Q. Is Nexus the kingpin of all Maven repository managers?

A. Yes, it is! Is that a trick question?

Q. Is Nexus commercial?

A. There is a GPL licensed version of Nexus, and there are commercially licensed versions of Nexus that provide additional functionality. The open source version is very robust and is the basis of our commercial version, so it undergoes the same rigorous testing on our grid that we provide for the commercial versions. The OSS version is not our experimental or less tested version as is the case with some dual licensed applications.

Q. Why are you releasing Nexus under the GPL?

A. There are a lot of Maven people involved at Sonatype, and normally we have used a BSD/MIT/Apache license so some people have asked us why, oh why, did you choose the GPL? The answer is that we originally intended there only be a commercial version of Nexus, but we soon realized that would not be very fun as we like working with other developers. Quite frankly we want to protect our investment in Nexus, and so we feel the GPL provides us adequate protection and still allows people to view, hack, and contribute back if they want to.

Q. What are the system requirements for Nexus

A. Technically the answer is: Any machine that can run the Java 1.5 JRE. We specifically test the following on our grid:

  • CentOS
  • Red Hat Enterprise Linux
  • Ubuntu (and Ubuntu JEOS)
  • Windows XP, Vista (64bit)
  • FreeBSD
  • OpenSolaris (see below for a known solaris issue)

Nexus is very light on Memory requirements. Our public instance runs in the default JRE heap size of 64mb and this is a very large instance.

Disk space is determined by the size of your repositories, but generally with SNAPSHOT cleanup, repositories are less than 10gb. For comparison, the entire Central repository is currently around 60gb. Without enabling the automated SNAPSHOT cleanup, and it is certainly possible to generate hundreds of gigabytes of artifacts a week with aggressive CI building.

Q. Where can I find startup scripts for OS’s not included in the bundle?

A. We ship with the most common OS startup scripts: Windows, Linux 32/64, Mac OSX and Solaris. If you Need AIX or HP UX, they can be found here.

Q. What’s with your amazingly boring logo for Nexus?

A. Our real logo for Nexus is what you see here:

Q. How do I use Nexus with a Socks server?

A. Add the following parameters to the wrapper.conf in /conf: (make sure the numbers are sequential with the existing list)

  • wrapper.java.additional.3=-DsocksProxyHost=[host]
  • wrapper.java.additional.4=-DsocksProxyPort=[host]

You can read more about these JDK options here

Q. Is Nexus available as a WAR file?

A. It is as of Nexus 1.1. It has been tested using Jetty, Tomcat 5.5.27, 6.0.x, and Resin Application Servers.  For Glassfish, see the question below.

Q. Why can’t I deploy the WAR into GlassFish server?

A. This is because of a known issue about logging conflict. To resolve this conflict, you need to remove the console appender of log4j.

For versions before 1.3, the log4j configuration file for nexus is nexus.war/WEB-INF/log4j.properties;

From 1.3, the log4j configuration file is $work-dir/conf/log4j.properties, note that this file will be auto-generated at the first time you deploy nexus.war, but this time the deployment will fail.

Remove the console appender like this:

  1. In the first line, change "log4j.rootLogger=INFO, console, logfile" to "log4j.rootLogger=INFO, logfile"
  2. Remove all lines staring with "log4j.appender.console"

Then restart GlassFish and deploy the WAR with the modified log4j.properties file.

If your problem remains, you need to make sure your GlassFish has write permission to the $work-dir directory, by default it’s $userhome/sonatype-work/nexus, but you can customize it by setting system property plexus.nexus-work, or setting environment variable PLEXUSNEXUSWORK, or editing the file nexus.war/WEB-INF/plexus.properties.

Q. How can I integrate Nexus with Apache Httpd and ModProxy?

A. While we feel that the best performance for the system is achieved by accessing the embedded container directly, we also understand that some environments are highly integrated with Apache Httpd. There are several ways that Jetty can be tied to Apache. The Jetty team recommends using modproxy and you can read more about it at http://docs.codehaus.org/display/JETTY/Configuring mod_proxy.

