diff --git a/.gitignore b/.gitignore
index 5d576886..14601bd2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,6 +5,7 @@ molecule/**/.molecule/
 molecule/**/__pycache__/
 molecule/**/.cache
 molecule/**/.pytest_cache
+molecule/custom_env.yml
 README.md.orig.*
 README.md.toc.*
 *.pyc
diff --git a/README.md b/README.md
index 7f0a8acd..7440e204 100644
--- a/README.md
+++ b/README.md
@@ -37,6 +37,7 @@ _(Created with [gh-md-toc](https://github.com/ekalinin/github-markdown-toc))_
             * [Purge nexus](#purge-nexus)
             * [Force groovy scripts registration](#force-groovy-scripts-registration)
             * [Change admin password after first install](#change-admin-password-after-first-install)
+            * [Upgrade nexus to latest version](#upgrade-nexus-to-latest-version)
       * [Dependencies](#dependencies)
       * [Example Playbook](#example-playbook)
       * [Development, Contribution and Testing](#development-contribution-and-testing)
@@ -48,7 +49,7 @@ _(Created with [gh-md-toc](https://github.com/ekalinin/github-markdown-toc))_
       * [License](#license)
       * [Author Information](#author-information)
 
-<!-- Added by: olcla, at: 2018-09-14T15:30+02:00 -->
+<!-- Added by: olcla, at: 2018-10-03T15:25+02:00 -->
 
