1. Download the Nexus Open source from Nexus Sonatype website
https://help.sonatype.com/repomanager3/download/download-archives---repository-manager-3
2. Unzip it and place the file into /opt/nexus folder
3. To create Nexus service to start and stop add nexus.service file with the following content
[Unit]
Description=nexus service
After=network.target
[Service]
Type=forking
LimitNOFILE=65536
ExecStart=/opt/nexus/nexus-3.34.0-01/bin/nexus start
ExecStop=/opt/nexus/nexus-3.34.0-01/bin/nexus stop
User=tamilarasan
Restart=on-abort
TimeoutSec=600
[Install]
WantedBy=multi-user.target
4. Copy the file into /etc/systemd/system/ folder & enable the service
$ sudo cp nexus.service /etc/systemd/system
$ sudo systemctl daemon-reload
$ sudo systemctl enable nexus.service
$ sudo systemctl start nexus.service
5. Verify the Nexus status
$sudo systemctl status nexus.service
6. To check the nexus log file
7. Setup the initial admin password
By default the initial password will be stored into ' admin.password' file into $data-dir
8. Create Self -Signed certificate to enable Nexus with https
# 1 Generate public private key pair using keytool:
keytool -genkeypair -keystore keystore.jks -storepass password -alias tamilcloud.com \
-keyalg RSA -keysize 2048 -validity 5000 -keypass password \
-dname 'CN=*.tamilcloud.com, OU=Sonatype, O=Sonatype, L=Unspecified, ST=Unspecified, C=US' \
-ext 'SAN=DNS:nexus.tamilcloud.com,DNS:clm.tamilcloud.com,DNS:repo.tamilcloud.com,DNS:www.tamilcloud.com'
# 2. Generate PEM encoded public certificate file using keytool:
keytool -exportcert -keystore keystore.jks -alias tamilcloud.com -rfc > tamilcloud.cert
# 3. Convert our Java specific keystore binary".jks" file to a widely compatible PKCS12 keystore ".p12" file:
keytool -importkeystore -srckeystore keystore.jks -destkeystore tamilcloud.p12 -deststoretype PKCS12
# 4. Extract pem (certificate) from ".p12" keystore file ( this is same as step 2, but openssl spits out more verbose contents ):
openssl pkcs12 -nokeys -in tamilcloud.p12 -out tamilcloud.pem
# 5. Extract unencrypted private key file from ".p12" keystore file:
openssl pkcs12 -nocerts -nodes -in tamilcloud.p12 -out tamilcloud.key
# 6. List and verify new keystore file contents:
keytool -list -keystore tamilcloud.p12 -storetype PKCS12
# 7. copy tamilcloud.cert to the same folder as ca.crt root certificate
mv tamilcloud.cert ca.crt
# 8. Add host name in to /etc/hosts file
1*.*.*.* www.tamilcloud.com repo.tamilcloud.com clm.tamilcloud.com nexus.tamilcloud.com
9. Copy Java keystore file at $data-dir/etc/ssl/keystore.jks
$ mkdir -p /opt/nexus/sonatype-work/nexus3/etc/ssl
cp keystore.jks /opt/nexus/sonatype-work/nexus3/etc/ssl/
10. Edit $data-dir/etc/nexus-default.properties and save the file after making the following changes. Add a new line containing:
application-port-ssl=8443
10. update the nexus-arg int the nexus-default.properties file
nexus-args=${jetty.etc}/jetty.xml,${jetty.etc}/jetty-http.xml,${jetty.etc}/jetty-https.xml,${jetty.etc}/jetty-requestlog.xml
11. Update the application host value as specific ip address
application-host=1*.*.*.*
12. Run the Nexus and start Use it :)
Reference: 1. SSL Configuration : https://help.sonatype.com/repomanager3/system-configuration/configuring-ssl#ConfiguringSSL-ServingSSLDirectly
2. Prepare Self sign certificate : https://support.sonatype.com/hc/en-us/articles/213465768-SSL-Certificate-Guide?_ga=2.104409540.550049495.1630897268-1578994290.1629198342
3. Configure Runtime environment : https://help.sonatype.com/repomanager3/installation/configuring-the-runtime-environment