This Eddings sub-guide describes the steps necessary to make the computer a Nexus Maven repository manager server. It assumes that the following guides have already been followed:
- Eddings Kerberos Server: Describes the steps necessary to make eddings a Kerberos authentication server.
- Eddings LDAP Server: Describes the steps necessary to make eddings an LDAP directory server.
- Eddings Web Server: Describes the steps necessary to make eddings a web server.
- Eddings Tomcat Server: Describes the steps necessary to make eddings a Tomcat web application server.
Previously, I’d been using tolkien as a Nexus server, which has now been decommissioned. The documentation for the old tolkien Nexus server is archived in: TolkienSetupNexus.
Installing Nexus
References:
- http://www.sonatype.com/books/nexus-book/reference/install-sect-as-a-war.html
- https://docs.sonatype.com/display/SPRTNXOSS/Nexus+FAQ#NexusFAQ-Q.HowcanIcontrolNexusconfigurationsinmyenvironment%3F
Nexus is a Java web application and requires a Java web application server to host it, e.g. Jetty, Tomcat, etc. There are two “flavors” of Nexus available for download:
- Standalone, where Nexus is shipped as a binary containing an embedded/built-in Java web application server.
- WAR, where Nexus is shipped as a generic
.warfile that can be hosted in any compatible Java web application server.
Because it’s likely that this computer will end up hosting other Java web applications besides just Nexus, it makes sense for us to use the WAR and stick Nexus into a web application container that can later be used for other things.
Download the latest release of the Nexus WAR. The link can be found at: Download and Install Nexus. For example, the following will download the 2.0.4 release:
$ wget http://www.sonatype.org/downloads/nexus-2.0.4-1.war
“Install” the WAR to the /usr/local/ folder and “publish” it to Tomcat’s webapps folder:
$ sudo mkdir -p /usr/local/manual-installs/sonatype-nexus/
$ sudo mv nexus-2.0.4-1.war /usr/local/manual-installs/sonatype-nexus/
$ sudo chown tomcat7:tomcat7 /usr/local/manual-installs/sonatype-nexus/nexus-2.0.4-1.war
$ sudo ln -s /usr/local/manual-installs/sonatype-nexus/nexus-2.0.4-1.war /var/lib/tomcat7/webapps/nexus.war
Create the location that Nexus will use to store all of its data:
$ sudo mkdir -p /var/sonatype/nexus
$ sudo chown tomcat7:tomcat7 /var/sonatype/nexus
Configure Nexus to use that storage location by adding the following lines to /etc/default/tomcat7:
# Configure the default storage directory for Sonatype's Nexus web application.
export PLEXUS_NEXUS_WORK=/var/sonatype/nexus
On its next restart, Tomcat will automatically deploy that WAR and serve it at the following URL: http://eddings:8080/nexus/:
$ sudo /etc/init.d/tomcat7 restart
Proxying Nexus into Apache
References:
- http://wiki.eclipse.org/Jetty/Tutorial/Apache
- http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
- Nexus FAQ: How can I integrate Nexus with Apache Httpd and Mod_Proxy?
Because Tomcat is running on the non-standard 8080 port and can’t run on the same port 80 already being used by Apache on this server, we’ll configure Apache to forward/proxy requests for certain URLs to Tomcat. For this particular configuration, we’ll be modifying the justdavis.com-ssl virtual site in Apache, as configured in: Eddings.
Enable Apache’s mod_proxy and mod_proxy_http modules, which will be needed for this:
$ sudo a2enmod proxy
$ sudo a2enmod proxy_http
Add the following configuration to the end of the VirtualHost block in /etc/apache2/sites-available/justdavis.com-ssl:
# Configure mod_proxy to be used for proxying URLs on this site to other URLs/ports on this server.
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
# Proxy the Java web application running at http://localhost:8080/nexus
<Location /nexus/>
ProxyPass http://localhost:8080/nexus/
ProxyPassReverse http://localhost:8080/nexus/
SetEnv proxy-nokeepalive 1
</Location>
Restart Apache to apply the module and configuration changes:
$ sudo /etc/init.d/apache2 restart
Configure the proxy URL as the base URL in Nexus, as follows:
- Open Nexus in a browser.
- Login as the built-in
adminuser. - Open the Administration > Server panel.
- Set the following options:
- Application Server Settings (optional): true/enabled
- Base URL:
https://madrivercode.com/nexus/ - Force Base URL: true/enabled
- Click Save.
Migrating Nexus Data from Old Server
References:
- http://www.sonatype.com/people/2010/01/how-to-backup-nexus-configuration-and-repository-artifacts/
- http://superuser.com/questions/117870/ssh-execute-sudo-command
As the instance previously hosted by tolkien (TolkienSetupNexus) is being moved to this server, the data from the old server needs to be moved over to this one. This is actually pretty simple, we’ll just rsync Nexus’ “work” directory from the old server to the new.
