Nexus

Nexus Repository OSS is an open source repository that supports many artifact formats, including Docker, Java™, and npm. With the Nexus tool integration, pipelines in your toolchain can publish and retrieve versioned apps and their dependencies by using central repositories that are accessible from other environments.

.

What is the purpose of NEXUS!

The goal of Nexus is to scale the value that a group of Scrum Teams, working on a single product, is able to deliver. It does this by reducing the complexity that those teams encounter as they collaborate to deliver an integrated, valuable, useful product Increment at least once every Sprint. Nexus is a repository manager. It allows you to proxy, collect, and manage your dependencies so that you are not constantly juggling a collection of JARs, WARs or EARs. It makes it easy to distribute your software. Internally, you configure your build to publish artifacts to Nexus and they then become available to other developers and of course for backup.

DevOps teams eliminate friction associated with manual governance and ship secure software faster than ever which makes everyone happy, developers, security professionals, and IT ops. Nexus is used to store artifacts.

Nexus Intelligence

Precise data for automated and open source governance, public databases like NVD provide a relatively small and typically outdated view of open source security vulnerabilities. Nexus Intelligence delivers a universal and timely understanding of open source security, license, and architectural risk. Our data collection engine has ingested and analyzed more than 65 million components and never stops learning — using natural language processing and AI to dynamically monitor every GitHub commit to every open source project, updates to advisory websites, Google search alerts, OSS Index, and a plethora of vulnerability sites. Nexus Intelligence powers the Nexus Platform with precise data to automate open source governance at scale across every phase of the SDLC.

Nexus Installation And Setup In AWS EC2 Redhat Instance.

Pre-requisite
  • AWS Acccount.
  • Create Redhat EC2 t2.medium Instance with 4GB RAM. or as your organization want
  • Create Security Group and open Required ports.
    • 8081 ..etc
  • Attach Security Group to EC2 Instance.
  • Install java openJDK 1.8+ for Nexus version 3.15

Create nexus user to manage the Nexus server

#As a good security practice, Nexus is not advised to run nexus service as a root user, 
# so create a new user called nexus and grant sudo access to manage nexus services as follows. 
sudo hostname nexus
sudo useradd nexus
# Grand sudo access to nexus user
sudo echo "nexus ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/nexus
sudo su - nexus

Install Java as a pre-requisit for nexus and other softwares

cd /opt
sudo yum install wget git nano unzip -y
sudo yum install java-11-openjdk-devel java-1.8.0-openjdk-devel -y

Download nexus software and extract it (unzip).

sudo wget http://download.sonatype.com/nexus/3/nexus-3.15.2-01-unix.tar.gz 
sudo tar -zxvf nexus-3.15.2-01-unix.tar.gz
sudo mv /opt/nexus-3.15.2-01 /opt/nexus

Grant permissions for nexus user to start and manage nexus service

# Change the owner and group permissions to /opt/nexus and /opt/sonatype-work directories.
sudo chown -R nexus:nexus /opt/nexus
sudo chown -R nexus:nexus /opt/sonatype-work
sudo chmod -R 775 /opt/nexus
sudo chmod -R 775 /opt/sonatype-work
Open /opt/nexus/bin/nexus.rc file and uncomment run_as_user parameter and set as nexus user.
# change from #run_as_user=”” to [ run_as_user=”nexus” ]
vi /opt/nexus/bin/nexus.rc

CONFIGURE NEXUS TO RUN AS A SERVICE

sudo ln -s /opt/nexus/bin/nexus /etc/init.d/nexus

#9 Enable and start the nexus services
sudo systemctl enable nexus
sudo systemctl start nexus
sudo systemctl status nexus
echo "end of nexus installation"


The Sonatype is a concept of “open source” software development which was gaining steam. From the humble beginning of the core contributors to Apache Maven, to supporting the world’s largest repository of open source components (Central), to distributing the world’s most popular repository manager (Nexus), they played a meaningful role in helping the world embrace the power of open innovation.

In their time, they witnessed the staggering volume and variety of open source libraries that began flowing into every development environment in the world. they understood that when open source components are properly managed, they provide a tremendous energy for accelerating innovation. Conversely, when unmanaged, open source “gone wild” can lead directly to security vulnerabilities, licensing risks, enormous rework, and waste.

Nexus works with

OpenShift
Use Nexus to store and manage binaries, build artifacts, and Docker containers within your OpenShift environment.

Amazon Web Services
Manage and secure open source and third-party components in the cloud with Nexus Repository and IQ Server.

Docker

Automate container security and scale DevOps with Lifecycle container analysis.

GitHub
Nexus Lifecycle pushes component intelligence into GitHub where developers can view and respond to policy violations directly in pull requests.