 <!--te-->
 
@@ -86,13 +87,17 @@ Ansible variables, along with the default values (see `default/main.yml`) :
     nexus_download_url: "http://download.sonatype.com/nexus/3"
 ```
 
-The role will install/upgrade-to latest nexus available version by default. You may fix the version by tuning the `nexus_version` variable. See available versions at https://www.sonatype.com/download-oss-sonatype.
+The role will install latest nexus available version by default. You may fix the version by setting the `nexus_version` variable. See available versions at https://www.sonatype.com/download-oss-sonatype.
 
-If you use an older version of nexus, you should make sure you do not use features which are not available (e.g. yum hosted repositories for nexus < 3.8.0, git lfs repo for nexus < 3.3.0, etc.)
+If you fix the version and change it to a different one, the role will try to upgrade your installation. **Make sure to change to a later version in release history**. Downgrading will fail (unless you re-install from scratch using the [`nexus_purge` special var](#purge-nexus))
+
+If you don't fix the version and play the role on an existing installation, the current installed version will be used (detecting target of `{{ nexus_installation_dir}}/nexus-latest`). If you want to upgrade nexus, you will have to pass the special var `nexus_upgrade=true` on the ansible-playbook command line. See [Upgrade nexus to latest version](#upgrade-nexus-to-latest-version)
+
+If you use an older version of nexus than the lastest, you should make sure you do not use features which are not available in the installed release (e.g. yum hosted repositories for nexus < 3.8.0, git lfs repo for nexus < 3.3.0, etc.)
 
 `nexus_timezone` is a Java Timezone name and can be useful in combination with `nexus_scheduled_tasks` cron expressions below.
 
-You may change the download site for packages by tuning `nexus_download_url` (e.g. closed environment, proxy/cache on your network...). **In this case, the automatic detection of the latest version will most likelly fail and you will have to set the version to download.** If you still want to take advantage of automatic latest version detection, a call to `<your_custom_location>/latest-unix.tar.gz` must return and HTTP 302 redirect to the latest available version in your cache/proxy.
+You may change the download site for packages by tuning `nexus_download_url` (e.g. closed environment, proxy/cache on your network...). **In this case, the automatic detection of the latest version will most likelly fail and you will have to fix the version to download.** If you still want to take advantage of automatic latest version detection, a call to `<your_custom_location>/latest-unix.tar.gz` must return an HTTP 302 redirect to the latest available version in your cache/proxy.
 
 ### Download dir for nexus package
 ```yaml
@@ -657,6 +662,22 @@ If you want to change your admin password after first install, you can temporari
 ansible-playbook -i your/inventory.ini your_playbook.yml -e nexus_default_admin_password=oldPassword
 ```
 
+#### Upgrade nexus to latest version
+
+```yaml
+    nexus_upgrade: true
+```
+**This variable has no effect if nexus_version is fixed in your vars**
+
+Unless you set this variable, the role will keep the current installed nexus version when running against an already provisionned host. Passing this extra var will trigger automatic latest nexus version detection and upgrade if a newer version is available.
+
+**Setting this var as part of your playbook breaks idempotence** (i.e. your playbook will make changes to your system if a new version is available although no parameters have changed)
+
+We strongly suggest to use this variable only as an extra var to ansible-playbook call
+```bash
+ansible-playbook -i your/inventory.ini your_playbook.yml -e nexus_upgrade=true
+```
+
 ## Dependencies
 
 The java and httpd requirements /can/ be fulfilled with the following galaxy roles :
diff --git a/molecule/default-playbook.yml b/molecule/default-playbook.yml
index d3fcc7a8..e18a916e 100644
--- a/molecule/default-playbook.yml
+++ b/molecule/default-playbook.yml
@@ -6,3 +6,15 @@
   vars_files:
     - ssl-{{ ansible_os_family }}.yml
     - nexus_test_vars.yml
+  # Allow to add some extra env for guest
+  # for local tests purposes (e.g. set proxy)
+  # Usage: create molecule/custom_env.yml and define molecule_custom_env
+  #
+  # ---
+  # molecule_custom_env:
+  #   http_proxy: http://my.proxy:8080
+  # ...
+  #
+  # Call molecule converge with extra vars loading the file
+  # molecule converge -s <scenario> -- -e @../custom_env.yml
+  environment: "{{ molecule_custom_env | default({}) }}"
diff --git a/tasks/nexus_install.yml b/tasks/nexus_install.yml
index 603d11d2..097678a1 100644
--- a/tasks/nexus_install.yml
+++ b/tasks/nexus_install.yml
@@ -1,7 +1,27 @@
 ---
 
-- name: No version given =>> calculate latest available nexus version
+- name: Set detection method to fixed if we have a var
+  set_fact:
+    nexus_version_detected_from: fixed
+  when: nexus_version != ""
+
+- name: No version given => Version detection
   block:
+    - name: "Check nexus-latest link stat in {{ nexus_installation_dir }}"
+      stat:
+        path: "{{ nexus_installation_dir }}/nexus-latest"
+      register: nexus_latest_link_stat
+      check_mode: no
+
+    - name: Register nexus_version from currently installed
+      # Note: setting nexus_version here skips the next block task.
+      set_fact:
+        nexus_version: "{{ nexus_latest_link_stat.stat.lnk_target | regex_replace('^.*/nexus-(\\d*\\.\\d*\\.\\d*-\\d*)', '\\1') }}"
+        nexus_version_detected_from: installed
+      when:
+        - nexus_latest_link_stat.stat.exists | default(false)
+        - nexus_latest_link_stat.stat.islnk | default(false)
+        - not (nexus_upgrade | default(false))
 
     - name: Call latest nexus uri to get redirection
       uri:
@@ -12,12 +32,22 @@
       # No changes made, we only need the target uri. Safe for check mode and needed for next operations
       check_mode: no
 
-    - name: Register latest nexus version from redirection
+    - name: Register nexus_version from latest nexus uri redirection
       set_fact:
         nexus_version: "{{ nexus_latest_uri_call.location | regex_replace('^https://.*nexus-(\\d*\\.\\d*\\.\\d*-\\d*)-unix.tar.gz', '\\1') }}"
+        nexus_version_detected_from: latest
 
   when: nexus_version == ''
 
+- name: Print info about detected version to use
+  vars:
+    version_info: |-
+      Used version: {{ nexus_version }}
+      Version detected from: {{ nexus_version_detected_from }}
+      Upgrade allowed: {{ nexus_upgrade | default(false) }}
+  debug:
+    msg: "{{ version_info.split('\n') }}"
+
 - name: Register nexus package name
   set_fact:
     nexus_package: "nexus-{{ nexus_version }}-unix.tar.gz"