How to Install Nexus Repository Manager on RHEL 7
Sonatype Nexus Repository Manager is the industry-standard artifact repository used by thousands of enterprises to proxy, host, and distribute software packages. Whether you need to cache Maven Central artifacts to reduce CI/CD build times, host internal Docker images, store npm packages, or serve PyPI packages to your developers, Nexus OSS provides all of these capabilities from a single web UI and REST API. On RHEL 7, Nexus integrates naturally into a Java-based infrastructure stack and serves as a critical link in a fully air-gapped or hybrid CI/CD pipeline. This tutorial covers installing Java, downloading and installing Nexus OSS, configuring it as a non-root systemd service, accessing the web UI, creating hosted and proxy repositories, and configuring Maven and Docker clients to use Nexus.
Prerequisites
- RHEL 7 server with at least 4 GB RAM (8 GB recommended) and 20 GB of free disk space for artifact storage
- Root or sudo access
- Java 8 or Java 11 installed (Nexus OSS 3.x supports both; Java 11 is preferred)
- Port 8081 available for the Nexus HTTP interface
wgetorcurlfor downloading the Nexus tarball
Step 1: Install Java
Nexus Repository Manager 3.x requires Java 8 or later. Install OpenJDK 11 from the RHEL 7 repositories:
sudo yum install -y java-11-openjdk java-11-openjdk-devel
# Verify the installation
java -version
# openjdk version "11.0.x" ...
# Set JAVA_HOME for all users
echo 'export JAVA_HOME=/usr/lib/jvm/java-11-openjdk' | sudo tee /etc/profile.d/java.sh
source /etc/profile.d/java.sh
Step 2: Create a Dedicated Nexus Service User
Nexus must not run as root. Create a locked system account with no login shell:
sudo useradd --system --no-create-home --shell /bin/false nexus
Step 3: Download and Install Nexus OSS
Download the latest Nexus Repository Manager OSS tarball from the Sonatype website. Always verify you are using a current release:
# Download Nexus OSS (check https://help.sonatype.com/repomanager3/product-information/download for latest)
NEXUS_VERSION="3.67.1-01"
cd /tmp
wget "https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz"
# Extract both the nexus application and the sonatype-work directory
sudo tar -zxvf "nexus-${NEXUS_VERSION}-unix.tar.gz" -C /opt
# Rename for a clean path
sudo mv /opt/nexus-${NEXUS_VERSION} /opt/nexus
# Set ownership
sudo chown -R nexus:nexus /opt/nexus
sudo chown -R nexus:nexus /opt/sonatype-work
The directory structure after installation:
/opt/nexus— application binaries, configuration, and libraries/opt/sonatype-work/nexus3— data directory: blobs, database, logs, and generated configuration
Step 4: Configure nexus.rc to Run as the nexus User
Nexus reads /opt/nexus/bin/nexus.rc to determine which OS user should own the process. Set this before starting the service:
sudo bash -c 'echo "run_as_user="nexus"" > /opt/nexus/bin/nexus.rc'
cat /opt/nexus/bin/nexus.rc
# run_as_user="nexus"
Step 5: Tune the JVM Options
Edit /opt/nexus/bin/nexus.vmoptions to adjust heap size for your server’s available memory:
sudo vi /opt/nexus/bin/nexus.vmoptions
Recommended settings for a 4 GB server:
-Xms1024m
-Xmx1024m
-XX:MaxDirectMemorySize=1024m
-XX:+UnlockDiagnosticVMOptions
-XX:+LogVMOutput
-XX:LogFile=../sonatype-work/nexus3/log/jvm.log
-XX:-OmitStackTraceInFastThrow
-Djava.net.preferIPv4Stack=true
-Dkaraf.home=.
-Dkaraf.base=.
