Nexus Repository Manager by Sonatype is a universal artifact repository that proxies public registries, hosts private packages, and groups repositories behind a single URL for Maven, npm, PyPI, Docker, and many other formats. Installing it on RHEL 8 gives your CI/CD pipeline a central artifact store that reduces external network calls and enforces governance over third-party dependencies. This tutorial covers downloading Nexus OSS, creating a dedicated system user, configuring a systemd service, opening the firewall, and creating your first Maven and npm proxy repositories. By the end you will have a running Nexus instance ready to integrate with Jenkins, Maven, or any other build tool.
Prerequisites
- RHEL 8 server with at least 4 GB RAM (8 GB recommended for multi-format repos)
- Java 17 installed (covered in Step 1)
- A non-root user with
sudoprivileges or a root shell - At least 20 GB of free disk space under
/optor a mounted data volume - Port 8081 available for Nexus HTTP traffic
Step 1 — Install Java 17
Nexus Repository Manager 3.x requires Java 17. Install OpenJDK from the RHEL 8 base repositories and verify the installation.
dnf install -y java-17-openjdk java-17-openjdk-devel
java -version
# Expected: openjdk version "17.x.x" ...
echo 'export JAVA_HOME=/usr/lib/jvm/java-17-openjdk' >> /etc/profile.d/java.sh
source /etc/profile.d/java.shStep 2 — Download and Extract Nexus OSS
Download the latest Nexus Repository OSS tarball directly from Sonatype. At time of writing the current release is 3.68.0; check https://help.sonatype.com/repomanager3/product-information/download for the latest version string.
NEXUS_VERSION="3.68.0-04"
cd /opt
curl -LO https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
tar xzf nexus-${NEXUS_VERSION}-unix.tar.gz
mv nexus-${NEXUS_VERSION} nexus
rm nexus-${NEXUS_VERSION}-unix.tar.gz
# Confirm both expected directories are present
ls /opt/
# nexus/ sonatype-work/Nexus creates a sonatype-work/ directory at the same level as the application directory. This is where all repository data, configuration, and logs are stored — keep it on a volume with ample space.
Step 3 — Create the Nexus System User and Set Permissions
Nexus should not run as root. Create a locked-down system account and transfer ownership of both directories to it.
useradd -r -s /bin/false -d /opt/nexus nexus
chown -R nexus:nexus /opt/nexus
chown -R nexus:nexus /opt/sonatype-work
# Tell the Nexus run script which user to use
echo 'run_as_user="nexus"' > /opt/nexus/bin/nexus.rcStep 4 — Create the systemd Service Unit
A systemd unit ensures Nexus starts on boot and restarts automatically after failures.
cat > /etc/systemd/system/nexus.service <<'EOF'
[Unit]
Description=Nexus Repository Manager
After=network.target
[Service]
Type=forking
LimitNOFILE=65536
ExecStart=/opt/nexus/bin/nexus start
ExecStop=/opt/nexus/bin/nexus stop
User=nexus
Group=nexus
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now nexus
systemctl status nexusNexus takes 1–2 minutes to fully initialise. Monitor startup progress with tail -f /opt/sonatype-work/nexus3/log/nexus.log. Wait for a line containing Started Sonatype Nexus before proceeding.
Step 5 — Open Firewall Port and Retrieve Initial Admin Password
Allow HTTP traffic to Nexus through firewalld, then retrieve the one-time admin password generated during first startup.
firewall-cmd --permanent --add-port=8081/tcp
firewall-cmd --reload
firewall-cmd --list-ports
# Retrieve the initial admin password
cat /opt/sonatype-work/nexus3/admin.password
# Output: a UUID string such as 2f3a9d12-...-ab45Open http://<server-ip>:8081 in a browser, click Sign In, and authenticate with username admin and the password from the file above. The setup wizard will prompt you to set a new password and choose whether to enable anonymous access.
Step 6 — Create Maven and npm Proxy Repositories
Use the Nexus REST API to create proxy repositories programmatically. Replace NEXUS_PASS with the admin password you set in the wizard.
NEXUS_PASS="YourNewAdminPass1!"
NEXUS_URL="http://localhost:8081"
# Create a Maven 2 proxy repository pointing to Maven Central
curl -s -u admin:"$NEXUS_PASS"
-H "Content-Type: application/json"
-X POST "${NEXUS_URL}/service/rest/v1/repositories/maven/proxy"
-d '{
"name": "maven-central-proxy",
"online": true,
"storage": {"blobStoreName": "default", "strictContentTypeValidation": true},
"proxy": {"remoteUrl": "https://repo1.maven.org/maven2/", "contentMaxAge": 1440, "metadataMaxAge": 1440},
"negativeCache": {"enabled": true, "timeToLive": 1440},
"httpClient": {"blocked": false, "autoBlock": true},
"maven": {"versionPolicy": "RELEASE", "layoutPolicy": "STRICT"}
}'
# Create an npm proxy repository pointing to the public npm registry
curl -s -u admin:"$NEXUS_PASS"
-H "Content-Type: application/json"
-X POST "${NEXUS_URL}/service/rest/v1/repositories/npm/proxy"
-d '{
"name": "npm-proxy",
"online": true,
"storage": {"blobStoreName": "default", "strictContentTypeValidation": true},
"proxy": {"remoteUrl": "https://registry.npmjs.org", "contentMaxAge": 1440, "metadataMaxAge": 1440},
"negativeCache": {"enabled": true, "timeToLive": 1440},
"httpClient": {"blocked": false, "autoBlock": true}
}'
# List all repositories to confirm creation
curl -s -u admin:"$NEXUS_PASS" "${NEXUS_URL}/service/rest/v1/repositories" |
python3 -c "import sys,json; [print(r['name'], r['type'], r['format']) for r in json.load(sys.stdin)]"Conclusion
You have installed Nexus Repository Manager OSS on RHEL 8 with Java 17, created a dedicated system user, set up a systemd service for automatic startup, and provisioned Maven and npm proxy repositories through the REST API. Nexus is now ready to serve as the central artifact hub for your CI/CD pipeline, caching upstream packages locally to speed up builds and reduce external network dependency. Teams can point Maven settings.xml and .npmrc files at your Nexus instance to start benefiting immediately.
Next steps: How to Build a Jenkins CI/CD Pipeline on RHEL 8, How to Install and Configure SonarQube on RHEL 8, and How to Install and Use Helm for Kubernetes Package Management on RHEL 8.