A proper Modproxy configuration is shown below:

ProxyPass /nexus http://localhost:8081/nexus/

ProxyPassReverse /nexus http://localhost:8081/nexus/

ProxyPreserveHost On

If you wish to host Nexus at the root of a system, the config might look like this: 

<VirtualHost *:80>

ServerName nexus.bogushost.com

ServerAdmin webmaster@bogushost.com

ProxyPass / http://localhost:8081/

ProxyPassReverse / http://localhost:8081/

ProxyPreserveHost On

ErrorLog logs/bogus/nexus/error.log

CustomLog logs/bogus/nexus/access.log common

</VirtualHost>

If you are having trouble with urls generated from Nexus, be sure to check the Force option next to the Base URL entry on the server settings screen. (1.3+)

Q. How can I enable APJ or serve SSL directly from the embedded Jetty instance?

See the detailed documentation here: Advanced Jetty Configuration

Q. I’m unable to browse repositories via the UI. What did I do wrong?

A. Most likely you are using modproxy and forgot to add "ProxyPreserveHost On" to your config, or you need to Force the Base URL. See the previous answer for a working example.

Q. How can I control Nexus configurations in my environment?

A. Nexus will pull in some configuration data from environment variables; currently the following can be defined:

  • PLEXUSNEXUSWORK
    • The location of the nexus work directory, where nexus stores all of its configurations and repository contents.
    • Defaults to $(basedir)/../sonatype-work/nexus
  • PLEXUSRUNTIME
    • The location of the nexus runtime directory
    • Defaults to $(basedir)/runtime
  • PLEXUSAPPS
    • The location of the nexus application directory
    • Defaults to $(basedir)/runtime/apps
  • PLEXUSWEBAPP
    • The location of the nexus webapp directory
    • Defaults to $(basedir)/runtime/apps/nexus/webapp
  • PLEXUSAPPLICATIONHOST
  • PLEXUSAPPLICATIONPORT
  • PLEXUSCONTEXTPATH
    • The context path in Jetty Web Server that nexus webapp will be served at
    • Defaults to /nexus

Q. I’m having trouble installing Nexus on Solaris!

A. We are aware of two potential issues that are specific to Solaris:

  1. There are some known incompatibilities with the version of tar provided by Solaris and the gzip tar format. If you are installing Nexus on Solaris, you must use the GNU tar application, or you will end up with corrupted files.

Please see this post for more information.

  1. It has been reported that the HeapDumpOnOutOfMemoryError option is not supported on some JVMs. The fix for this is to edit $nexushome/conf/wrapper.conf to remove "wrapper.java.additional.3=-XX:+HeapDumpOnOutOfMemoryError". Be sure to renumber wrapper.java.additional.4 to .3.

Q. What if my OS does not have JSW scripts in the Nexusbundle?

A. Nexus is a java application so it should be runnable on any OS with a supported jvm. JSW provides startup and monitoring of JVMs so they can be treated like a service. The bundle only contains the most common OS scripts, but more can be retrieved from the JSW project directly. Alternatively, Nexus can be launched with a simple java command like:

java -Dbasedir=$nexus_home -Djava.io.tmpdir=$nexus_home/runtime/tmp

-Djava.library.path="./lib"

-classpath"$nexus_home/lib/plexus-platform-jsw-1.4.jar;$nexus_home/conf/"

org.codehaus.plexus.classworlds.launcher.Launcher

Note the plexus-platform-jsw-xxx.jar version may change. You can find the exact file in $nexushome/lib.

Q. How can I extend or completely override the Nexus Security Model?

A. Please see the dedicated Security FAQ on our public wiki Nexus Security FAQ

Q. Why do I see errors regarding MKCOL when I try to deploy something?

A. If you see an error similar to the following:

2008-10-20 12:32:09.175 ERROR - org.mortbay.log: /content/repositories/releases/com/xxx/metier-utils-jar/01.24/
java.lang.IllegalArgumentException: No enum const class org.sonatype.nexus.proxy.access.Action.mkcol

This means you have a "dav:http://" url in your distributionManagement section of your pom. Nexus doesn’t need dav so you only need an "http://" url.

