Skip to end of metadata
Go to start of metadata


This FAQ is no longer maintained.  Please visit the Nexus Knowledge Base for up to date information.


Q. Is Nexus the kingpin of all Maven repository managers?

A. Yes, it is! Is that a trick question?

Q. Is Nexus commercial?

A. There is an AGPL licensed version of Nexus, and there are commercially licensed versions of Nexus that provide additional functionality. The open source version is very robust and is the basis of our commercial version, so it undergoes the same rigorous testing that we provide for the commercial versions. The OSS version is not our experimental or less tested version as is the case with some dual licensed applications.

Q. What are the system requirements for Nexus

A. Technically the answer is: Any machine that can run the Java 1.6 JRE (change happened since relefase 1.9). We specifically test the following on our grid:

  • CentOS
  • Red Hat Enterprise Linux
  • Ubuntu (and Ubuntu JEOS)
  • Windows XP, Vista (64bit)
  • FreeBSD
  • OpenSolaris (see below for a known solaris issue)
    Nexus is light on Memory requirements. Our public instance runs in a 1024mb heap and runs in a 768mb heap.  Both of these are very large instances supporting a large number of developers.
Nexus VersionSupported JRE version
1.9 and earlier

5 or 6

2.0-2.56 or 7

Disk space is determined by the size of your repositories, but generally with SNAPSHOT cleanup, repositories are less than 10gb. For comparison, the entire Central repository is currently around 60gb. Without enabling the automated SNAPSHOT cleanup, and it is certainly possible to generate hundreds of gigabytes of artifacts a week with aggressive CI building.

Q. Where can I find startup scripts for OS's not included in the bundle?

A. We ship with the most common OS startup scripts: Windows, Linux 32/64, Mac OSX and Solaris. If you Need AIX or HP UX, they can be found here.

Q. What's with your amazingly boring logo for Nexus?

A. Our real logo for Nexus is what you see here:


Q. How do I use Nexus with a Socks server?

A. Add the following parameters to the wrapper.conf in /conf: (make sure the numbers are sequential with the existing list)


You can read more about these JDK options here

Q. Is Nexus available as a WAR file?

A. It is as of Nexus 1.1. It has been tested using Jetty, Tomcat 5.5.27, 6.0.x, and Resin Application Servers.  For Glassfish, see the question below.
Note: Nexus must be run as an extracted war.

Q. Why can't I deploy the WAR into GlassFish server?

A. This is because of a known issue about logging conflict. To resolve this conflict, you need to remove the console appender of log4j.

For versions before 1.3, the log4j configuration file for nexus is nexus.war/WEB-INF/;

From 1.3, the log4j configuration file is $work-dir/conf/, note that this file will be auto-generated at the first time you deploy nexus.war, but this time the deployment will fail.

For versions 2.0 and later a change needs to be made to the deployment descriptor. See here for details.

Remove the console appender like this:

  1. In the first line, change "log4j.rootLogger=INFO, console, logfile" to "log4j.rootLogger=INFO, logfile"
  2. Remove all lines staring with "log4j.appender.console"

Then restart GlassFish and deploy the WAR with the modified file.

If your problem remains, you need to make sure your GlassFish has write permission to the $work-dir directory, by default it's $user_home/sonatype-work/nexus, but you can customize it by setting system property, or setting environment variable PLEXUS_NEXUS_WORK, or editing the file nexus.war/WEB-INF/

Q. Why can't I deploy the WAR into Weblogic?

A. Some users have reported needing to set the following property in the domain's config.xml file.

Q. How can I integrate Nexus with Apache Httpd and Mod_Proxy?

A. While we feel that the best performance for the system is achieved by accessing the embedded container directly, we also understand that some environments are highly integrated with Apache Httpd. There are several ways that Jetty can be tied to Apache. The Jetty team recommends using mod_proxy and you can read more about it at mod_proxy.

A proper Mod_proxy configuration is shown below:

If you wish to host Nexus at the root of a system, the config might look like this:

If you are having trouble with urls generated from Nexus, be sure to check the Force option next to the Base URL entry on the server settings screen. (1.3+)

Q. How can I enable APJ or serve SSL directly from the embedded Jetty instance?

See the detailed documentation here: Advanced Jetty Configuration

Q. I'm unable to browse repositories via the UI. What did I do wrong?

A. Most likely you are using mod_proxy and forgot to add "ProxyPreserveHost On" to your config, or you need to Force the Base URL. See the previous answer for a working example.

