Nexus Installation and Setup

Use following commands to install nexus

It will do following:

  1. Install java (use dnf if yum not working)

  2. install nexus

  3. change directory

  4. restart it

  5. Get password and login

You can use either of following commands based on your OS.

sudo yum install java-1.8.0-openjdk.x86_64 -y

sudo yum install java-11-amazon-corretto

java -version

OR

sudo dnf update

sudo dnf install java-1.8.0-amazon-corretto

sudo dnf install java-1.8.0-openjdk.x86_64 -y

java -version

create /app and go inside it

sudo mkdir /app && cd /app

install nexus there

sudo wget -O nexus.tar.gz https://download.sonatype.com/nexus/3/latest-unix.tar.gz
[root@ip-172-31-0-201 app]# ls -l
total 224280
-rw-r--r--.  1 root  root  229661238 Jun  4 14:24 nexus.tar.gz

extract the tar file and move it to nexus folder

sudo tar -xvf nexus.tar.gz

sudo mv nexus-3* nexus

check with 'ls -l' command

[root@ip-172-31-0-201 app]# ls -l
total 224280
drwxr-xr-x. 10 nexus nexus       181 Jul  3 03:06 nexus
-rw-r--r--.  1 root  root  229661238 Jun  4 14:24 nexus.tar.gz
drwxr-xr-x.  3 nexus nexus        20 Jul  3 03:06 sonatype-work
[root@ip-172-31-0-201 app]# 
[root@ip-172-31-0-201 app]# pwd
/app
[root@ip-172-31-0-201 app]#

create nexus user and give it permissions to nexus directory

sudo adduser nexus

sudo chown -R nexus:nexus /app/nexus

sudo chown -R nexus:nexus /app/sonatype-work

Update configuration inside "/app/nexus/bin/nexus.rc"

sudo vim  /app/nexus/bin/nexus.rc

Add following content inside this file

run_as_user="nexus"

Update the configuration for following file:

sudo vim /etc/systemd/system/nexus.service

Enter following content and save the file

[Unit]
Description=nexus service
After=network.target

[Service]
Type=forking
LimitNOFILE=65536
User=nexus
Group=nexus
ExecStart=/app/nexus/bin/nexus start
ExecStop=/app/nexus/bin/nexus stop
User=nexus
Restart=on-abort

[Install]
WantedBy=multi-user.target

Now restart the nexus

sudo chkconfig nexus on

systemctl start nexus

systemctl status nexus

systemctl enable nexus

How to troubleshoot if nexus is not working

[root@ip-10-1-101-31 nexus]# sudo -u nexus /app/nexus/bin/nexus run
Unrecognized option: --add-reads=java.xml=java.logging
Error: Could not create the Java Virtual Machine.
Error: A fatal exception has occurred. Program will exit.
[root@ip-10-1-101-31 nexus]#

Here I have updated the java version to 11

[root@ip-10-1-101-31 nexus]# 
[root@ip-10-1-101-31 nexus]# sudo yum install java-11-openjdk-devel

Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
amzn2-core                                                                                                                                 | 3.6 kB  00:00:00     
No package java-11-openjdk-devel available.
Error: Nothing to do
[root@ip-10-1-101-31 nexus]# 
[root@ip-10-1-101-31 nexus]# 
[root@ip-10-1-101-31 nexus]# 
[root@ip-10-1-101-31 nexus]# sudo yum install java-11-amazon-corretto
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Resolving Dependencies
--> Running transaction check
---> Package java-11-amazon-corretto.x86_64 1:11.0.24+8-1.amzn2 will be installed
--> Processing Dependency: java-11-amazon-corretto-headless(x86-64) = 1:11.0.24+8-1.amzn2 for package: 1:java-11-amazon-corretto-11.0.24+8-1.amzn2.x86_64
--> Processing Dependency: libXt for package: 1:java-11-amazon-corretto-11.0.24+8-1.amzn2.x86_64
--> Processing Dependency: dejavu-serif-fonts for package: 1:java-11-amazon-corretto-11.0.24+8-1.amzn2.x86_64
--> Processing Dependency: dejavu-sans-mono-fonts for package: 1:java-11-amazon-corretto-11.0.24+8-1.amzn2.x86_64
--> Running transaction check
---> Package dejavu-sans-mono-fonts.noarch 0:2.33-6.amzn2 will be installed
---> Package dejavu-serif-fonts.noarch 0:2.33-6.amzn2 will be installed
---> Package java-11-amazon-corretto-headless.x86_64 1:11.0.24+8-1.amzn2 will be installed
---> Package libXt.x86_64 0:1.1.5-3.amzn2.0.2 will be installed
--> Finished Dependency Resolution

Then switch to new java version

[root@ip-10-1-101-31 nexus]# 
[root@ip-10-1-101-31 nexus]# alternatives --config java

There are 2 programs which provide 'java'.

  Selection    Command
-----------------------------------------------
*+ 1           java-1.8.0-openjdk.x86_64 (/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.412.b08-1.amzn2.0.1.x86_64/jre/bin/java)
   2           /usr/lib/jvm/java-11-amazon-corretto.x86_64/bin/java

Enter to keep the current selection[+], or type selection number: 2
[root@ip-10-1-101-31 nexus]#

Then it workde

[root@ip-10-1-101-31 nexus]# 
[root@ip-10-1-101-31 nexus]# systemctl start nexus
[root@ip-10-1-101-31 nexus]# 
[root@ip-10-1-101-31 nexus]# systemctl status nexus
● nexus.service - nexus service
   Loaded: loaded (/etc/systemd/system/nexus.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2024-09-24 15:29:35 UTC; 5s ago
  Process: 14015 ExecStart=/app/nexus/bin/nexus start (code=exited, status=0/SUCCESS)
 Main PID: 14310 (java)
   CGroup: /system.slice/nexus.service
           └─14310 /usr/lib/jvm/java-11-amazon-corretto.x86_64/bin/java -server -Dinstall4j.jvmDir=/usr/lib/jvm/java-11-amazon-corretto.x86_64 -Dexe4j.moduleNa...

