Post Install Checklist
After installing Nexus Repository, complete the tasks below to ensure your Nexus Repository instance's security.
1 - Change the Admin Password
To ensure the system begins with a secure state, Nexus Repository Manager generates a unique random password during the system’s initial startup which it writes to the data directory (
sonatype-work/nexus3) in a file called
To configure the system, the user must prove they’re the system owner by retrieving the initial password from the filesystem. This password can then be changed manually through the user interface, or programmatically through the REST API.
Using the User Interface
Click the Sign in button in the top right of the page, until the initial password has been changed the dialog that comes up will indicate the file path of a file containing the password for the admin user.
The admin user will then be presented with a setup wizard which will assist the user in changing the admin password along with other initial system setup.
Using the REST API
For systems that are provisioned programmatically we also provide a REST API which can be used to change a user’s password. The provisioning system must first read the randomly generated password from the admin.password file.
2 - Configure Anonymous Access
When using the user interface another step in the wizard is configuring whether anonymous access is allowed in the system. Until configured the system will allow unauthenticated users to read the contents of repositories.
3 - Change the Administrative Email Address
The admin user comes with a default email address configured and, since this address is not going to be very useful to anyone, see Working with Your User Profile for details.
4 - Configure the SMTP Settings
The repository manager can send username and password recovery emails. To enable this feature, you will need to configure a SMTP Host and Port as well as any necessary authentication parameters that the repository manager needs to connect to the mail server.
5 - Configure Default HTTP and HTTPS Proxy Settings
In many deployments the internet, and therefore any remote repositories that the repository manager needs to proxy, can only be reached via a HTTP or HTTPS proxy server internal to the deployment company. In these cases the connection details to that proxy server need to be configured in order for the repository manager to be able to proxy remote repositories at all.
6 - Set Up a Backup Procedure for Your Server
Read and utilize Backup and Restore. Things happen and it is always advisable to backup your configurations and data on a scheduled basis.
7 - Set Up Routing Rules
Set up routing rules to prevent issues such as a name hijacking attack where a malicious user creates packages in a registry with names used by your internal projects.
8 - Require User Tokens for Repository Access PRO
Nexus Repository Pro users should consider configuring token-based access.
9 - Set Up Maintenance Tasks
You should set up the following essential maintenance tasks:
10 - Set Up Cleanup Policies
In your repository settings, set up cleanup policies.