run the below command.

firewall-cmd --permanent --zone=public --add-rich-rule='
rule family="ipv4"
source address="123.44.8.180/32"
port protocol="tcp" port="443" accept'

If you need to open https to public run below command:

firewall-cmd --zone=public --permanent --add-service=https

Reload the firewall.

firewall-cmd --reload

9. Setup SELinux policy for Nginx

setsebool -P httpd_can_network_connect 1

10. Browse web site using your domain name

eg: https://nexusrepo.fosslinux.com/

Browse URL
Browse URL

11. Sign in to the server

Sign in with the default user name as “admin.”  Run below command in the server and get the password.

cat /opt/nexusdata/nexus3/admin.password

Sign In
Sign In

After the first login, you should see a similar window, as shown below.

After Login

Click on next and set up a new password for the admin user.

New Admin Password
New Admin Password

Again, click on next, and you should see the “Configure Anonymous Access” window. Do not enable Anonymous Access.

Anonymous Access
Anonymous Access

Click on the Next button, and you can see the complete setup.

Complete Setup
Complete Setup

Click on the finish.

That’s all about installing the Sonatype Nexus Repository OSS on your CentOS 7.

Darshana
Hey! I'm Darshana, a Linux / DevOps Engineer and also a contributor to FOSS Linux. I enjoy working on various kind of Linux distributions and cloud technologies. During my free time, I love to swim and hike across nature trails. Linux is my love and I'm here to share all my learnings with all of you! Hope you enjoyed reading my article.

1 COMMENT

  1. The way you created the nexus account, without a home directory, creates a crash. The fix is to create a new directory (as user nexus):

    mkdir /opt/nexus/.java

    and then to add a line at /opt/nexus/bin/nexus.vmoptions

    -Djava.util.prefs.userRoot=/opt/nexus/.java

    and to

LEAVE A REPLY

Please enter your comment!
Please enter your name here

STAY CONNECTED

23,420FansLike
377FollowersFollow
16SubscribersSubscribe

LATEST ARTICLES

Getting Started with Linux Operating System

The Linux operating system brings forth a vibrant mix of features and security, making it the best alternative to macOS or Windows operating systems. In this post, we will give you a master guide on Getting started with Linux systems - taking you from a complete beginner to a level where you can begin testing the various Linux distributions available with much ease.

How to Create a Comprehensive Mail Server on Ubuntu

Postal is a free and open-source mail server used to send and receive emails. It comes loaded with tons of excellent features and functionalities, making it extremely popular among large organizations as well as in enterprise settings.

The 10 Best Linux Performance Monitoring Tools

Do you want to monitor the performance of your Linux system? Are you looking for some powerful performance monitoring tools to help you out? If you agree, it's your day as we have put together a detailed list of the ten best Linux performance monitoring tools.

How to Boot your Windows or Linux PC from a USB Drive

Sometime back, the process of installing an operating system required users to pop a bootable media disk into their DVD or CD drive and use it to boot the PC. But times have changed. Nowadays, the most common way of installing an OS is booting from a USB drive. The use of USB drives is further propelled by the current production of slim and lightweight laptops with no support for DVD/CD drives.

Python For Loop: Everything You Need to Know

Loops are one of the essential elements in any programming language, and Python is not an exception to it. Loops are used to repeat a statement or a block of statements multiple times. If there were no concept of loops in programming languages, we have to write each statement again and again for the number of times we want to execute it.

How to install LibreOffice on Fedora

If you are looking for a feature-rich and reliable Office Suite for your Fedora PC, then you have an excellent option at hand. LibreOffice, a free and opensource app, has stood the test of time and evolved into a beautiful alternative to Microsoft Office.

MUST READ

Buyers who wish to go for a machine that is based on Linux often show interest in Chromebooks due to the form factor and extended battery life capabilities. Although ChromeOS power these machines, users can still miss out on a more genuine Linux experience. For those who happen to agree, the new Lemur Pro by System76 might get some heads turning.
Linux is growing faster than ever. As per the latest report, there is a drop in the Windows 10 market share for the first time, and Linux's market share has improved to 2.87% this month. Most of the features in the list were rolled out in the Pop OS 20.04. Let's a detailed look into the new features, how to upgrade, and a ride through video.

The 10 Best Linux Server Distros For Home And Businesses

By the year 2020, it is estimated that there are close to 600 Linux distributions in the market. It includes both servers and Desktop versions; therefore, if you are looking for lightweight Linux distribution for your old PC or a reliable desktop version for employees in your organization, you may be overwhelmed with the number of choices for finding one for your use.

The 6 Best Download Managers for Fedora

It is a well-known fact that using download managers can help improve download speeds as compared to web browsers. Apart from the inbuilt download manager wget on Fedora, just as on any distribution that is based on GNU/Linux package, there are more options to explore.

What is FOSS, and how does it differ from Freeware

The rise of the Linux operating system, in all its various distributions, over the past few decades has catapulted the popularity of Free or Open Source Software (FOSS). Let's guide you in understanding what is FOSS, how it differs from freeware and is Linux a FOSS.

5 Best Download Managers for Linux

We often need to download large files that can go corrupt due to various reasons such as slow internet or interrupted download. Using a broken downloaded file is not something one wants. Download managers make sure that the downloaded file maintains its integrity and also presents you with the ability to pause and resume downloads, provided the server supports it. When you are downloading a massive file, it's recommended to use a download manager.