Q. Why am I getting "OpenSCManager failed - Access is denied. (0x5)" errors when I launch Nexus on Windows?

A. Here is how to get around the problem of access denied in vista command prompt.

click on start

click "All Programs"

click on accessories

right click on "Command Prompt" icon

click "properties"

click on the "shortcut" tab on the top

click the advanced button at the bottom

click on the check box that says "Run as Administrator".

click OK

N.B its a good idea to de-select this check box once you finish what you want to do.

when you are done click on the same icon that you have changed the properties to start a command prompt session that has no access denied error.&nbsp;Note that if you use Start→run→cmd or Start→run→command you will still get the same access denied error. What you need to do is; click on start click "All programs"

click on Accessories

click on "Command Prompt" icon

the command prompt session that you get will allow you to perform administrator operations

Q. Can I make a repository private without disabling anonymous access?

A. Yes. (this will require Nexus 1.1) You will need to change the roles around a bit. Follow these steps.

  1. Create a new Privilege that gives access to you public group (or individual repositories)NOTE: Assigning access to a group is equivalent to assigning these privileges to all of the repositories in the group.
    1. Login to nexus as an administrator.
    2. Click on Privileges in the left menu.
    3. Click Add.
    4. Use the following values:
      1. Name: M2 Public Repositories (Group)
      2. Description: Access to Public Repositories (Group)
      3. Repository: Public Repositories (Group)
      4. Repository Target: All (Maven2)
    5. Save.
  2. Repeat the previous step for all you public groups and/or respositories.
  3. Create a new Role and assign this new privilege to it.
    1. Click on Roles in the left menu.
    2. Click Add.
    3. User the following values:
      1. Role Id: repo-public-read
      2. Name: Repo: All Public Repositories (read)
      3. Description: Read only access to all public repositories.
      4. Session Timeout: 60
      5. Selected Roles / Privileges: M2 Public Repositories (Group) - (read)
      6. NOTE: Include all of the roles you created in the first step.
    4. Save.
  4. Remove the Grant Read all role from the Anonymous user and add the new role.
    1. Click on Users in the left menu.
    2. Click on the anonymous user.
    3. Remove the role ’Repo: All Repositories (read)’
    4. Add the role ’All Public Repositories (read)’
    5. Save.

You may need to create other Privileges to grant users access to your private repositories

Q. How do I disable artifact redeployment.

A. Create a new deployment role that does not have update privilege but has a privilege to update Metadata.

  1. Create a new Privilege that gives access Maven 2 Metadata
    1. Login to nexus as an administrator.
    2. Click on Privileges in the left menu.
    3. Click Add.
    4. Use the following values:
      1. Name: All M2 Repositories Metadata
      2. Description: All M2 Repositories Metadata
      3. Repository: All Repositories
      4. Repository Target: All Metadata (Maven2)
    5. Save.
  2. Create a new Deployment Role.
    1. Click on Roles in the left menu.
    2. Click Add.
    3. User the following values:
      1. Role Id: repo-custom-deploy
      2. Name: Repo: All Repositories (no update)
      3. Description: Allows deployment to all M2 Repositores, but does not allow overwriting artifacts.
      4. Session Timeout: 60
      5. Selected Roles / Privileges: All Metadata (Maven2) - (update), Nexus Anonymous Role, All M2 Repositories - (create), All M2 Repositories - (read), All M2 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Repositories - (delete)
      6. NOTE: adding delete is optional.
    4. Save.
  3. Replace the roles assigned to the deployment user.
    1. Click on Users in the left menu.
    2. Click on the deployment user.
    3. Remove the roles ’Repo: All Repositories (Full Control)’ and ’Nexus Deployment Role’
    4. Add the role ’Repo: All Repositories (no update)’
    5. Save.

Q. How can I reset a forgotten admin password?

A. If you had the user’s email address set properly (and the smtp configuration set properly), you could click login in the UI and select forgot password, enter the username and email address, and a new password will be sent to you. If you do not have email setup properly, you will need to manually edit the security.xml file, located in (nexus-basedir)/../sonatype-work/nexus/conf/security.xml. First stop nexus, then open the file, and find the <user> object that has a <id> of admin. Then change the <password> to f865b53623b121fd34ee5426c792e5c33af8c227 . This will give the admin user a password of admin123 (the default) and you will again be able to login.

