[transferred from Darshana of FOSS Linux< Installing Sonatype Nexus Repository OSS on CentOS 7 >[translation]

Sonatype Nexus is a popular repository manager for most components, binaries, and build artifacts worldwide. It supports the Java virtual machine (JVM) ecosystem, including Gradle, Ant, Maven, and Ivy.

Compatible standard tools include Eclipse, IntelliJ, Hudson, Jenkins, Puppet, Chef, Docker, etc. Sonatype Nexus repo can manage development components by delivering binary containers, components, and finished products.

In this tutorial, we will provide you with a comprehensive guide to setting up the version of Sonatype Nexus Repository OSS on CentOS 7.

Installing Sonatype Nexus Repository OSS on CentOS 7

Before starting this tutorial, let's look at the minimum system requirements for running Sonatype Nexus Repo.

system requirements

• Minimum CPU: 4, recommended CPU: 8+
• Minimum physical / RAM 8GB on host

1. Pre installation

Start setting host name.

hostnamectl set-hostname nexus

Update your CentOS system.

yum update -y

Install Java by executing the following command:

yum -y install java-1.8.0-openjdk java-1.8.0-openjdk-devel

After the installation is complete, check the java version to ensure that you are ready to go to the next step of downloading Repo.

java -version

2. Download Nexus Repository Manager 3

Navigate to the opt directory

cd /opt

from Official website Copy the URL of the latest Repo and download it with wget.

wget https://download.sonatype.com/nexus/3/latest-unix.tar.gz

Unzip the tar file

tar -xvzf latest-unix.tar.gz

You should see two directories, including nexus files and nexus data directories

ls -lh

[external chain picture transfer failed. The source station may have anti-theft chain mechanism. It is recommended to save the picture and upload it directly (img-xiruzvel-1631600730185)( https://cdn.fosslinux.com/wp-content/uploads/2020/02/04052743/Etracted_Files.png )]

Rename folder

mv nexus-3.20.1-01 nexus

mv sonatype-work nexusdata

3. Set user / authority and configuration

1. Add a user to a nexus service

useradd --system --no-create-home nexus

2. Set the owner of Nexus files and Nexus data

chown -R nexus:nexus /opt/nexus

hown -R nexus:nexus /opt/nexusdata

3. Change Nexus configuration and set custom data directory

Edit nexus.vmoptions.

vim /opt/nexus/bin/nexus.vmoptions

Change the data directory.

-Xms2703m 
-Xmx2703m 
-XX:MaxDirectMemorySize=2703m 
-XX:+UnlockDiagnosticVMOptions 
-XX:+LogVMOutput 
-XX:LogFile=../nexusdata/nexus3/log/jvm.log 
-XX:-OmitStackTraceInFastThrow 
-DIPv4Stack. 
-Dkaraf.home=. 
-Dkaraf.base=. 
-Dkaraf.etc=etc/karaf 
-Djava.util.logging.config.file=etc/karaf/java.util.logging.properties 
-Dkaraf.data=../nexusdata/nexus3 
-Dkaraf.log=../nexusdata /nexus3/log 
-Djava.io.tmpdir=../nexusdata/nexus3/tmp 
-Dkaraf.startLocalConsole=false

Save and exit the file.

4. Change the user of nexus service account.

Edit the "nexus.rc" file.

vim /opt/nexus/bin/nexus.rc

Uncomment the "run_as_user" parameter and add a new value.

run_as_user="nexus"

5. Stop listening for remote connections.

We need to modify the "nexus default. Properties" file.

vim /opt/nexus/etc/nexus-default.properties

Change application host = 0.0.0.0 to application host = 127.0.0.1.

6. Configure the open file limit for nexus users.

vim /etc/security/limits.conf

Add the following values to the file.

nexus - nofile 65536

Save and exit file

4. Set Nexus to serve the system

Create Systemd service file in "/ etc/systemd/system /".

vim /etc/systemd/system/nexus.service

Add the following to the file:

[Unit]
Description=Nexus Service
After=syslog.target network.target

[Service]
Type=forking
LimitNOFILE=65536
ExecStart=/opt/nexus/bin/nexus start
ExecStop=/opt/nexus/bin/nexus stop
User=nexus
Group=nexus
Restart=on-failure

[Install]
WantedBy=multi-user.target

Reload systemctl.

systemctl daemon-reload

Make the service available at system startup.

systemctl enable nexus.service

Start the service.

systemctl start nexus.service

Monitoring log file

tail -f /opt/nexusdata/nexus3/log/nexus.log

Check service port

netstat -tunlp | grep 8081

5. Set Nginx

Set up epel repository

yum install -y epel-release

List repositories

yum repolist

Installing nginx

yum install nginx

Set system startup nginx

systemctl enable nginx

Check the Nginx status and start the service if it is not running

systemctl status nginx

systemctl start nginx

6. Set DNS records for the server.

Then go to your DNS manager and add A record for your server.

A Domain Name Server IP

Here, we use AWS routing 53 to set up our DNS.

7. Configure SSL using certbot

1. I nstall certbot package first

yum install certbot python2-certbot-nginx

2. Installation certificate

certbot --nginx

It asks a few questions and then enters the email, domain name, and required input, as shown below.

After installation, open nginx.conf.

vim /etc/nginx/nginx.conf

You can see the certbot SSL configuration.

3. Add proxy pass

Add the following to the location block.

location / {

    proxy_pass "http://127.0.0.1:8081";
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_set_header        X-Forwarded-Ssl on;
    proxy_read_timeout      300;
    proxy_connect_timeout   300;

}

Save and exit the file.

Check nginx syntax:

nginx -t

Restart Nginx:

systemctl restart nginx

8. Set firewall rules

https access to a specific public IP is now enabled. Run the following command.

firewall-cmd --permanent --zone=public --add-rich-rule=' 
rule family="ipv4" 
source address="123.44.8.180/32" 
port protocol="tcp" port="443" accept'

If you need to open https to publicly run the following command:

firewall-cmd --zone=public --permanent --add-service=https

Reload the firewall.

firewall-cmd --reload

9. Set SELinux agent for Nginx

setsebool -P httpd_can_network_connect 1

10. Browse the website with your main name

eg: https://nexusrepo.fosslinux.com/

11. Log in to the server

Log in with the default user name "admin". Run the following command on the server and obtain the password.

cat /opt/nexusdata/nexus3/admin.password

[the external chain picture transfer fails. The source station may have an anti-theft chain mechanism. It is recommended to save the picture and upload it directly (img-eewwpmgp-1631600730213)( https://cdn.fosslinux.com/wp-content/uploads/2020/02/04094607/Sign_IN.png )]

After logging in for the first time, you should see a similar window, as shown below.

Click Next and set a new password for the administrator user.

Click next again and you should see the configure anonymous access window. Do not enable anonymous access.

[external chain picture transfer failed. The source station may have anti-theft chain mechanism. It is recommended to save the picture and upload it directly (img-ht8mlkwl-1631600730219)( https://cdn.fosslinux.com/wp-content/uploads/2020/02/04095447/Anonymous_Access.png )]

Click the next button and you can see the complete settings.

Click finish.

This is all about installing Sonatype Nexus Repository OSS on CentOS 7.