Q. How can I control Nexus configurations in my environment?

A. Nexus will pull in some configuration data from environment variables; currently the following can be defined:

    • The location of the nexus work directory, where nexus stores all of its configurations and repository contents.
    • Defaults to $(basedir)/../sonatype-work/nexus
    • The location of the nexus runtime directory
    • Defaults to $(basedir)/runtime
    • The location of the nexus application directory
    • Defaults to $(basedir)/runtime/apps
    • The location of the nexus webapp directory
    • Defaults to $(basedir)/runtime/apps/nexus/webapp
    • The context path in Jetty Web Server that nexus webapp will be served at
    • Defaults to /nexus

Q. I'm having trouble installing Nexus on Solaris!

A. We are aware of two potential issues that are specific to Solaris:

  1. There are some known incompatibilities with the version of tar provided by Solaris and the gzip tar format. If you are installing Nexus on Solaris, you must use the GNU tar application, or you will end up with corrupted files.

Please see this post for more information.

  1. It has been reported that the HeapDumpOnOutOfMemoryError option is not supported on some JVMs. The fix for this is to edit $nexus_home/conf/wrapper.conf to remove "\:+HeapDumpOnOutOfMemoryError". Be sure to renumber to .3.

Q. What if my OS does not have JSW scripts in the Nexusbundle?

A. Nexus is a java application so it should be runnable on any OS with a supported jvm. JSW provides startup and monitoring of JVMs so they can be treated like a service. The bundle only contains the most common OS scripts, but more can be retrieved from the JSW project directly.
Alternatively, Nexus can be launched with a simple java command like:

Note the plexus-platform-jsw-xxx.jar version may change. You can find the exact file in $nexus_home/lib.

Q. How can I extend or completely override the Nexus Security Model?

A. Please see the dedicated Security FAQ on our public wiki Nexus Security FAQ

Q. Why do I see errors regarding MKCOL when I try to deploy something?

A. If you see an error similar to the following:

This means you have a "dav\:http\://" url in your distributionManagement section of your pom. Nexus doesn't need dav so you only need an "http\://" url.

Q. Why am I getting "OpenSCManager failed - Access is denied. (0x5)" errors when I launch Nexus on Windows?

A. Here is how to get around the problem of access denied in vista command prompt.

click on start

click "All Programs"

click on accessories

right click on "Command Prompt" icon

click "properties"

click on the "shortcut" tab on the top

click the advanced button at the bottom

click on the check box that says "Run as Administrator".

click OK

N.B its a good idea to de-select this check box once you finish what you want to do.

when you are done click on the same icon that you have changed the properties to start a command prompt session that has no access denied error. Note that if you use Start->run->cmd or Start->run->command you will still get the same access denied error. What you need to do is; click on start click "All programs"

click on Accessories

click on "Command Prompt" icon

the command prompt session that you get will allow you to perform administrator operations

Q. Can I make a repository private without disabling anonymous access?

A. Yes. (this will require Nexus 1.1) You will need to change the roles around a bit. Follow these steps.

  1. Create a new Privilege that gives access to you public group (or individual repositories) NOTE: Assigning access to a group is equivalent to assigning these privileges to all of the repositories in the group.
    1. Login to nexus as an administrator.
    2. Click on Privileges in the left menu.
    3. Click Add.
    4. Use the following values:
      1. Name: M2 Public Repositories (Group)
      2. Description: Access to Public Repositories (Group)
      3. Repository: Public Repositories (Group)
      4. Repository Target: All (Maven2)
    5. Save.
  2. Repeat the previous step for all you public groups and/or respositories.
  3. Create a new Role and assign this new privilege to it.
    1. Click on Roles in the left menu.
    2. Click Add.
    3. User the following values:
      1. Role Id: repo-public-read
      2. Name: Repo: All Public Repositories (read)
      3. Description: Read only access to all public repositories.
      4. Session Timeout: 60
      5. Selected Roles / Privileges: M2 Public Repositories (Group) - (read)
      6. NOTE: Include all of the roles you created in the first step.
    4. Save.
  4. Remove the Grant Read all role from the Anonymous user and add the new role.
    1. Click on Users in the left menu.
    2. Click on the anonymous user.
    3. Remove the role 'Repo: All Repositories (read)'
    4. Add the role 'All Public Repositories (read)'
    5. Save.