Q. Why can’t my browser properly login to the nexus server?

A. There could be any number of reasons for this, i.e. nexus isn’t running, you are attempting to connect to an invalid url, etc. There are also certain cases where your network connection may be causing the problem (i.e. vpn tunnel). The best way to validate that nexus is working properly, is to create an ssh tunnel to your nexus server, which will be a direct connection, thus rule out any network problems, be it proxy server, vpn, etc. Run the following to start a tunnel (this assumes you are running nexus on the default 8080 port on your server)

ssh -L 8080:localhost:8080 servername

The above command will open an ssh tunnel to servername:8080 and forward all traffic to your local machine on port 8080 to that tunnel. At this point, if accessing nexus via http://localhost:8080/nexus begins to work, then you know that some network configuration is blocking your access to nexus.

Q. How can I import my Local Repository or a Mixed SNAPSHOT / Release repo from another tool into Nexus?

A. We have some tools that make this a piece of cake. See Nexus Command Line Tools for instructions.

Q. Nexus has so many different privileges, can i get an overview?

A. You sure can. See this Nexus Privileges for details.

Q. Using IE7 Nexus is not responding and i receive numerous Timeout -1 errors, how can I resolve this ?

A. This is most likely caused because nexus is timing out trying to contact our sonatype server to retrieve the latest version information of nexus. IE7 has a default limit of 2 connections to a server, so if an AJAX message is waiting response, no further messages will get through, they will be blocked. To resolve this issue, see the knowledge base article http://support.microsoft.com/kb/282402

Q. How can I retrieve a snapshot if I don’t know the exact filename?

A. Nexus Provides a separate REST API to retrieve files when interpreting the maven-metadata.xml is required. The syntax looks like this:

wget "http://repository.sonatype.org/service/local/artifact/maven/content?
r=snapshots&g=org.sonatype.nexus&a=nexus-utils&v=LATEST" --content-disposition

Where:

  • r = the id of the repository or group to search (Required)
  • g = the groupId of the file (Required)
  • a = the artifactId of the file (Required)
  • v = the version of the file, this may be "LATEST", "RELEASE", a version number like "2.0", or a snapshot version number like "2.0-SNAPSHOT". (Required)
  • c = the classifier of the file (Optional)
  • e = the type or extension of the file (Optional)
  • p = packaging (Nexus will resolve known packaging types to the correct extension). (Optional)

If the version is not a concrete version, then Nexus will look in the maven-metadata.xml in the same way Maven does to resolve the version. The filename will be set in the content-disposition header field, so if you are using wget, be sure to use the --content-disposition flag so the filename is correct.

There is an alternate form of the API that uses redirects to work around the content-disposition setting. This form is shown below:

wget "http://repository.sonatype.org/service/local/artifact/maven/redirect?
r=snapshots&g=org.sonatype.nexus&a=nexus-utils&v=LATEST"

Q. I’m having trouble connecting via https or ldaps

A. If you’re connecting to this site from Nexus, you’ll need to import the certificate included with your Nexus license into the JVM used to run your Nexus instance. To make this process simpler, you can use our import-ssl tool, as shown below.

NOTES:

  1. If you’re using the default JSSE keystore locations on either a Linux or OS X platform, you must run the commands below as the root user. You can do this either by changing to the user root: su -, or by using the sudo command:
sudo [command]
  1. The default password used by Java for the built-in keystores is changeit. If your keystore uses a different password, you’ll need to specify that password as the last parameter on the command lines above.
  2. If you want to specify your own keystore location, provide that in place of /path/to/your/keystore in the examples below.
  3. If you’re using a password other than ’changeit’ for your keystore, you should supply it immediately following the keystore path in the commands below.
  4. If you specify a keystore location that doesn’t exist, the import-ssl utility will create it on-demand.

Import the Server SSL Chain

The first command simply imports the entire self-signed SSL certificate chain for central.sonatype.com into your JSSE keystore:

java -jar import-ssl.jar server [https://YOURSERVERURL] </path/to/your/keystore>