-Dkaraf.etc=etc/karaf
-Djava.util.logging.config.file=etc/karaf/java.util.logging.properties
-Dkaraf.data=../sonatype-work/nexus3
-Dkaraf.log=../sonatype-work/nexus3/log
-Djava.io.tmpdir=../sonatype-work/nexus3/tmp
-Dkaraf.startLocalConsole=false
Step 6: Create a systemd Service Unit
sudo tee /etc/systemd/system/nexus.service <<'EOF'
[Unit]
Description=Nexus Repository Manager
After=network.target
[Service]
Type=forking
LimitNOFILE=65536
ExecStart=/opt/nexus/bin/nexus start
ExecStop=/opt/nexus/bin/nexus stop
User=nexus
Group=nexus
Restart=on-abort
TimeoutStartSec=600
TimeoutStopSec=60
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl daemon-reload
sudo systemctl enable nexus
sudo systemctl start nexus
Monitor the startup log — Nexus takes 1-3 minutes to fully initialize:
sudo tail -f /opt/sonatype-work/nexus3/log/nexus.log
# Wait for: Started Sonatype Nexus OSS x.x.x
Check service status:
sudo systemctl status nexus
Step 7: Open the Firewall and Access the Web UI
sudo firewall-cmd --permanent --add-port=8081/tcp
sudo firewall-cmd --reload
Open a browser and navigate to http://<server-ip>:8081. You will see the Nexus Repository Manager welcome page.
Step 8: Retrieve the Initial Admin Password and Log In
On first startup, Nexus generates a random admin password and writes it to a file:
sudo cat /opt/sonatype-work/nexus3/admin.password
# e.g.: 3a2b1c4d-5e6f-7890-abcd-ef1234567890
Log in to the UI with username admin and the password from the file above. The setup wizard will prompt you to:
- Change the admin password
- Choose whether to enable anonymous access (disable for security in most environments)
Once the wizard completes, the admin.password file is automatically deleted.
Step 9: Creating Hosted and Proxy Repositories
Creating a Hosted Maven Repository (for internal artifacts)
Navigate to Administration → Repository → Repositories → Create repository and select maven2 (hosted). Configure:
Name: my-company-releases
Version policy: Release
Layout policy: Strict
Blob store: default
Deployment: Disable redeploy
For snapshot builds, create a second hosted repository with Version policy: Snapshot and Deployment: Allow redeploy.
Creating a Proxy Repository (cache Maven Central)
Select maven2 (proxy) and configure:
Name: maven-central-proxy
Remote storage: https://repo1.maven.org/maven2/
Version policy: Release
Blob store: default
Creating a Hosted Docker Repository
Select docker (hosted) and configure:
Name: docker-internal
HTTP port: 8082
HTTPS port: (leave blank or set 8083)
Enable Docker V1 API: unchecked
Blob store: default
Step 10: Configuring Maven Client to Use Nexus
Edit ~/.m2/settings.xml on your developer machines and CI agents to route all Maven downloads through Nexus:
<settings>
<mirrors>
<mirror>
<id>nexus-central</id>
<mirrorOf>central</mirrorOf>
<url>http://nexus.example.com:8081/repository/maven-central-proxy/</url>
</mirror>
</mirrors>
<servers>
<server>
<id>nexus-releases</id>
<username>deploy-user</username>
<password>deploy-password</password>
</server>
</servers>
<profiles>
<profile>
<id>nexus</id>
<repositories>
<repository>
<id>nexus-releases</id>
<url>http://nexus.example.com:8081/repository/my-company-releases/</url>
<releases><enabled>true</enabled></releases>
<snapshots><enabled>false</enabled></snapshots>
</repository>
</repositories>
</profile>
</profiles>
<activeProfiles>
<activeProfile>nexus</activeProfile>
</activeProfiles>
</settings>
Configure Docker to use the Nexus Docker registry:
# Add the insecure registry if using HTTP (for production use HTTPS instead)
sudo vi /etc/docker/daemon.json
# Add:
# {
# "insecure-registries": ["nexus.example.com:8082"]
# }
sudo systemctl restart docker
# Log in
docker login nexus.example.com:8082 -u admin
docker tag myimage:latest nexus.example.com:8082/myimage:latest
docker push nexus.example.com:8082/myimage:latest
Nexus Repository Manager on RHEL 7 becomes the backbone of your internal software supply chain. By proxying external repositories, you gain significant build speed improvements and eliminate dependency on upstream availability. Hosted repositories give your teams a private, controlled distribution channel for internal artifacts. With systemd ensuring Nexus restarts automatically after reboots, and with role-based access control configured through the web UI, you have a production-grade artifact management solution that serves every language ecosystem — Maven, npm, Python, Docker, and more — from a single platform.
