This tutorial describes how to install Nexus repository manager on Debian 11.
Nexus is the World’s #1 repository manager for build artifacts. There exist two versions of Nexus repository manager;
- Professional Edition: Universally manage binaries and artifacts with HA and support.
- OSS Edition: Universally manage binaries and artifacts for FREE.
In this tutorial, we will be installing the OSS version.
Installing Nexus Repository Manager on Debian 11
System Requirements
Ensure that the minimum requirements are met by your system before you can proceed, as outlined on Nexus system requirements page, links provided below.
Run System Update
Update system package cache;
apt updateInstall Java on Debian 11
Nexus repository manager requires Java 8 Runtime Environment (JRE).
Debian 11 repos do not provide Java 8 packages. Hence, we opted to use repos for Debian 9 to install Java 8.
cat > /etc/apt/sources.list.d/java-8.list << 'EOL'
deb http://ftp.debian.org/debian stretch main
deb-src http://ftp.debian.org/debian stretch main
EOLapt updateYou can simply run the command below to install Java 8 on Debian 11;
apt install openjdk-8-jdkConfirm the installed version of Java;
java -versionRemove Debian 9 repos;
rm -rf /etc/apt/sources.list.d/java-8.listCreate Dedicated Nexus System Account
As a security precaution, Nexus Repository Manager should NOT be run as the root user. Instead, create a system account for Nexus;
useradd -M -d /opt/nexus -s /bin/bash -r nexusAllow the nexus user to run all commands with sudo without password.
apt install sudo -yecho "nexus ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/nexusDownload Nexus Repository OSS Tarball
Navigate to Nexus repository OSS downloads page, register for an account and download Nexus repository OSS for Unix tarball.
You can simply obtain the link and pull the tarball using wget command as shown below. Note that this downloads the current stable release version of Nexus, 3.35.0-02, as of this writing. Be sure to get the link to the latest version from downloads page.
wget https://sonatype-download.global.ssl.fastly.net/repository/downloads-prod-group/3/nexus-3.35.0-02-unix.tar.gzInstalling Nexus Repository Manager on Debian 11
Extract the tarball
Extact Nexus to the nexus user home directory, which in this guide is /opt/nexus.
mkdir /opt/nexustar xzf nexus-3.35.0-02-unix.tar.gz -C /opt/nexus --strip-components=1Checking the contents of the /opt/nexus directory;
ls /opt/nexus/*
bin
deploy
etc
lib
nexus3
NOTICE.txt
OSS-LICENSE.txt
PRO-LICENSE.txt
public
replicator
system
Set the proper ownership of the nexus directory;
chown -R nexus: /opt/nexusAdjust the Nexus Memory Heap Size
The default minimum JVM heap for Nexus is 2037MB with maximum recommended being 4G.
If you have less memory, you can reduce it by editing the file /opt/nexus/bin/nexus.vmoptions and setting a lower value, for demo purposes.
Replace the default values for the lines;
-Xms2703m
-Xmx2703m
-XX:MaxDirectMemorySize=2703m
...To for example, to set it to 1024MB;
-Xms1024m
-Xmx1024m
-XX:MaxDirectMemorySize=1024mSave and exit the file once you have made the changes. You can simply run the sed command below to replace the values;
sed -i 's/2703/1024/g' /opt/nexus/bin/nexus.vmoptionsRunning Nexus Repository on Debian 11
Running Nexus in Standalone Mode
/opt/nexus/bin/nexus is the Nexus startup script.
To run Nexus in standalone mode, you can run this command.
However, you need to ensure that Nexus is run as nexus user.
Therefore, edit the file /opt/nexus/bin/nexus.rc and uncomment the line, #run_as_user="" and add nexus as the value.
sed -i 's/#run_as_user=""/run_as_user="nexus"/' /opt/nexus/bin/nexus.rcChange the location of the Sonatype Work directory (Nexus data directory) to a location where nexus user has permissions to write.
For example, in our setup, we set the home directory for Nexus as /opt/nexus and we gave nexus user ownership of this directory.
By default, sonatype-work data directory is moved one directory up, hence, it is expected to be created under /opt, which the nexus user has no permissions to write.
Therefore, edit the /opt/nexus/bin/nexus.vmoptions and adjust the path of the Nexus directory (in the below settings, the directory is changed from ../sonatype-work to ./sonatype-work).
sed -i 's|../sonatype|./sonatype|' /opt/nexus/bin/nexus.vmoptionsYou can then run Nexus in standalone mode.
sudo -u nexus /opt/nexus/bin/nexus startIt might take sometime for Nexus to start. While starting, tail the logs;
tail -f /opt/nexus/sonatype-work/nexus3/log/nexus.log
2021-10-21 20:33:43,243+0300 INFO [jetty-main-1] *SYSTEM com.softwarementors.extjs.djn.servlet.DirectJNgineServlet - Servlet GLOBAL configuration: registryConfiguratorClass=
2021-10-21 20:33:43,705+0300 INFO [jetty-main-1] *SYSTEM com.softwarementors.extjs.djn.jscodegen.CodeFileGenerator - Creating source files for APIs...
