Repository Management with Nexus


3.8. Running Nexus Behind a Reverse Proxy

The Nexus installation bundle is based on the high-performance servlet container Eclipse Jetty running the Nexus web application. This achieves a very high performance of Nexus and make installation of a separate proxy for performance improvements unnecessary.

However, in many cases organizations run applications behind a proxy for security concerns, familiarity with securing a particular proxy server or to consolidate multiple disparate applications using tools like mod_rewrite.

Some brief instructions for establishing such a setup with Apache httpd follow as an example. We assume that you’ve already installed Apache 2, and that you are using a virtual host for

Let’s assume that you wanted to host Nexus behind Apache httpd at the URL To do this, you’ll need to change the context path that Nexus is served from.

  1. Edit in $NEXUS_HOME/conf. You’ll see an element named nexus-webapp-context-path. Change this value from /nexus to /
  2. Restart Nexus and Verify that it is available on http://localhost:8081/
  3. Set the Base URL in Nexus as shown in Figure 6.4, “Administration Application Server Settings” under Application Server Settings to the URL that will be the externally available URL of Nexus e.g.

At this point, edit the httpd configuration file for the virtual host. Include the following to expose Nexus via mod_proxy at

ProxyRequests Off
ProxyPreserveHost On

<VirtualHost *:80>
  ProxyPass / http://localhost:8081/
  ProxyPassReverse / http://localhost:8081/
  ErrorLog logs/
  CustomLog logs/ common

If you just wanted to continue to serve Nexus at the /nexus context path, you would not change the nexus-webapp-context-path and you would include the context path in your ProxyPass and ProxyPassReverse

  ProxyPass /nexus/ http://localhost:8081/nexus/
  ProxyPassReverse /nexus/ http://localhost:8081/nexus/

For the user interface to work via the proxy reliably you also need to configure a ProxyPassReverseCookiePath.

  ProxyPass /nexus http://localhost:8081/
  ProxyPassReverse /nexus http://localhost:8081/
  ProxyPassReverseCookiePath / /nexus

When your reverse proxy is configured to serve https, but it proxies with plain http to your Nexus instance, an additional header is required. This will ensure Nexus renders absolute URLs using the correct protocol. When setting this header, make sure that in Figure 6.4, “Administration Application Server Settings” Force Base URL is not checked.

  RequestHeader set X-Forwarded-Proto "https"

Apache configuration is going to vary, based on your own application’s requirements and the way you intend to expose Nexus to the outside world. If you need more details about Apache httpd and mod_proxy, please see the documentation at and specifically

A similar setup can be configured with nginx. The following configuration is a simplified example for an nginx server running port 80. This server proxies Neuxs running on the same server ( = localhost) at the default port 8081 on the default context /nexus:

http {
    proxy_send_timeout 120;
    proxy_read_timeout 300;
    proxy_buffering    off;
    keepalive_timeout   5;
    tcp_nodelay        on;
    server {
        listen       80;
        server_name  localhost;

        location /nexus {
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

The nginx documentation contains further details for setting this up for HTTP as well as for HTTPS, if desired.

If the components proxied include larger files be sure to set client_max_body_size to an appropriate value to ensure uploads and downloads can succeed through nginx.