How to serve Nexus OSS through X-Frame

Hi there,

I run nexus at home, but would like to use an domain I bought to access it. The solution I have right now is port forwarding the Nexus Server from home to the internet, and then using a redirect on my domain to go to my IP and Port.

I would like to instead serve this via an iframe, and embedding the server/port as the src in the iframe. But the problem I have is when I do this I get one of two errors:

Refused to display ‘http://xx.xx.xx.xx:8081/’ in a frame because it set ‘X-Frame-Options’ to ‘DENY’.

And when I added the option to for:

I get
Refused to display ‘http://xx.xx.xx.xx:8081/’ in a frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN’.

Is there a way that I can get SAMEORIGIN to be disabled?

I believe you can edit your file to set nexus.http.denyframe.enabled to false.

Hi Martz, I have set this property in the file, but it then returns the error:

Refused to display ‘’ in a frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN’.

If you like, you can view the iframe at

If you can help me better understand how to use reverse proxy, so I can host my own nexus and serve it at a URL that might help me, I thought it would be easier to serve through iframe, as I did this with Jenkins ( and there is no issue (I had to use a plugin though)

you can also see the full page online at - I have a redirect set up at which goes directly there, but was hoping instead to just serve an iframe at that address, so the url address bar would never change while a user was viewing the portal

Just to check, you did restart nexus after setting that property? It won’t get picked up dynamically. Reverse proxy instructions are here: Run Behind a Reverse Proxy

yes, I’ve restarted nexus several times since, but the problem is after setting the deny frame - it still won’t allow me to use an iframe (SAMEORIGIN issue).

I am very new to run behind a reverse proxy, Im just a hobbyist guy trying to do some of his own stuff. The running behind a reverse proxy seems very complex. I would need to run nginx or apache on my server/computer as well? And then address the Reverse Proxy instructions? This seems very much overkill. Is there no setting that can also be flagged so that I can issue X-Frame Option -> SAMEORIGIN ALLOW-FROM mysite along with the X Frame Header?

Or do you have any helpful tutorials or write ups that can help me implement the reverse proxy step by step? the instructions are in the write up seem to be designed for someone with more knowledge of either apache or nginx

Sorry but we haven’t built nexus repository manager to run within an iframe. The setting I told you about appears to be intended only for specific endpoints that run within an iframe in the application. I’ve never setup or configured nginx or apache and we don’t have specific instructions for that since it’s outside the scope of our application (other than the link I provided above).

You cannot display a lot of websites inside an iFrame. Reason being that they send an “X-Frame-Options: SAMEORIGIN” response header. This option prevents the browser from displaying iFrames that are not hosted on the same domain as the parent page.

I faced the same error when displaying YouTube links. For example:

I replaced watch?v= with embed/ so the valid link will be:

It works well.

Try to apply the same rule on your case.


The page can only be displayed in a frame on the same origin as the page itself. The spec leaves it up to browser vendors to decide whether this option applies to the top level, the parent, or the whole chain, although it is argued that the option is not very useful unless all ancestors are also in the same origin.