Repository Management with Nexus

3.8. Running Nexus Behind a Reverse Proxy

The Nexus installation bundle is based on the high-performance servlet container Eclipse Jetty running the Nexus web application. This achieves a very high performance of Nexus and make installation of a separate proxy for performance improvements unnecessary.

However, in many cases organizations run applications behind a proxy for security concerns, familiarity with securing a particular proxy server or to consolidate multiple disparate applications using tools like mod_rewrite.

Some brief instructions for establishing such a setup with Apache httpd follow as an example. We assume that you’ve already installed Apache 2, and that you are using a virtual host for www.somecompany.com.

Let’s assume that you wanted to host Nexus behind Apache httpd at the URL http://www.somecompany.com. To do this, you’ll need to change the context path that Nexus is served from.

  1. Edit nexus.properties in $NEXUS_HOME/conf. You’ll see an element named nexus-webapp-context-path. Change this value from /nexus to /
  2. Restart Nexus and Verify that it is available on http://localhost:8081/
  3. Clear the Base URL in Nexus as shown in Figure 6.4, “Administration Application Server Settings” under Application Server Settings.

At this point, edit the httpd configuration file for the www.somecompany.com virtual host. Include the following to expose Nexus via mod_proxy at http://www.somecompany.com/.

ProxyRequests Off
ProxyPreserveHost On

<VirtualHost *:80>
  ServerName www.somecompany.com
  ServerAdmin admin@somecompany.com
  ProxyPass / http://localhost:8081/
  ProxyPassReverse / http://localhost:8081/
  ErrorLog logs/somecompany/nexus/error.log
  CustomLog logs/somecompany/nexus/access.log common
</VirtualHost>

If you just wanted to continue to serve Nexus at the /nexus context path, you would not change the nexus-webapp-context-path and you would include the context path in your ProxyPass and ProxyPassReverse

  ProxyPass /nexus/ http://localhost:8081/nexus/
  ProxyPassReverse /nexus/ http://localhost:8081/nexus/

If you want to serve Nexus on a context path that is different than the one it has been configured for you will also need to add a ProxyPassReverseCookiePath.

  ProxyPass /nexus http://localhost:8081/
  ProxyPassReverse /nexus http://localhost:8081/
  ProxyPassReverseCookiePath / /nexus

When your reverse proxy is configured to serve https, but it proxies with plain http to your Nexus instance, an additional header is required. This will ensure Nexus renders absolute URLs using the correct protocol. When setting this header, make sure that in Figure 6.4, “Administration Application Server Settings” Force Base URL is not checked.

  RequestHeader set X-Forwarded-Proto "https"

Apache configuration is going to vary, based on your own application’s requirements and the way you intend to expose Nexus to the outside world. If you need more details about Apache httpd and mod_proxy, please see http://httpd.apache.org