Skip to main content

Post Install Checklist

After installing Nexus Repository, complete the tasks below to ensure your Nexus Repository instance's security.

1 - Change the Admin Password

To ensure the system begins with a secure state, Nexus Repository Manager generates a unique random password during the system’s initial startup which it writes to the data directory ($data-dir, typically sonatype-work/nexus3) in a file called admin.password.

To configure the system, the user must prove they’re the system owner by retrieving the initial password from the filesystem. This password can then be changed manually through the user interface, or programmatically through the REST API.

Using the User Interface

Click the Sign in button in the top right of the page, until the initial password has been changed the dialog that comes up will indicate the file path of a file containing the password for the admin user.


The admin user will then be presented with a setup wizard which will assist the user in changing the admin password along with other initial system setup.

Using the REST API

For systems that are provisioned programmatically, we also provide a REST API which can be used to change a user’s password. The provisioning system must first read the randomly generated password from the admin.password file.

2 - Configure Anonymous Access

When using the user interface another step in the wizard is configuring whether anonymous access is allowed in the system. Until configured the system will allow unauthenticated users to read the contents of repositories.

3 - Change the Administrative Email Address

The admin user comes with a default email address configured and, since this address is not going to be very useful to anyone, see Working with Your User Profile for details.

4 - Configure the SMTP Settings

The repository manager can send username and password recovery emails. To enable this feature, you will need to configure an SMTP Host and Port as well as any necessary authentication parameters that the repository manager needs to connect to the mail server.

5 - Configure Default HTTP and HTTPS Proxy Settings

In many deployments, the internet, and therefore any remote repositories that the repository manager needs to proxy, can only be reached via a HTTP or HTTPS proxy server internal to the deployment company. In these cases the connection details to that proxy server need to be configured in order for the repository manager to be able to proxy remote repositories at all.

6 - Set Up a Backup Procedure for Your Server

Read and utilize Backup and Restore. Things happen and it is always advisable to backup your configurations and data on a scheduled basis.

7 - Set Up Routing Rules

Set up routing rules to prevent issues such as a name hijacking attack where a malicious user creates packages in a registry with names used by your internal projects.

8 - Require User Tokens for Repository Access PRO

Nexus Repository Pro users should consider configuring token-based access.

9 - Set Up Maintenance Tasks

You should set up the following essential maintenance tasks:

  • Maven - Delete unused SNAPSHOTS

  • Docker - Delete incomplete uploads

  • Admin - Compact blob store

10 - Set Up Cleanup Policies

In your repository settings, set up cleanup policies.