Deploy Sonatype Nexus Repository OSS on Ubuntu — universal artifact manager for Maven, npm, Docker, PyPI, and NuGet with proxy and hosting.
Grab the automated bash script from GitHub to follow along with the video.
wget https://raw.githubusercontent.com/mhmdali94/Docker/main/dev/nexus/nexus-ubuntu.sh
chmod +x nexus-ubuntu.sh
sudo bash nexus-ubuntu.shwget https://raw.githubusercontent.com/mhmdali94/Docker/main/dev/nexus/nexus-ubuntu.shchmod +x nexus-ubuntu.shThe script installs Docker if needed, then sets up the service automatically.
sudo bash nexus-ubuntu.shOpen your browser and navigate to:
http://<your-server-ip>:8081Retrieve the auto-generated admin password, complete the setup wizard, then create your first repositories.
# Retrieve the auto-generated admin password
docker exec nexus cat /nexus-data/admin.password
# Log in at http://<your-server-ip>:8081 with admin + above password
# Complete the setup wizard to set a new password
# Create repositories: Proxy (npm, Maven), Hosted (Docker, npm), Group| Port | Purpose |
|---|---|
| 8081 | Nexus Web UI & API |
| 8082 | Docker Registry (optional) |
Sonatype Nexus Repository OSS is the industry-standard universal artifact repository manager. It hosts and proxies packages across every major ecosystem: Maven (Java), npm (JavaScript), Docker images, PyPI (Python), NuGet (.NET), Helm charts, and more — all from a single server. For teams working across multiple languages, Nexus eliminates the need for separate registries: one server manages all artifact types with unified authentication, access control, and storage policies. Its proxy-and-cache feature is particularly valuable in CI/CD: pipeline builds pull dependencies from Nexus (which caches from the internet), dramatically reducing build times and enabling fully offline builds after the initial cache warm-up.
Every time a CI job runs npm install or mvn package, it hammers the public internet for dependencies that almost never change. Nexus puts a local cache in front of every package manager — subsequent builds are 3–10× faster and immune to upstream registry outages. Beyond caching, Nexus is the only self-hosted option that unifies npm, Maven, Docker, PyPI, and NuGet in one UI, one user database, and one backup operation. For air-gapped environments (security-sensitive, regulated industries), Nexus is often the mandatory solution.
Nexus Repository uses port 8081 for the web UI and all repository APIs. Docker registry repositories require a separate port (default 8082) — configure this per repository in the UI. Both ports should be proxied through Nginx Proxy Manager with HTTPS. Never expose the Nexus admin UI (port 8081) directly to the public internet — restrict access to your VPN or internal network.
Verdaccio (npm only, far simpler, requires ~50 MB RAM), Harbor (Docker images only, excellent UI), JFrog Artifactory (enterprise, more features than Nexus OSS but expensive), Gitea Packages (built into Gitea — no extra server if you already use Gitea). Nexus is the right choice when you need a single server that handles multiple package formats for a multi-language team.
Skip Nexus if your server has less than 4 GB RAM — it will run poorly. If you only need a private npm registry, use Verdaccio instead (10× simpler). If you only need a Docker registry, use Harbor. If your team uses only one package manager and already uses Gitea, Gitea Packages is built in and needs no extra server. Nexus's complexity is justified only when you genuinely need multi-format artifact management.
PrismaTechWork provides end-to-end infrastructure services — from initial deployment and security hardening to ongoing monitoring, automated backups, and dedicated support. Whether you need a single-server setup or a multi-site network, our team ensures your infrastructure is built right, secured properly, and maintained reliably.
Yes. Sonatype Nexus Repository OSS (Open Source Edition) is free for commercial use under the Eclipse Public Licence. It supports all major repository formats (Maven, npm, Docker, PyPI, NuGet, Helm, etc.) without any usage limits or paid tier. Nexus Pro adds features like staging repositories, smart search, and priority support — but OSS covers all core artifact management needs for most teams.
Create a Proxy repository of type Maven2 with Remote Storage URL set to https://repo1.maven.org/maven2/. Then create a Group repository of type Maven2 and add your hosted (for private libraries) and proxy (for Maven Central) repositories to it. Point your Maven settings.xml or build.gradle to the Group repository URL. All Maven builds will now resolve through Nexus, with public artifacts cached locally.
Yes. Create a Docker Hosted repository in Nexus and configure it with an HTTPS connector on port 8082 (or use the default Nexus port with a path prefix). Update your docker daemon's insecure-registries (for development) or provide a valid TLS certificate. Then docker login your-nexus-host:8082 and docker push to publish images. Create a Docker Proxy repository to cache Docker Hub images too.
Create a Proxy repository of type npm with Remote Storage URL https://registry.npmjs.org. Create a Hosted npm repository for private packages. Create a Group npm repository combining both. Point npm to the Group URL: npm set registry http://your-nexus:8081/repository/npm-group/. For authenticated publish, create a Bearer token in Nexus user settings and add it to your .npmrc.
A Group repository is a virtual repository that combines multiple Proxy and Hosted repositories behind a single URL. Instead of pointing your build tool to both a proxy (npmjs.org cache) and a hosted (private packages) repository, you point it to the Group and Nexus resolves across all members automatically. This means one .npmrc or settings.xml entry handles both public and private packages transparently.
Create Cleanup Policies in Administration → System → Cleanup Policies. For proxy repositories, set criteria like 'not downloaded in 90 days' or 'older than 6 months'. For hosted repositories, keep only the last N versions of each artifact. After creating the policy, associate it with the target repository. Run the Cleanup task manually first to see how much space it reclaims, then schedule it daily or weekly.
Nexus requires a minimum of 4 GB RAM and 4 CPU cores for acceptable performance. The JVM defaults to using up to 2.7 GB heap. For a team of 5–20 developers with moderate CI activity, 4 GB RAM and a fast SSD are sufficient. For 50+ developers or heavy Maven/Docker usage, plan for 8 GB RAM. Disk space depends on what you cache — a Maven Central proxy can accumulate hundreds of GB over time without cleanup policies.
Yes — this is one of Nexus's primary use cases. In air-gapped deployments, you first populate the blob store by running builds with internet access (Nexus fetches and caches dependencies from public registries). You then disconnect the server from the internet. All subsequent CI builds resolve entirely from the Nexus cache. For truly air-gapped installs with no initial internet, use the Nexus offline content tool to pre-populate artifact bundles.