How to run nexus sonatype on port 80?

tomcat fedora nexus port80
Guillaume Massé picture Guillaume Massé · Aug 27, 2012 · Viewed 12.9k times · Source

I have a fedora server. I installed tomcat via yum package manager. Then I deployed the nexus war on the webapps folder. I tryed using jsvc to run the server on port 80 and did not work. I saw you can also use port fowarding. What is the best alternative ?

edit 1: httpd

I followed 3.8. Running Nexus Behind a Proxy from sonatype doc and I'm a bit confused. I installed httpd, and I have the following configuration, where example.com is my domain.

/etc/httpd/conf.d/nexus.conf

NameVirtualHost *:80

<VirtualHost *:80>

  ServerName example.com
  ProxyRequests Off

  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>

  ProxyPass /nexus/ http://localhost:8081/nexus/
  ProxyPassReverse /nexus/ http://localhost:8081/nexus/
  ProxyPreserveHost On

  <Location />
    Order allow,deny
    Allow from all
  </Location>

  ErrorLog logs/nexus/error.log
  CustomLog logs/nexus/access.log common
</VirtualHost>

/home/guillaume/www/nexus/conf

# Jetty section
application-port=8081
application-host=0.0.0.0
nexus-webapp=${bundleBasedir}/nexus
nexus-webapp-context-path=/nexus

# Nexus section
nexus-work=${bundleBasedir}/../sonatype-work/nexus
runtime=${bundleBasedir}/nexus/WEB-INF
pr.encryptor.publicKeyPath=/apr/public-key.txt

when I try to access

  • http://localhost:8081/nexus/index.html everything work
  • http://localhost/nexus/index.html everything work

  • http://example.com/nexus/index.html just hang ( port 80 is open in the firewall )

    $netstat -tulpn | grep :80

    tcp 0 0 :::80 :::* LISTEN 3965/httpd
    tcp 0 0 :::8081 :::* LISTEN 3811/java
    udp 0 0 0.0.0.0:803 0.0.0.0:* 1051/rpc.statd

any clue on how to make that proxy work ?

edit 2: nginx

I found the error, the dns was wrong: nslookup example.com resolved to x.x.x.x when my ip was x.x.x.y

but I did enjoy ngix configuration

server {

        listen 80;
        server_name example.com;

        access_log off;
        error_log off;

        location / {
                proxy_pass      http://localhost:8081;
                proxy_redirect  off;

                #Proxy Settings
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        }

        # would be a good idea to redirect static assets
}

Answer

nix picture nix · May 14, 2015

It's possible to use authbind to get the job done (without any proxy at all). Using it for nexus it a bit tricky though, since nexus is started by a java service wrapper (jsw), which in turn is started by a startup script (which recalls itself as a different user, if desired).

The solution is as follows (relative paths are relative to the nexus home directory, $NEXUS_HOME):

  1. in conf/nexus.properties set
application-port=80
application-host=0.0.0.0

(or whatever you need)

  1. create a (system) user for nexus, which has a login shell (!), e.g. 

    adduser --system --shell /bin/sh --no-create-home --group nexus
    (make all of the nexus files belong to the new user, e.g. chown -R nexus:nexus .)
    A login shell is needed, because bin/nexus calls su - $RUN_AS_USER ..., that's why the user nexus must be able to "login" (not really).

  2. get the user id for the new user: id -u nexus (let's pretend it was 108)

  3. create the authbind configuration file /etc/authbind/byuid/108 (use the nexus user's id as the file name):

0.0.0.0,80
::,80

The IP and port should be the same as used in nexus.properties (see step 1). The IPv6 port may or may not be needed, depends on other configuration (from Jetty). It's safe to enable it in authbind.

  1. create a small helper script (needed for the jsw), put in a default executables' path (e.g. /usr/local/bin/authbind-java):
#!/bin/sh
exec authbind java "$@"

(make the file executable, by chmod +x /usr/local/bin/authbind-java)

  1. edit the jsw configuration file bin/jsw/conf/wrapper.conf, find the setting wrapper.java.command (should read java as value) and replace the value with authbind-java (the helper script just written).

Now you are ready to start nexus. From nexus' home directory:

RUN_AS_USER=nexus bin/nexus start

(or edit bin/nexus and set RUN_AS_USER=nexus directly and call bin/nexus start)

Nexus (the jetty server) should now start, initialize and finally bind to the port 80, but still running as the "unprivileged" user nexus.

A side note: since you are binding the port 80 for nexus, it's probably running on an own (virtual) host, thus it's easily possible to designate an own domain name (eg. nexus.example.com) to it. When doing so, I prefer to strip the /nexus prefix (context path) from the URI, to save typing, it's in the domain name already. For having nexus to serve under the root, set nexus-webapp-context-path to / (in conf/nexus.properties). The repository path would become for example http://nexus.example.com/content/repositories/releases (instead of http://nexus.example.com/nexus/content/repositories/releases).

Related questions

How to deploy a war file in Tomcat 7

I have copied the sample.war file into the webapps directory of Tomcat, and I can access localhost:8080. Now how will Tomcat deploy it, I mean do I need to open it in browser? How can I access the application?

Read More
Several ports (8005, 8080, 8009) required by Tomcat Server at localhost are already in use

I'm getting the following error when I try to run a simple JSP program on Tomcat in Eclipse. Several ports (8005, 8080, 8009) required by Tomcat v6.0 Server at localhost are already in use. The server may already be running in another process, …

Read More
"Server Tomcat v7.0 Server at localhost failed to start" without stack trace while it works in terminal

So got this project which worked just fine before the weekend (have other problems, but at least Tomcat launched). Now when I try to launch the Tomcat server it immediately gives the following error: Server Tomcat v7.0 Server at localhost …

Read More