You may need to create other Privileges to grant users access to your private repositories

Q. How do I disable artifact redeployment.

Note: The steps below are valid, but all recent versions of Nexus have a "deployment policy" setting in hosted repository configuration. Setting this to "disable redeploy" will accomplish the same thing as the steps below.

A. Create a new deployment role that does not have update privilege but has a privilege to update Metadata.

  1. Create a new Privilege that gives access Maven 2 Metadata
    1. Login to nexus as an administrator.
    2. Click on Privileges in the left menu.
    3. Click Add.
    4. Use the following values:
      1. Name: All M2 Repositories Metadata
      2. Description: All M2 Repositories Metadata
      3. Repository: All Repositories
      4. Repository Target: All Metadata (Maven2)
    5. Save.
  2. Create a new Deployment Role.
    1. Click on Roles in the left menu.
    2. Click Add.
    3. User the following values:
      1. Role Id: repo-custom-deploy
      2. Name: Repo: All Repositories (no update)
      3. Description: Allows deployment to all M2 Repositores, but does not allow overwriting artifacts.
      4. Session Timeout: 60
      5. Selected Roles / Privileges: All Metadata (Maven2) - (update), Nexus Anonymous Role, All M2 Repositories - (create), All M2 Repositories - (read), All M2 Repositories - (delete)
      6. NOTE: adding delete is optional.
    4. Save.
  3. Replace the roles assigned to the deployment user.
    1. Click on Users in the left menu.
    2. Click on the deployment user.
    3. Remove the roles 'Repo: All Repositories (Full Control)' and 'Nexus Deployment Role'
    4. Add the role 'Repo: All Repositories (no update)'
    5. Save.

Q. How can I reset a forgotten admin password?

A. If you had the user's email address set properly (and the smtp configuration set properly), you could click login in the UI and select forgot password, enter the username and email address, and a new password will be sent to you. If you do not have email setup properly, you will need to manually edit the security.xml file, located in (nexus-basedir)/../sonatype-work/nexus/conf/security.xml. First stop nexus, then open the file, and find the <user> object that has a <id> of admin. Then change the <password> to f865b53623b121fd34ee5426c792e5c33af8c227 . This will give the admin user a password of admin123 (the default) and you will again be able to login.

Q. Why can't my browser properly login to the nexus server?

A. There could be any number of reasons for this, i.e. nexus isn't running, you are attempting to connect to an invalid url, etc. There are also certain cases where your network connection may be causing the problem (i.e. vpn tunnel). The best way to validate that nexus is working properly, is to create an ssh tunnel to your nexus server, which will be a direct connection, thus rule out any network problems, be it proxy server, vpn, etc. Run the following to start a tunnel (this assumes you are running nexus on the default 8080 port on your server)

The above command will open an ssh tunnel to servername\:8080 and forward all traffic to your local machine on port 8080 to that tunnel. At this point, if accessing nexus via http://localhost:8080/nexus begins to work, then you know that some network configuration is blocking your access to nexus.

Q. How can I import my Local Repository or a Mixed SNAPSHOT / Release repo from another tool into Nexus?

A. We have some tools that make this a piece of cake. See Nexus Command Line Tools for instructions.

Q. Nexus has so many different privileges, can i get an overview?

A. You sure can. See this Nexus Privileges for details.

Q. Using IE7 Nexus is not responding and i receive numerous Timeout -1 errors, how can I resolve this ?

A. This is most likely caused because nexus is timing out trying to contact our sonatype server to retrieve the latest version information of nexus. IE7 has a default limit of 2 connections to a server, so if an AJAX message is waiting response, no further messages will get through, they will be blocked. To resolve this issue, see the knowledge base article

Q. How can I retrieve a snapshot if I don't know the exact filename?

A. Nexus Provides a separate REST API to retrieve files when interpreting the maven-metadata.xml is required. The syntax looks like this\:


  • r = the id of the repository or group to search (Required)
  • g = the groupId of the file (Required)
  • a = the artifactId of the file (Required)
  • v = the version of the file, this may be "LATEST", "RELEASE", a version number like "2.0", or a snapshot version number like "2.0-SNAPSHOT". (Required)
  • c = the classifier of the file (Optional)
  • e = the type or extension of the file (Optional)
  • p = packaging (Nexus will resolve known packaging types to the correct extension). (Optional)

If the version is not a concrete version, then Nexus will look in the maven-metadata.xml in the same way Maven does to resolve the version. The filename will be set in the content-disposition header field, so if you are using wget, be sure to use the --content-disposition flag so the filename is correct.