Azure DevOps
Shift security and quality practices left by automatically sending alerts or failing Azure builds when application components are out of compliance with your open source policies.

Welcome to Chattme.com

System Requirements

Supported Versions

Sonatype fully supports versions of repository manager for one year after the release date. Older releases are supported on a best effort basis and the release dates are listed in our download archives. The terms of support are explained in section 3 of the End User License Agreement.

Host Operating System

Any Windows, Linux or Macintosh operating system that can run a supported Java version will work. Other operating systems may work, but they are not tested by Sonatype.

The most widely used operating system for Nexus Repository Manager (NXRM) is Linux and therefore customers should consider it the best tested platform.

Dedicated Operating System User Account

Unless you are just testing the repository manager or running it only for personal use, a dedicated operating system user account is strongly recommended to run each unique process on a given host.

The NXRM process user is typically named ‘nexus’ and must be able to create a valid shell.

Important

As a security precaution, do not run Nexus Repository Manager 3 as the root user.

Adequate File Handle Limits

NXRM3 will most likely want to consume more file handles than the per user default value allowed by your Linux or OSX operating system.

Running out of file descriptors can be disastrous and will most probably lead to data loss. Make sure to increase the limit on the number of open files descriptors for the user running Nexus Repository Manager permanently to 65,536 or higher prior to starting.

See https://issues.sonatype.org/browse/NEXUS-12041 for additional background.

Linux

On most Linux systems, persistent limits can be set for a particular user by editing the /etc/security/limits.conf file. To set the maximum number of open files for both soft and hard limits for the nexus user to 65536, add the following line to the /etc/security/limits.conf file, where “nexus” should be replaced with the user ID that is being used to run the repository manager:

nexus - nofile 65536

This change will only take effect the next time the nexus process user opens a new session. Which essentially means that you will need to restart NXRM.

On Ubuntu systems there is a caveat: Ubuntu ignores the /etc/security/limits.conf file for processes started by init.d.

So if NXRM is started using init.d there, edit /etc/pam.d/common-session and uncomment the following line ( remove the hash # and space at the beginning of the line):

# session    required   pam_limits.so.

If you're using systemd to launch the server the above won't work. Instead, modify the configuration file to add a LimitNOFILE line:

====================================================================================

[Unit]
Description=nexus service
After=network.target

[Service]
Type=forking
LimitNOFILE=65536
ExecStart=/opt/nexus/bin/nexus start
ExecStop=/opt/nexus/bin/nexus stop
User=nexus
Restart=on-abort

[Install]
WantedBy=multi-user.target
====================================================================================

Mac OSX
The method to modify the file descriptor limits on OSX has changed a few times over the years. Please note your OS X version and follow the appropriate instructions.

For OS X Yosemite (10.10) and newer

Create the file: /Library/LaunchDaemons/limit.maxfiles.plist

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
    <dict>
      <key>Label</key>
        <string>limit.maxfiles</string>
      <key>ProgramArguments</key>
        <array>
          <string>launchctl</string>
          <string>limit</string>
          <string>maxfiles</string>
          <string>65536</string>
          <string>65536</string>
        </array>
      <key>RunAtLoad</key>
        <true/>
      <key>ServiceIPC</key>
        <false/>
    </dict>
  </plist>
If this file already exists, then ensure the value is at least 65536 as shown.

The file must be owned by root:wheel and have permissions -rw-r--r--. 

sudo chmod 644 /Library/LaunchDaemons/limit.maxfiles.plist
sudo chown root:wheel /Library/LaunchDaemons/limit.maxfiles.plist
Reboot the operating system to activate the change.


Add a new line to  $install-dir/bin/nexus.vmoptions  containing:

-XX:-MaxFDLimit
Restart NXRM to activate the change.


For OS X Lion (10.7) up to OS X Mavericks (10.9)

Create and edit the system file /etc/launchd.conf using this command:

sudo sh -c 'echo "limit maxfiles 65536 65536" >> /etc/launchd.conf'
Reboot the operating system to activate the change.


Add a new line to $install-dir/bin/nexus.vmoptions containing:

-XX:-MaxFDLimit
Restart NXRM to activate the change.

Windows
Windows operating systems do not need file handle limit adjustments.

Docker
The Nexus Repository Docker images are configured with adequate file limits. Some container platforms such as Amazon ECS will override the default limits. On these platforms it is recommended that the Docker image be run with the following flags:

--ulimit nofile=65536:65536

Java
Nexus Repository Manager requires a Java 8 Runtime Environment (JRE). The distributions for OSX and Windows include suitable runtime environments for the specific operating system. The distributions for Unix do not include the runtime environment. If you prefer to use an external runtime or use a Unix operating system, you can choose to install the full JDK or the JRE only. You can confirm the installed Java version with the java -version  command, for example:

$ java -version
openjdk version "1.8.0_191"
OpenJDK Runtime Environment (build 1.8.0_191-b12)
OpenJDK 64-Bit Server VM (build 25.191-b12, mixed mode)
When multiple JDK or JRE versions are installed, you need to ensure the correct version is configured by running the above command as the operating system user that is used to run the repository manager.

