Installing Nexus Repository 3 on Ubuntu Server with Secure Remote Access
This tutorial covers everything from Java preparation to automation as a service and secure access from an external PC
Nexus 3 requires Java 8 specifically to function correctly
Nexus 3 was built on an architecture that relies on version 8-specific libraries
Let’s confirm the exact path for Java 8:
update-java-alternatives -lThat will list all the versions of Java you have installed
java 8 instalation:
sudo apt update && sudo apt install openjdk-8-jdkverification:
java -versionIt should say 1.8.x (the current version)
Nexus Installation
Download the official Sonatype package
Unzip to /opt/
You will have two folders:
- /opt/nexus (the program)
- and /opt/sonatype-work (your data and repositories)
For security reasons, do not run it as root
Configured as a Service (Systemd)
so that Nexus starts automatically when the server is turned on and runs in the background
sudo vi /etc/systemd/system/nexus.servicecontent:
[Unit]
Description=nexus service
After=network.target
[Service]
Type=forking
LimitNOFILE=65536
ExecStart=/opt/nexus/bin/nexus start
ExecStop=/opt/nexus/bin/nexus stop
User=axeldamian
Restart=on-abort
[Install]
WantedBy=multi-user.target*axeldamian is a linux ubuntu server user
Add the line Environment within the [Service] section:
[Service]
Type=forking
LimitNOFILE=65536
Environment="JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-amd64"
ExecStart=/opt/nexus/bin/nexus start
...The key is the JAVA_HOME environment variable within the service file, You are giving a direct instruction to the process
The system ignores global Java: Even if the java -version command in your terminal says “21”, the Nexus service will read that line and look for the executable only in the Java 8 path you specified
It’s the difference between your user’s environment and the service’s environment.
echo $JAVA_HOME: This command queries your terminal session (your current user). Since you didn’t define the variable in your .bashrc or profile file, the terminal doesn’t know what it is. That’s why it might return empty.
strings /proc/$(pgrep -f nexus | head -n 1)/environ | grep JAVA_HOMEaxeldamian@axxelin:~$ strings /proc/$(pgrep -f nexus | head -n 1)/environ | grep JAVA_HOME
JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-amd6
java 8 & nexus (This is if you already have Nexus installed and the .service command from systemctl to set Java version 8 is not working)
As an added measure, you can also edit the Nexus options file to “pin” the version:
Nexus has a specific file for this. Let’s edit it:
sudo vi /opt/nexus/bin/nexus.vmoptionsAt the beginning of the file (or by searching for the line INSTALL4J_JAVA_HOME_OVERRIDE), make sure it points to your Java 8. If the line is missing, you can add it at the top:
-Djava.home=/usr/lib/jvm/java-1.8.0-openjdk-amd64Once the service is running, you can confirm which version of Java the Nexus process is using with this command:
ps -ef | grep nexusIn the output of that command, you’ll see a very long line that starts with the path to the Java executable. If you configured everything correctly, you should see something like this:
… /usr/lib/jvm/java-1.8.0-openjdk-amd64/bin/java -Dinstall4j.jvmDir=…
Although Nexus can automatically detect Java 8, it’s bad practice to rely on its internal detection if you have multiple Java versions (such as 21). Defining Environment="JAVA_HOME=..." in the .service file ensures that the repository is stable and doesn’t attempt to use an incompatible engine after a system update.
So, modifying /opt/nexus/bin/nexus.vmoptions is one alternative, but you actually need to modify /etc/systemd/system/nexus.service [Service] environment=
There are two layers of security to ensure nothing goes wrong.
- /etc/systemd/system/nexus.service (The main one): By putting Environment=”JAVA_HOME=…” within the [Service] section, you are telling the operating system: “When you launch this process, prepare this environment with Java 8.” This is the cleanest and standard way in Linux
- /opt/nexus/bin/nexus.vmoptions (The Booster): Modifying this file is an alternative (or add-on) that directly tells the Nexus binary which Java to use, ignoring any other system settings
Ideally, you should do it in the .service file, because you centralize the service administration there
activation commands
so that Linux knows that this service should start automatically:
When you run sudo systemctl start nexus, the system looks for a file called exactly nexus.service inside /etc/systemd/system/
If the file were called repository.service, you would have to run sudo systemctl start repository
The .service extension: You can omit it from the command (just use nexus), and systemctl will assume you’re referring to the .service file
Reload the service list:
sudo systemctl daemon-reloadAfter performing the daemon-reload, you can use this command to see if Linux recognizes your service by its filename
systemctl list-unit-files | grep nexusIf nexus.service appears in the list, you’re ready to start it!
Enable automatic startup when the server boots:
sudo systemctl enable nexussudo systemctl enable nexus
Start the service right now:
sudo systemctl start nexusCheck if it’s turned on:
sudo systemctl status nexusTake a close look at the CGroup line within your systemctl status:
└─1375 /usr/lib/jvm/java-1.8.0-openjdk-amd64/bin/java …
Sonatype’s internal logic: The Nexus script is a familiar one. It’s programmed to search for specific Java versions that it knows work. There’s likely a list of paths where it prefers to search within the internal configuration files of the /opt/nexus/bin folder (not the .vmoptions file, but the script itself called nexus)
Since it found the folder /usr/lib/jvm/java-1.8.0-openjdk-amd64, it chose itself because it “knows” that it won’t boot with version 21
Even if it’s working “magically” now, in Linux it’s never a good idea to rely on magic
If you install a different version of Java or update the system tomorrow, the Nexus script might get confused and try to use version 21, and that would break the service
Although Nexus is sometimes able to find Java 8 on its own, the best practice is to define it explicitly
Check if the status appears as active (running)
Turn it off:
sudo systemctl stop nexusRestart it:
sudo systemctl restart nexusView real-time logs:
journalctl -u nexus -f