Configure the fundamental behavior of your Nexus server, including network settings, health checks, and TLS.
Configure the core server behavior in your nexus.toml:
[server]
listen_address = "127.0.0.1:8000"
[server.health]
enabled = true
path = "/health"listen_address: The address and port Nexus will bind to (optional, defaults to127.0.0.1:8000)health.enabled: Enable the health check endpoint (default:true)health.path: Path for health checks (default:/health)health.listen: Separate address for health endpoint (optional)
For secure connections, configure TLS certificates:
[server.tls]
certificate = "/path/to/server.crt"
key = "/path/to/server.key"Both certificate and key must be in PEM format.
-
Certificate Management
- Use certificates from trusted Certificate Authorities in production
- Rotate certificates before expiration
- Store certificate files with restricted permissions (600)
-
Security Considerations
- Always use TLS in production environments
- Keep TLS certificates outside of version control
- Monitor certificate expiration dates
The health check endpoint is essential for monitoring and load balancer integration:
[server.health]
enabled = true
path = "/health"
listen = "0.0.0.0:8001" # Optional: separate port for health checksWhen healthy, returns HTTP 200 with:
{
"status": "healthy"
}Use the health endpoint for:
- Kubernetes liveness and readiness probes
- AWS ELB/ALB health checks
- Docker health checks
- Monitoring systems (Prometheus, Datadog, etc.)
- Configure OAuth2 Authentication for secure access
- Set up Rate Limiting to protect your server
- Enable Client Identification for user tracking