First, stop Nexus/Tomcat on both servers so that nothing is modified during this operation:
$ sudo service tomcat7 stop
$ ssh -t karl@tolkien.madrivercode.com 'sudo /etc/init.d/nexus stop'
Next, rsync the Nexus data from tolkien to this server, overwiting the existing (mostly empty) data:
$ sudo rsync -a --delete -v karl@tolkien.madrivercode.com:/var/lib/sonatype-work/nexus/ /var/sonatype/nexus/
$ sudo chown -R tomcat7:tomcat7 /var/sonatype/nexus
Then, disable the old Nexus server so it never runs again and start the new one back up:
$ ssh -t karl@tolkien.madrivercode.com 'sudo rm /etc/init.d/nexus'
$ ssh -t karl@tolkien.madrivercode.com 'sudo update-rc.d nexus remove'
$ sudo service tomcat7 start
Upgrading Nexus from 2.0.4-1 to 2.3.1-01
Stop the Tomcat service hosting Nexus:
$ sudo service tomcat7 stop
Download the Nexus WAR. The link can be found at: Download and Install Nexus. For example, the following will download the 2.3.1-01 release:
$ wget http://www.sonatype.org/downloads/nexus-2.3.1-01.war
“Install” the WAR to the /usr/local/ folder and “publish” it to Tomcat’s webapps folder:
$ sudo mv nexus-2.3.1-01.war /usr/local/manual-installs/sonatype-nexus/
$ sudo chown tomcat7:tomcat7 /usr/local/manual-installs/sonatype-nexus/nexus-2.3.1-01.war
$ sudo ln -s /usr/local/manual-installs/sonatype-nexus/nexus-2.3.1-01.war /var/lib/tomcat7/webapps/nexus.war
Restart Tomcat to ensure that Nexus gets redeployed:
$ sudo service tomcat7 restart
Access the Nexus webapp and make sure everything started correctly (may take a few minutes before it’s available).
Upgrading Nexus from 2.3.1-01 to 2.11.1-01
References:
- Where is the Nexus OSS war file?
- Installing and Running Nexus
- How do I change the port or address that Nexus binds to?
This upgrade is a bit tricky, as Nexus has deprecated their WAR-only distribution. Instead, they strongly recommend deploying the embedded Jetty servlet.
First, disable the old Nexus version:
$ sudo service tomcat7 stop
$ sudo rm /var/lib/tomcat7/webapps/nexus.war
$ sudo service tomcat7 start
Create a new nexus user (just accept all defaults, when prompted):
$ sudo adduser --system --home /var/sonatype/nexus --shell /bin/bash --disabled-password --group nexus
Create a link for the Nexus data and reset its permissions:
$ sudo ln -s /var/sonatype/ /usr/local/manual-installs/sonatype-nexus/sonatype-work
$ sudo chown -R nexus:nexus /var/sonatype/nexus/
Download the latest Nexus version. The link can be found at: Download and Install Nexus. For example, the following will download the 2.11.1-01 release:
$ wget http://download.sonatype.com/nexus/oss/nexus-2.11.1-01-bundle.tar.gz
Unpack the bundle to the /usr/local/ directory:
$ sudo tar --extract --gunzip --file nexus-2.11.1-01-bundle.tar.gz --directory /usr/local/manual-installs/sonatype-nexus/
$ sudo ln -s /usr/local/manual-installs/sonatype-nexus/nexus-2.11.1-01/bin/nexus /etc/init.d/nexus
Make sure the nexus user owns the install’s logs and tmp directories, which will be modified while the service is running:
$ sudo chown -R nexus:nexus /usr/local/manual-installs/sonatype-nexus/nexus-2.11.1-01/logs/
$ sudo chown -R nexus:nexus /usr/local/manual-installs/sonatype-nexus/nexus-2.11.1-01/tmp/
Edit the /etc/init.d/nexus file and make the following changes:
NEXUS_HOME: set to/usr/local/manual-installs/sonatype-nexus/nexus-2.11.1-01RUN_AS_USER: set tonexusPIDDIR: set to/var/sonatype/nexus
Edit the /usr/local/manual-installs/sonatype-nexus/nexus-2.11.1-01/conf/nexus.properties file and make the following changes:
application-port: set to8082
Be sure to update the Apache proxy configuration in /etc/apache2/sites-available/justdavis.com-ssl to account for the new port number.
Register the nexus service:
$ cd /etc/init.d
$ sudo update-rc.d nexus defaults
$ sudo service nexus start
Access the Nexus webapp and make sure everything started correctly (may take a few minutes before it’s available).
Configuring LDAP Authentication
References:
Nexus can be set to use the LDAP users from the server described in Eddings LDAP Server. It could also be configured to use LDAP groups, though that’s not particularly useful for the small justdavis.com domain.
LDAP authentication can be configured through the Nexus GUI, as follows:
- Open Nexus in a browser.
- Login as the built-in
adminuser. - Open the Administration > Server panel.
- In Security Settings, add OSS LDAP Authentication Realm as the last entry in the Selected Realms list.
- Click Save.
- Open the Security > LDAP Configuration panel.
- Set the options, as follows:
- Protocol: ldaps
- Hostname:
ldap.justdavis.com - Search Base:
dc=justdavis,dc=com - Authentication Method: Anonymous Authentication
- Base DN:
ou=people - User Subtree: false
- Object Class:
inetOrgPerson - User Filter: (leave blank)
- User ID Attribute:
uid - Real Name Attribute:
cn - E-Mail Attribute:
mail - Password Attribute: (leave blank)
- Group Element Mapping: false/disabled
- Click Save.
Add the LDAP user karl to the Nexus Administrator Role, as follows:
- Open the Security > Users panel.
- Switch the All Configured Users dropdown to LDAP.
- Click Refresh (to the left of that dropdown).
- Select the karl user.
- Under Role Management, click Add.
- Select the Nexus Administrator Role and click OK.
- Click Save.
Change the admin user’s password:
- Open the Security > Users panel.
- Right-click the admin user and select the Set Password option.
- Enter the new password, click Set Password, and then click Save.
Configuring Repository Permissions
References:
This Nexus repository contains both private repositories (the “Mad River Code” repos) and public/open source repositories (everything else). As such, the permissions for the anonymous user had to be adjusted a bit. By default, anonymous is given read access to all repos, including those that should be private on this server. Per the article above, new privileges and roles were created to replace this default “read everything” role. The steps in the article were followed, more or less exactly.