Installation

How to install Nexus into docker
First ensure you have docker up and running on the host you want to run this on.

Here we will build a container based on the official sonatype/nexus3 image and then configure systemd to ensure that it is started on startup.

We build our own image as we need to modify how it logs. If we don't do this then nexus's logs will go to the system's own logging and not it's own.

Building the container

Create a new directory and copy the following into a Dockerfile file:

1ARG nexusVersion
2FROM sonatype/nexus3:${nexusVersion}
3
4WORKDIR /opt/sonatype/nexus
5USER root
6RUN echo "-Djava.util.prefs.userRoot=/opt/sonatype/nexus" >>bin/nexus.vmoptions &&\
7    sed -i 's|<appender-ref ref="console"/>||g' etc/logback/logback.xml
8USER nexus

Next run the following to build the image: Substitute 3.36.0 with the current version

1docker build -t nexus:latest --build-arg nexusVersion=3.36.0

What this does is pull the official image for the specified version, modify the userRoot to /opt/sonatype/nexus inside the container and remove the console logging appender. Without the latter the Nexus logs would be echoed to systemd and the host's logging.

Configure SystemD

Next we need to configure systemd, so create /etc/systemd/system/nexus.service with the following:

 1[Unit]
 2Description=Nexus
 3After=network.target, docker.service
 4Require=docker.service
 5
 6[Service]
 7TimeoutStartSec=0
 8Restart=always
 9LimitNOFILE=32767
10LimitNPROC=32767
11Environment=IMAGE=nexus:latest
12ExecStartPre=-/usr/bin/docker stop %n
13ExecStartPre=-/usr/bin/docker rm %n
14ExecStart=/usr/bin/docker run \
15  --name %n \
16  -v /usr/local/nexus:/opt/sonatype/sonatype-work \
17  -e NEXUS_CONTEXT= \
18  -p 8081-8083:8081-8083 \
19  ${IMAGE}
20ExecStop=/usr/bin/docker stop %n
21
22[Install]
23WantedBy=multi-user.target

Here the main parts are:

Line 11 is the image name you used when building the image

Line 16 defines the volume. Here we are going to use /usr/local/nexus on the host to store the repositories and configuration. You can change this to anything you like. Usually it's under /usr/local but put it where you have plenty of space, or on a dedicated volume.

Line 18 lists the ports we want to expose to the network. Normally 8081 is enough for httpd but as we also use Nexus as a docker repository we need additional ports.

Make certain the directory on the host defined on Line 16 exists, then start nexus for the first time:

1sudo mkdir -p /usr/local/nexus
2sudo systemctl daemon-reload
3sudo systemctl start nexus
4tail -F /usr/local/nexus/nexus3/log/nexus.log

If all goes well you should see nexus logging in the nexus3/log/nexus.log file within the volume.

You should then be able to connect to port 8081 on your machine, e.g. http://10.11.12.13:8081/

You must now change the default password! The default user is admin and the password admin123.

To start nexus after a reboot

When you are happy with the setup simply run sudo systemctl enable nexus then nexus will start automatically after a reboot.

Configure for HTTPS

What's described above is good enough for most home lab networks, however ideally you should also configure it for https.

I'm not going to describe that here but I run Traefik as a docker container with Lets Encrypt, IPv6 and access rules to get proper HTTPS certificates working.

The configuration is almost identical as above - as long as the Traefik container can see the ports of the Nexus container then the -p line in the systemd/nexus.service file can be removed so access is only via the proxy.

Other alternatives to Traefik like HAProxy or even Apache HTTPD are available.