I have a fedora server. I installed tomcat via yum package manager. Then I deployed the nexus war on the webapps folder. I tryed using jsvc to run the server on port 80 and did not work. I saw you can also use port fowarding. What is the best alternative ?
edit 1: httpd
I followed 3.8. Running Nexus Behind a Proxy from sonatype doc and I'm a bit confused.
I installed httpd, and I have the following configuration, where example.com is my domain.
/etc/httpd/conf.d/nexus.conf
NameVirtualHost *:80
<VirtualHost *:80>
ServerName example.com
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /nexus/ http://localhost:8081/nexus/
ProxyPassReverse /nexus/ http://localhost:8081/nexus/
ProxyPreserveHost On
<Location />
Order allow,deny
Allow from all
</Location>
ErrorLog logs/nexus/error.log
CustomLog logs/nexus/access.log common
</VirtualHost>
/home/guillaume/www/nexus/conf
# Jetty section
application-port=8081
application-host=0.0.0.0
nexus-webapp=${bundleBasedir}/nexus
nexus-webapp-context-path=/nexus
# Nexus section
nexus-work=${bundleBasedir}/../sonatype-work/nexus
runtime=${bundleBasedir}/nexus/WEB-INF
pr.encryptor.publicKeyPath=/apr/public-key.txt
when I try to access
http://localhost:8081/nexus/index.html
everything workhttp://localhost/nexus/index.html
everything work-
http://example.com/nexus/index.html
just hang ( port 80 is open in the firewall )$netstat -tulpn | grep :80
tcp 0 0 :::80 :::* LISTEN 3965/httpd
tcp 0 0 :::8081 :::* LISTEN 3811/java
udp 0 0 0.0.0.0:803 0.0.0.0:* 1051/rpc.statd
any clue on how to make that proxy work ?
edit 2: nginx
I found the error, the dns was wrong: nslookup example.com
resolved to x.x.x.x
when my ip was x.x.x.y
but I did enjoy ngix configuration
server {
listen 80;
server_name example.com;
access_log off;
error_log off;
location / {
proxy_pass http://localhost:8081;
proxy_redirect off;
#Proxy Settings
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# would be a good idea to redirect static assets
}
Best Answer
It's possible to use authbind to get the job done (without any proxy at all). Using it for nexus it a bit tricky though, since nexus is started by a java service wrapper (jsw), which in turn is started by a startup script (which recalls itself as a different user, if desired).
The solution is as follows (relative paths are relative to the nexus home directory,
$NEXUS_HOME
):conf/nexus.properties
set(or whatever you need)
create a (system) user for nexus, which has a login shell (!), e.g.
(make all of the nexus files belong to the new user, e.g.chown -R nexus:nexus .
)A login shell is needed, because
bin/nexus
callssu - $RUN_AS_USER ...
, that's why the usernexus
must be able to "login" (not really).get the user id for the new user:
id -u nexus
(let's pretend it was108
)create the authbind configuration file
/etc/authbind/byuid/108
(use the nexus user's id as the file name):The IP and port should be the same as used in
nexus.properties
(see step 1). The IPv6 port may or may not be needed, depends on other configuration (from Jetty). It's safe to enable it in authbind./usr/local/bin/authbind-java
):(make the file executable, by
chmod +x /usr/local/bin/authbind-java
)bin/jsw/conf/wrapper.conf
, find the settingwrapper.java.command
(should readjava
as value) and replace the value withauthbind-java
(the helper script just written).Now you are ready to start nexus. From nexus' home directory:
(or edit
bin/nexus
and setRUN_AS_USER=nexus
directly and callbin/nexus start
)Nexus (the jetty server) should now start, initialize and finally bind to the port 80, but still running as the "unprivileged" user
nexus
.A side note: since you are binding the port 80 for nexus, it's probably running on an own (virtual) host, thus it's easily possible to designate an own domain name (eg.
nexus.example.com
) to it. When doing so, I prefer to strip the/nexus
prefix (context path) from the URI, to save typing, it's in the domain name already. For having nexus to serve under the root, setnexus-webapp-context-path
to/
(inconf/nexus.properties
). The repository path would become for examplehttp://nexus.example.com/content/repositories/releases
(instead ofhttp://nexus.example.com/nexus/content/repositories/releases
).