Prior to Aug 3, 2014, secure access to the Central Repository was limited to Nexus Pro licensees and those who obtained a special Auth Token from Sonatype after making a Apache Software Foundation donation. Going forward, Sonatype offers SSL access to Central for everyone free of charge.
This article describes how to migrate your older or previously upgrade Nexus instances to use the new secure URLs.
Secure Central for Nexus Repository Pro
For new, not-upgraded installations of Nexus Repository Pro 2.9+, there is nothing to do.
Nexus Repository Pro 2.2 to 2.8.1 is configured by default with a repository named "Central" which uses a secure remote URL of https://secure.central.sonatype.com/maven2/. This repository is already included as a member of the default public group repository.
Switching from Nexus Pro Secure Central to Free Secure Central in Nexus Repository 2 Pro
If you have a Central proxy repository configured in Nexus Repository with a Remote Storage Location that uses a secure remote storage location of https://secure.central.sonatype.com/maven2/ for central, then you can switch to the freely available secure central URL easily.
- As a Nexus administrator, select your secure Central repository in the Nexus
Repositorieslist and open theConfigurationtab. - Change the
Remote Storage Locationvalue to https://repo1.maven.org/maven2/ - Click
Savebutton to save your changes. - Disable the secure central capability. Open Administration -> Capabilities tab. Select Secure Central capability. View its Settings. Make sure the Enabled checkbox is not checked. Save the capability.
- Ensure that the
Remote Storage Locationspecified in step (2) is still set to https://repo1.maven.org/maven2/ and update it if necessary.
Advantages and Disadvantages of Using Free Secure URL Instead of the Secure Central Plugin URL
The main advantage is you have the fastest possible secure access to Central. You eliminate any reliance on the Nexus Pro Secure Central plugin, requesting, sending and validating auth tokens from Nexus. Our services avoid the overhead of validating the auth token. Long term, the secure.central.sontype.org domain may be shut down.
The disadvantage is that Central is hosted on a CDN and the IP address ranges of this CDN may periodically change. This should only impact some very locked down fire-walled environments which only allow outbound requests to fixed set of IPs. We expect the availability and performance of the CDN to outweigh any disadvantage of floating IPs.
Switching from Insecure Central to Secure Central in Nexus Repository 2 Pro
Central has many different insecure domain aliases floating around. The defacto standard is http://repo1.maven.org/maven2/ . If you have a Central proxy repository configured in Nexus with a Remote Storage Location that uses an insecure HTTP remote storage location for central, then you can switch to a free secure Central URL easily.
- As a Nexus administrator, select your insecure Central repository in the Nexus
Repositorieslist and open theConfigurationtab. - Change the
Remote Storage Locationvalue to https://repo1.maven.org/maven2/ - Click
Savebutton to save your changes.
Secure Central for Nexus Repository OSS
For new, not-upgraded installations of Nexus Repository OSS 2.9+, there is nothing to do.
Previously upgraded or older Nexus Repository instances can use the Secure Central service for free.
Switching From Insecure Central to Secure Central in Nexus Repository OSS
Follow the steps for Switching from Insecure Central to Secure Central in Nexus Pro.
Switching From Paid Secure Central to Free Secure Central
- As a Nexus Repository 2 administrator, select your Central repository in the
Repositorieslist and open theConfigurationtab. - Change the
Remote Storage Locationvalue to https://repo1.maven.org/maven2/ - On the same screen, go to the expanded
Http Request Settings (optional)section and delete the Additional URL Parameters field contents specifying the Secure Central auth token. Free Secure central does not require this token.
- Click Save to save your changes.
Problems?
If you have any trouble accessing the service just submit a ticket at https://support.sonatype.com
0 Comments