Nexus Repository 2 officially sunsetted June 30, 2025. Visit my.sonatype.com for archived documentation. Migrate to Sonatype Nexus Repository 3 as soon as possible.
Nexus Repository 2 uses the Jetty container, and Jetty provides a handler that can be used to restrict access by IP addresses and subnets.
Attached is a sample jetty config file that allows you to configure the IP Access Handler using Nexus Repository 2.8+.
To configure it:
- Download and store the file at
NEXUS_HOME/conf/jetty-ipaccess.xml
, with the same permissions as the other jetty files - Edit
NEXUS_HOME/conf/jetty-ipaccess.xml
, add white listed and blacklisted addresses using the syntax as documented in the javadoc. By default, all access is allowed - Edit
NEXUS_HOME/bin/jsw/conf/wrapper.conf
, and reference the new jetty file as an app parameter iewrapper.app.parameter.3=./conf/jetty-ipaccess.xml
(3 by default, however the next available number must be used) - Restart Nexus Repository