There is an alternate form of the API that uses redirects to work around the content-disposition setting. This form is shown below\:

Q. I'm having trouble connecting via https or ldaps

A. If you're connecting to this site from Nexus, you'll need to import the certificate included with your Nexus license into the JVM used to run your Nexus instance. To make this process simpler, you can use our import-ssl tool, as shown below.


  1. If you're using the default JSSE keystore locations on either a Linux or OS X platform, you must run the commands below as the root user. You can do this either by changing to the user root: su -, or by using the sudo command:

  2. The default password used by Java for the built-in keystores is changeit. If your keystore uses a different password, you'll need to specify that password as the last parameter on the command lines above.
  3. If you want to specify your own keystore location, provide that in place of /path/to/your/keystore in the examples below.
  4. If you're using a password other than 'changeit' for your keystore, you should supply it immediately following the keystore path in the commands below.
  5. If you specify a keystore location that doesn't exist, the import-ssl utility will create it on-demand.

Import the Server SSL Chain

The first command simply imports the entire self-signed SSL certificate chain for into your JSSE keystore:

Q. The "latest" and "release" tags in maven-metadata.xml are not being updated after deploying artifacts

A. The maven-metadata.xml files are not updated by Nexus during deployment, they are updated by Maven. It downloads the file, updates it, and then redeploys it.

Maven will update the "release" field only during the following scenarios:

1) Maven 2.x deploys using -DupdateReleaseInfo=true
2) Maven 3.x deploys a non-snapshot artifact

The "latest" field is only intended for plugin resolution, and is only set upon deployment of a maven-plugin artifact, both for Maven 2.x and 3.x regardless whether a release or snapshot gets deployed.

Also, Maven will update these fields with whatever version it is currently deploying, so "latest" and "release" will not necessarily correspond to the highest version number.

If you need the highest version of a non-plugin artifact you should be using version ranges, see section 3.4.3 here.

Q. What versions of Java can I use to run Nexus?

A. Nexus 2.0 is compatible with Sun/Oracle/IBM Java 6 and 7. Note that when using Oracle Java 7 you must use version 7.0u1 or later, the original release contains a bug which causes Nexus indexes to fail. Also note that versions of Nexus prior to 2.0 are not compatible with Java 7.

Q. How do I make a routing rule which only allows one or two artifacts to be retrieved from a particular proxy repository?

A. You need to make an exclusive rule with a negative regular expression.

For example, to make it so that only artifacts that match paths "/org/some/groupid/artifact/." or "/org/some/other/groupid/anotherartifact/." can be retrieved from repository "remoterepo" define the rule as follows:

URL Pattern: (?!(/org/some/groupid/artifact/.*|/org/some/other/groupid/anotherartifact/.*)).*
Rule Type: Exclusive
Ordered Route Repositories: remoterepo
Repository Group: All Repositories

Q. I installed Nexus into "c:\Program Files" on Windows 7, and it won't start.

A. The problem here is that you've installed Nexus into "program files" as a regular user. Starting with Windows Vista Microsoft introduced a feature called file virtualization for certain protected folders such as "program files". If you attempt to write a file in C:\Program Files without administrator privileges, it is silently redirected to a Virtual Store directory located inside the current user's account.

The problem is that Nexus is not aware this has happened, it thinks it is in "c:\program files", and it can't find the files it needs to start up.

You'll need to remove this Nexus installation, then do one of the following:

1) Select "run as administrator" when running whatever program you used to unpack Nexus before installing into "program files".
2) Install into a location which is not protected by file virtualization.

Q. Does the "Non Proxy Host" config under HTTP Proxy Settings support wildcards?

A. Yes, but these need to be regular expressions, not wildcards. So to to add domain name "" to the list you'll need this, for example:

Q. How can I improve startup time of Nexus when it is fronted with Apache+mod_proxy

A. The Apache ProxyPass directive has a default error retry timeout of 60 seconds. This means that after a restart there will be up to a one minute delay between the time Nexus is running and the time it becomes available. You can control this with the "retry" parameter, as in:

ProxyPass / http://localhost:8081/ retry=1

  • No labels