Configuring Nexus Repository 2 for Secure Access to Maven Central

Prior to Aug 3, 2014, secure access to the Central Repository was limited to Nexus Pro licensees and those who obtained a special Auth Token from Sonatype after making a Apache Software Foundation donation. Going forward, Sonatype offers SSL access to Central for everyone free of charge.

This article describes how to migrate your older or previously upgrade Nexus instances to use the new secure URLs.


Secure Central for Nexus Repository Pro

For new, not-upgraded installations of Nexus Repository Pro 2.9+, there is nothing to do.

Nexus Repository Pro 2.2 to 2.8.1 is configured by default with a repository named "Central" which uses a secure remote URL of https://secure.central.sonatype.com/maven2/. This repository is already included as a member of the default public group repository.

Switching from Nexus Pro Secure Central to Free Secure Central in Nexus Repository 2 Pro

If you have a Central proxy repository configured in Nexus Repository with a Remote Storage Location that uses a secure remote storage location of https://secure.central.sonatype.com/maven2/ for central, then you can switch to the freely available secure central URL easily.

  1. As a Nexus administrator, select your secure Central repository in the Nexus Repositories list and open the Configuration tab.
  2. Change the Remote Storage Location value to https://repo1.maven.org/maven2/
  3. Click Save button to save your changes.
  4. Disable the secure central capability. Open Administration -> Capabilities tab. Select Secure Central capability. View its Settings. Make sure the Enabled checkbox is not checked. Save the capability.
  5. Ensure that the Remote Storage Location specified in step (2) is still set to https://repo1.maven.org/maven2/ and update it if necessary.

Advantages and Disadvantages of Using Free Secure URL Instead of the Secure Central Plugin URL

The main advantage is you have the fastest possible secure access to Central. You eliminate any reliance on the Nexus Pro Secure Central plugin, requesting, sending and validating auth tokens from Nexus. Our services avoid the overhead of validating the auth token. Long term, the secure.central.sontype.org domain may be shut down.

The disadvantage is that Central is hosted on a CDN and the IP address ranges of this CDN may periodically change. This should only impact some very locked down fire-walled environments which only allow outbound requests to fixed set of IPs. We expect the availability and performance of the CDN to outweigh any disadvantage of floating IPs.

Switching from Insecure Central to Secure Central in Nexus Repository 2 Pro

Central has many different insecure domain aliases floating around. The defacto standard is http://repo1.maven.org/maven2/ . If you have a Central proxy repository configured in Nexus with a Remote Storage Location that uses an insecure HTTP remote storage location for central, then you can switch to a free secure Central URL easily.

  1. As a Nexus administrator, select your insecure Central repository in the Nexus Repositories list and open the Configuration tab.
  2. Change the Remote Storage Location value to https://repo1.maven.org/maven2/
  3. Click Save button to save your changes.

Secure Central for Nexus Repository OSS

For new, not-upgraded installations of Nexus Repository OSS 2.9+, there is nothing to do.

Previously upgraded or older Nexus Repository instances can use the Secure Central service for free.

Switching From Insecure Central to Secure Central in Nexus Repository OSS

Follow the steps for Switching from Insecure Central to Secure Central in Nexus Pro.

Switching From Paid Secure Central to Free Secure Central

  1. As a Nexus Repository 2 administrator, select your Central repository in the Repositories list and open the Configuration tab.
  2. Change the Remote Storage Location value to https://repo1.maven.org/maven2/
  3. On the same screen, go to the expanded Http Request Settings (optional) section and delete the Additional URL Parameters field contents specifying the Secure Central auth token. Free Secure central does not require this token.

    Screen_Shot_2012-12-03_at_4.22.06_PM.png

  4. Click Save to save your changes.

Problems?

If you have any trouble accessing the service just submit a ticket at https://support.sonatype.com

Have more questions? Submit a request

0 Comments

Article is closed for comments.