Sep 24 15:29:35 ip-10-1-101-31.ec2.internal systemd[1]: Starting nexus service...
Sep 24 15:29:35 ip-10-1-101-31.ec2.internal nexus[14015]: Starting nexus
Sep 24 15:29:35 ip-10-1-101-31.ec2.internal systemd[1]: Started nexus service.
[root@ip-10-1-101-31 nexus]#

You can login with this code in nexus:

you will get the password for the nexus here:

cat /app/sonatype-work/nexus3/admin.password

Change the password

Setup docker nexus repo , allow these ports from security groups of ec2 instance.

Setup Realms

You will need to install docker if docker package is not present

[root@ip-172-31-0-221 ~]# yum install docker -y
Last metadata expiration check: 0:22:29 ago on Thu Jul 11 03:01:04 2024.
Dependencies resolved.

I have setup docker daemon on another EC2 server

Then restart docker

systemctl restart docker

check connections

[root@ip-172-31-0-55 ~]# curl http://52.90.8.197:8082/v2/
{"errors":[{"code":"UNAUTHORIZED","message":"access to the requested resource is not authorized","detail":null}]}[root@ip-172-31-0-55 ~]#
[root@ip-172-31-0-55 ~]#
[root@ip-172-31-0-55 ~]# curl http://52.90.8.197:8082/v2/
{"errors":[{"code":"UNAUTHORIZED","message":"access to the requested resource is not authorized","detail":null}]}[root@ip-172-31-0-55 ~]#
[root@ip-172-31-0-55 ~]#

Login to repo

[root@ip-172-31-0-55 ~]# docker login http://52.90.8.197:8082
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@ip-172-31-0-55 ~]#

pull alpine image

[root@ip-172-31-0-55 ~]#
[root@ip-172-31-0-55 ~]# docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
ec99f8b99825: Pull complete
Digest: sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest
[root@ip-172-31-0-55 ~]#
[root@ip-172-31-0-55 ~]#
[root@ip-172-31-0-55 ~]#
[root@ip-172-31-0-55 ~]# docker images
REPOSITORY                                                       TAG             IMAGE ID       CREATED       SIZE
alpine                                                           latest          a606584aa9aa   12 days ago   7.8MB
[root@ip-172-31-0-55 ~]#

tag and upload

[root@ip-172-31-0-55 ~]#
[root@ip-172-31-0-55 ~]# docker tag alpine:latest 52.90.8.197:8082/demo2:1.0.0
[root@ip-172-31-0-55 ~]#
[root@ip-172-31-0-55 ~]#
[root@ip-172-31-0-55 ~]#
[root@ip-172-31-0-55 ~]# docker images
REPOSITORY                                                       TAG             IMAGE ID       CREATED       SIZE
52.90.8.197:8082/demo2                                           1.0.0           a606584aa9aa   12 days ago   7.8MB
alpine                                                           latest          a606584aa9aa   12 days ago   7.8MB
[root@ip-172-31-0-55 ~]#
[root@ip-172-31-0-55 ~]#
[root@ip-172-31-0-55 ~]# docker push 52.90.8.197:8082/alpine:1.0.0
The push refers to repository [52.90.8.197:8082/alpine]
94e5f06ff8e3: Pushed
1.0.0: digest: sha256:dabf91b69c191a1a0a1628fd6bdd029c0c4018041c7f052870bb13c5a222ae76 size: 528
[root@ip-172-31-0-55 ~]#

To install and configure Nexus Repository Manager to run over HTTPS

Step 1: Install Nginx

Install Nginx using the following command:

sudo dnf install nginx -y

Step 2: Generate SSL Certificates

You can either use a self-signed certificate for testing purposes or obtain a certificate from a Certificate Authority (CA). Here’s how to create a self-signed certificate:

sudo mkdir -p /etc/nginx/ssl
sudo openssl req -newkey rsa:2048 -nodes -keyout /etc/nginx/ssl/nexus.key -x509 -days 365 -out /etc/nginx/ssl/nexus.crt

Fill out the required information for the certificate.

Step 3: Configure Nginx

Create a new Nginx configuration file for Nexus:

sudo vim /etc/nginx/conf.d/nexus.conf

Add the following content:

server {
    listen 443 ssl;
    server_name your_domain_or_ip;

    ssl_certificate /etc/nginx/ssl/nexus.crt;
    ssl_certificate_key /etc/nginx/ssl/nexus.key;

    location / {
        proxy_pass http://localhost:8081;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

server {
    listen 80;
    server_name your_domain_or_ip;

    location / {
        return 301 https://$host$request_uri;
    }
}

Replace your_domain_or_ip with your actual domain name or IP address.

Step 4: Configure Nexus for HTTPS

Edit the Nexus configuration to listen on the default HTTP port (8081):

sudo vim /app/nexus/etc/nexus-default.properties

Ensure the following line is present and uncommented:

application-port=8081

Step 5: Restart Services

Restart Nginx and Nexus services to apply the changes:

sudo systemctl restart nginx
sudo systemctl restart nexus
sudo systemctl enable nginx
sudo systemctl enable nexus

Step 6: Verify HTTPS Configuration

Open a web browser and navigate to https://your_domain_or_ip. You should see the Nexus Repository Manager interface running over HTTPS.

This setup ensures that Nexus is accessible over HTTPS with a self-signed certificate. For production use, consider obtaining a certificate from a trusted CA.