Reputation: 1172
What are the best practices for creating a Nexus private repository group for proxy repositories requiring authentication
One of the Maven repositories I want to proxy through my Nexus repository is private, i.e., it requires a username/password for access. So, I set up a proxy repository the usual way and entered my credentials under the authentication settings. So far, so good.
Now, normally I would add the new repository to the public repository group. But, as I understand it, this will allow anyone with access to my repository to access this private repository through mine, without authentication. Is this correct?
Can I solve this issue by creating a private repository group containing the new repository? I would then have to make a new repository target privilege in order to restrict access to the new private group, right?
I think the next step would be to create a new <profile> and <repository> in my settings.xml, as well as a corresponding <mirror>. And, finally, I'll need to exclude the new repository URL pattern from my default <mirror> (e.g., <mirrorOf>*,!thirdparty,!private</mirror>).
Am I on the right track? Making this harder than it needs to be? Or missing something?
Upvotes: 3
Views: 3318
Answers (1)
Reputation: 29912
Your suspicion is correct if you do not restrict access to the proxy repository you set up and added to the public group.
However if you restrict access to the proxy repo with username and password its artifacts will be available in the public group. But only to users that connect to it with credentials that have sufficient access to your proxy repository. The public group aggregates not just the content but also takes the security settings of the repositories it aggregates into account.
If you follow that approach all you need to do is have your users that should be allowed to access the proxy repo content connect to Nexus with credentials you give out and control access to. Anonymous users will not have access to the artifacts when connecting to the public group as anonymous.
Your approach would work too but it is a lot more work for all the users since you control it outside of Nexus rather than right there..
Upvotes: 1
Related Questions
- Setting up authenticated maven repo on Nexus server
- Setting a single server credentials in Maven for multiple repositories
- Proxy all maven dependency repositories through internal Nexus
- How to create proxy repository in nexus
- How to make local Nexus repository be proxy for more public repoistories
- How do I configure Maven to log in to username/password protected repository hosted by Nexus?
- Nexus access rights for particular repository
- How to add a Proxy Respository to the Public Repositories group
- Is there better way of configuring repositories in Nexus?
- Restricting local Nexus repository to access Central