<TABLE OF CONTENTS>
Visit my.sonatype.com for documentation on Nexus Repository version 2.
What is HTTP Strict Transport Security (HSTS)?
HSTS is a standard intended to encourage web browsers to only transmit requests securely using https to a given host name. This feature can prevent accidental transmission of sensitive data to a plain http endpoint at the same host name by web browsers which support it.
Build tools do not typically support HSTS, however they will not break either if the server sends indication that the server supports it.
Enabling HSTS in Nexus Repository 2.15.0 or Newer
When TLS connections are terminated by Nexus Repository directly through Eclipse Jetty configuration, HSTS is already enabled by default.
If you are terminating HTTPS connections to Nexus Repository using a reverse proxy, you must configure your reverse proxy to enable or disable HSTS. Instructions for doing that are beyond the scope of this article.
How to Disable HSTS in Nexus Repository 2.15.0 or Newer
- Edit
/conf/nexus.properties - Add a line containing
jetty.https.stsMaxAge=-1
- Save the file and restart Repository 2.
How To Enable HSTS in Nexus Repository 2.14.21 or Older
Older versions of Nexus Repository 2 using Eclipse Jetty 8. In those versions, HSTS is not available through Jetty.
Use a reverse proxy server in the front Nexus Repository if you require HSTS.