In the event you have a non-standard location you need to update the configuration to specify a specific JDK or JRE installation path. To set the path for a specific Java location open the bin/nexus script and locate the line INSTALL4J_JAVA_HOME_OVERRIDE. Remove the hash and specify the location of your JDK/JRE:

INSTALL4J_JAVA_HOME_OVERRIDE=/usr/lib/jvm/openjdk-8
The startup script verifies the runtime environment by checking for the existence of the nested bin/java command  as well as major and minor version of the runtime to be the required 1.8. If the configured runtime is not suitable, it will proceed with a best effort to locate a suitable runtime configured on the path or via the JAVA_HOME environment variable. If successful, it will start up the repository manager with this JVM. This allows you to have a dedicated runtime environment for the repository manager installed that is not on the path and not used by other installed applications. Further, you can separate upgrades of the Java runtime used by the repository manager from upgrades of the runtime used by other applications.

CPU
Performance is primarily bounded by IO (disk and network) rather than CPU. Available CPUs will impact longer running operations and also the thread allocation algorithms of the web container.

Minimum CPUs: 4    Recommended CPUs: 8+

Memory
Configurable Memory Types
Visit the Configuring the Runtime Enviroment page to learn how to change the default memory settings.

JVM Heap Memory
Heap memory stores runtime application objects. A min ( -Xms ) and max ( -Xmx ) value must be specified and the values should be identical.

Increasing the heap memory larger than recommendations or setting the min and max values to be different is not recommended. This will create performance issues causing the operating system to thrash needlessly.

JVM Direct Memory
Only required for OrientDB.

Direct memory is allocated outside of and distinct from heap memory. A max value must be configured if using OrientDB.

Host Physical Memory
The total memory allocated to the entire operating system or virtual hardware, commonly referred to as RAM.

Memory Requirements
The requirements assume there are no other significant memory hungry processes running on the same host.


JVM Heap	JVM Direct	Host Physical/RAM
Minimum ( default ) 	2703MB	2703MB	8GB
Maximum	4GB	(host physical/RAM * 2/3) - JVM max heap	no limit
General Memory Guidelines
minimum physical/RAM memory on the host 8GB
minimum heap ( -Xms ) must equal set maximum heap ( -Xmx )
minimum heap size 2703MB
maximum heap size <= 4GB
minimum direct memory ( -XX:MaxDirectMemorySize ) size 2703MB
minimum unallocated host physical/RAM memory should be no less than 1/3 of total physical RAM to allow for virtual memory swap
max heap + max direct memory <= host physical/RAM * 2/3
Instance Memory Sizing Profiles
These profiles help gauge the typical physical memory requirements needed for a dedicated server host running repository manager. Due to the inherent complexities of use cases, one size does not fit all and this should only be interpreted as a guideline

Temporary Directory
The temporary directory at $data-dir/tmp must not be mounted with noexec or repository manager startup will fail with java.lang.UnsatisfiedLinkError  message of  failed to map segment from shared object: Operation not permitted .

Disk Space
Application Directory - The size of this directory varies slightly each release. It currently around 330 MB. It is normal to have multiple application directories installed on the same host over time as repository manager is upgraded.

Data Directory - On first start, repository manager creates the base files needed to operate. The bulk of disk space will be held by your deployed and proxied artifacts, as well as any search indexes. This is highly installation specific, and will be dependent on the repository formats used, the number of artifacts stored, the size of your teams and projects, etc.  It's best to plan for a lot though, formats like Docker and Maven can use very large amounts of storage (500Gb easily).  When available disk space drops below 4GB the database will switch to read-only mode.

File Systems
Nexus Repository stores multiple kinds of data, with two primary storage requirements:

** EFS binary storage may not provide necessary throughput for heavy workloads in all configurations.

File System Optimization
We also have some optimization suggestions to use at your discretion.  Also consider the noatime option for your Nexus Repository work directory mounts and limit the symbolic links used as this will cause increased overhead whenever paths need to be resolved to an absolute file path.

Web Browser
Our general policy is to support the most recent modern browser version for your supported OS at time of NXRM release date.

Vendor	              Browser                        Versions
Google	               Chrome                       latest at NXRM release
Mozilla	               Firefox                      latest and ESR at NXRM release
Apple	               Safari                       latest at NXRM release
Microsoft	       Edge	                    latest at NXRM release
Microsoft	       Internet Explorer	    No longer supported
Follow by Email
LinkedIn
Share
WhatsApp

New Report

Close