2021-10-21 20:33:46,340+0300 INFO [jetty-main-1] *SYSTEM org.sonatype.nexus.siesta.SiestaServlet - JAX-RS RuntimeDelegate: org.sonatype.nexus.siesta.internal.resteasy.SisuResteasyProviderFactory@22c27d33
2021-10-21 20:33:46,747+0300 INFO [jetty-main-1] *SYSTEM org.jboss.resteasy.plugins.validation.i18n - RESTEASY008550: Unable to find CDI supporting ValidatorFactory. Using default ValidatorFactory
2021-10-21 20:33:54,042+0300 INFO [periodic-8-thread-1] *SYSTEM org.sonatype.nexus.rapture.internal.HealthCheckCacheManager - Health check status changed from false to true for Lifecycle Phase
2021-10-21 20:34:00,142+0300 INFO [jetty-main-1] *SYSTEM org.sonatype.nexus.siesta.SiestaServlet - Initialized
2021-10-21 20:34:00,198+0300 INFO [jetty-main-1] *SYSTEM org.sonatype.nexus.repository.httpbridge.internal.ViewServlet - Initialized
2021-10-21 20:34:01,234+0300 INFO [jetty-main-1] *SYSTEM org.eclipse.jetty.server.handler.ContextHandler - Started o.e.j.w.WebAppContext@27f305d1{Sonatype Nexus,/,file:///opt/nexus/public/,AVAILABLE}
2021-10-21 20:34:02,532+0300 INFO [jetty-main-1] *SYSTEM org.eclipse.jetty.server.AbstractConnector - Started ServerConnector@c9a257e{HTTP/1.1, (http/1.1)}{0.0.0.0:8081}
2021-10-21 20:34:02,534+0300 INFO [jetty-main-1] *SYSTEM org.eclipse.jetty.server.Server - Started @535009ms
2021-10-21 20:34:02,564+0300 INFO [jetty-main-1] *SYSTEM org.sonatype.nexus.bootstrap.jetty.JettyServer -
-------------------------------------------------
Started Sonatype Nexus OSS 3.35.0-02
-------------------------------------------------
Nexus listens on TCP port 8081 by default;
ss -altnp | grep :8081LISTEN 0 50 0.0.0.0:8081 0.0.0.0:* users:(("java",pid=2188,fd=699))You should now be able to access Nexus web interface from browser.
You can stop it by running the command;
sudo -u nexus /opt/nexus/bin/nexus stopRunning Nexus Repository as a Systemd Service
To easily manage Nexus repository service, create a systemd service unit for it as shown below;
cat > /etc/systemd/system/nexus.service << 'EOL'
[Unit]
Description=nexus service
After=network.target
[Service]
Type=forking
LimitNOFILE=65536
ExecStart=/opt/nexus/bin/nexus start
ExecStop=/opt/nexus/bin/nexus stop
User=nexus
Restart=on-abort
[Install]
WantedBy=multi-user.target
EOL
Reload the systemd manager configuration;
systemctl daemon-reloadStart and enable Nexus service to run on system reboot;
systemctl enable --now nexusCheck the service status;
systemctl status nexus
● nexus.service - nexus service
Loaded: loaded (/etc/systemd/system/nexus.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2021-10-21 20:39:09 EAT; 4s ago
Process: 2009 ExecStart=/opt/nexus/bin/nexus start (code=exited, status=0/SUCCESS)
Main PID: 2188 (java)
Tasks: 15 (limit: 1133)
Memory: 74.6M
CPU: 1.364s
CGroup: /system.slice/nexus.service
└─2188 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java -server -Dinstall4j.jvmDir=/usr/lib/jvm/java-8-openjdk-amd64/jre -Dexe4j.moduleName=/opt/nexus/bin/nexus>
Oct 21 20:39:09 bullseye.kifarunix-demo.com systemd[1]: Starting nexus service...
Oct 21 20:39:09 bullseye.kifarunix-demo.com nexus[2009]: Starting nexus
Oct 21 20:39:09 bullseye.kifarunix-demo.com systemd[1]: Started nexus service.
You can as well check the logs for verification;
tail -f /opt/nexus/sonatype-work/nexus3/log/nexus.logAccessing Nexus Repository Web Interface
You can now access Nexus repository from browser using the address http://server-IP-or-resolvable-hostname:8081.
If UFW is running, you need to open port 8081 to allow external access.
ufw allow 8081/tcpNext, you can access from browser. Such an interface should welcome you.
Setup Nexus Repository Manager
Click the sign in button at the top right corner. Login as admin.
The password is located on the file, /opt/nexus/sonatype-work/nexus3/admin.password.
To get the password, just print the contents of the file.
cat /opt/nexus/sonatype-work/nexus3/admin.password
Once you logged in, click next to proceed to setup Nexus.
- Reset Nexus repository admin password
- Configure anonymous access. You can choose to disable the anonymous access to secure Nexus repositories by requiring user to authenticate before they can browse through the repositories.
- Finish the setup
You can access Nexus repository manager settings by clicking on the gear icon;
You can go through the settings and make adjustments to suite your needs.
Further Reading
Read more about Nexus and its setup on Nexus Repository Manager 3 documentation page.
Nexus Repository Manager 3 documentation page
