Reputation: 76
How to set a proxy to a public maven repository is read-only mode
I want to setup a development environment that allows reusing some artifacts from public Maven repositories like Maven Central, Code Haus. Specifically, I like the concept of transitive dependencies.
In our company, our production network cannot export any data outside, but we can push data inside. We already have some gateways to copy file from the outside into our network. Therefore, I could use this to copy the required packages manually but we would miss the power of maven. In our case, the perfect solution would be to be able to get data from public repository but be forbidden to deploy to the external repo.
So I would like to have your expert view on this problem.
We can use various means, as long as the capability to export data outside our network is guarantee:
- External packages are created on a disk area that is read-only from production servers.
- Some HTTP requests are filtered.
- Using a repository manager, as Nexus.
In the repository management guide, Nexus talks about this possibility (http://books.sonatype.com/nexus-book/reference/confignx-sect-manage-repo.html). I would like a confirmation from you guys about how secure it is. Specifically, this has to be updated only by the IT manager.
Regards,
Loïc.
Upvotes: 1
Views: 1494
Answers (1)
Reputation: 29912
This is completely feasible and a common setup with Nexus. Here are the steps roughly.
- Lock all developers and CI server inside the network disallowing direct access to outside servers
- Setup Nexus to proxy external repositories like Central as desired
- Allow Nexus to reach to those external repositories via the proxy
- Configure developers and CI server machines to access Nexus to get the dependencies (and transitive dependencies) as desired
Optionally you can also
- Configure CI servers to deploy any internal packages to Nexus
- Configure deployment tools to get components for deployment from Nexus
Also note this can be done via different repository formats and toolchains. The common one is Maven, but Nexus also supports NPM, Nuget, Rubygems, sites, YUM and others.
And if you want to make some of your packages in Nexus available to the outside you can configure this as well following multiple options.
Also note that a proxy repository is by definition read only in terms of deployments to it directly. Thats what a hosted repository is for...
Upvotes: 1
Related Questions
- proxy repository is blocked
- Nexus can not access configured Proxy Repositories such as Maven Central
- Nexus proxy for repo.maven.apache.org not working
- Private server created by Nexus failed to be the proxy of central repository
- How to create proxy repository in nexus
- How to configure maven settings.xml to access nexus behind an apache proxy
- maven repository proxy confusion
- Nexus proxy to Artifactory virtual repository
- Nexus: Unable to get artifact from a proxy repository
- Failed to proxy to maven repo via Nexus