Repository Management with Nexus

6.2. Managing Repositories

To manage Nexus repositories, log in as the administrative user and click on Repositories in the Views/Repositories menu in the left-hand Nexus menu.

Nexus provides for three different kinds of repositories - Proxy Repositories, Hosted Repositories and Virtual Repositories.

6.2.1. Proxy Repository

A proxy repository is a proxy of a remote repository. By default, Nexus ships with the following configured proxy repositories:

Apache Snapshots
This repository contains snapshot releases from the Apache Software Foundation.
Codehaus Snapshots
This repository contains snapshot released from Codehaus.
Central
This is the Central Repository containing release artifacts. Formerly known as Maven Central, it is the default built-in repository for Apache Maven and directly supported in other build tools like Gradle, SBT or Ant/Ivy. For Nexus OSS the URL http://repo1.maven.org/maven2/ is used, while Nexus Professional has the SSL secured version https://secure.central.sonatype.com/maven2/ preconfigured. Nexus OSS users and users of other repository managers can purchase usage of the secured version for a nominal fee.

6.2.2. Hosted Repository

A hosted repository is a repository which is hosted by Nexus. Maven ships with the following configured hosted repositories:

3rd Party
This hosted repository should be used for third-party dependencies not available in the public Maven repositories. Examples of these dependencies could be commercial, proprietary libraries such as an Oracle JDBC driver that may be referenced by your organization.
Releases
This hosted repository is where your organization will publish internal releases.
Snapshots
This hosted repository is where your organization will publish internal snapshots.

6.2.3. Virtual Repository

This serves as an adaptor to and from different types of repositories. Currently Nexus supports conversion to and from Maven 1 repositories and Maven 2 repositories. In addition you can expose any repository format as a NuGet or OBR repository. For example a Maven 2 repository can contain OSGi Bundles, which can be exposed as a OSGi Bundle repository with the virtual repository Provider set to OBR.

By default it ships with a Central M1 shadow repository that exposes the Central repository in Maven 1 format.

Do you know where your dependencies are?

Keep track of everything in Nexus, see the entire tree.

Try Nexus Pro for Free

6.2.4. Configuring Repositories

The Repositories window displayed in Figure 6.9, “Repository Configuration Screen for a Proxy Repository” allows you to create, update and delete different repositories with the Add, Delete and Trash button. Use the Refresh button to update the displayed list of repositories and repository groups. The Trash button allows you to empy the trash folder into which deleted components are copied, when any delete operations are performed from the Nexus user interface.

By default the list of repositories displays the repositories configured and managed by the administrator. The drop down on the right of the Trash button allows you to switch the list of repositories and view the repositories managed by Nexus. There are staging repositories as documented in Chapter 11, Improved Releases with Nexus Staging or procurement repositories as documented in Chapter 10, Nexus Procurement Suite.

figs/web/repository-manager_repository-config.png

Figure 6.9. Repository Configuration Screen for a Proxy Repository


The list of repositories visible in Figure 6.9, “Repository Configuration Screen for a Proxy Repository” allows you to access more details for each repository by selecting a specific row and displays some information for each repository in the following columns:

Repository
the name of the repository with repository groups displayed in bold
Type
the type of the repository with values of proxy, hosted or virtual for repositories or group for a repository group
Health Check
the result counts for a repository health check as documented in Chapter 12, Repository Health Check
Format
the format used for the storage in the repository with values such as maven2, nuget, site or others
Policy
the deployment policy that applies to this repository. Not all repository policies. The typical Maven format allows Snapshot and Release policies.
Repository Status
the status of the repository as well as further information about the status, for example information about SSL certification problems or the status of the remote repository even for a currently disabled proxy repository
Repository Path
the direct URL path that exposes the repository via http access and potentially allows access and directory browsing outside of the Nexus interface

Clicking on a colum header allows you to sort the list in ascending or descending order based on the column data.

If you perform a right clicking on a row you can trigger a number of actions on the current repository. These actions depend on the repository type and include:

Expire Cache
expire the cache of hosted or a proxy repository or a repository group
Rebuild Metadata
rebuid the metadata of a hosted Maven 2 repository
Block Proxy / Allow Proxy
toggle between allowing or blocking the remote repository configured in a proxy repository
Put Out Of Service / Put in Service
enable or disable the repository service making changing the availability of all components in it
Repair Index / Update Index
repair or update the index of a hosted or proxy repository or a repository group
figs/web/repository-manager_repository-config-2.png

Figure 6.10. Repository Configuration Screen for a Proxy Repository


figs/web/repository-manager_repository-config-3.png

Figure 6.11. Repository Configuration Access Settings for a Hosted Repository


Figure 6.9, “Repository Configuration Screen for a Proxy Repository” and Figure 6.10, “Repository Configuration Screen for a Proxy Repository” show the repository configuration screen for a proxy repository in Nexus. From this screen, you can manage the settings for proxying an external repository:

Repository ID
The repository ID is the identifier which will be used in the Nexus URL. For example, the central proxy repository has an ID of "central", this means that maven can access the repository directly at http://localhost:8081/nexus/content/repositories/central. The Repository ID must be unique in a given Nexus installation. ID is required.
Repository Name
The display name for a repository. Name is required.
Repository Type
The type of repository (proxy, hosted, or virtual). You can’t change the type of a repository, it is selected when you create a repository.
Provider and Format
Provider and Format define in what format Nexus exposes the repository to external tools. Supported formats depend on the installed plugins. Nexus Open Source includes support for Maven 1, Maven 2 and Site repositories. Nexus Professional adds support for NuGet and OBR and additional plugins can add support for P2 and P2 Update Site and other formats.
Repository Policy
If a proxy repository has a policy of release than it will only access released versions from the remote repository. If a proxy repository has a policy of snapshot, it will download snapshots from the remote repository.
Default Storage Location
Not editable, shown for reference. This is the default storage location for the local cached contents of the repository.
Override Storage Location
You can choose to override the storage location for a specific repository. You would do this if you were concerned about storage and wanted to put the contents of a specific repository (such as central) in a different location.
Remote Repository Access

This section tells Nexus where to look for and how to interact with the remote Maven repository being proxied.

Remote Storage Location
This is the URL of the remote Maven repository, that needs to be configured for a proxy repository. When selecting the URL to proxy it is beneficial to avoid proxying remote repository groups. Proxying repository groups prevents some performance optimization in terms of accessing and retrieving the content of the remote repository. If you require components from the group that are found in different hosted repositories on the remote repository server it is better to create multiple proxy repositories that proxy the different hosted repositories from the remote server on your Nexus server instead of simply proxying the group.
Download Remote Indexes
This field controls the downloading of the remote indexes. If enabled, Nexus will download the index, if it exists, and use that for its searches as well as serve that up to any clients which ask for the index (like m2eclipse). The default for new proxy repositories is enabled, but all of the default repositories included in Nexus have this option disabled. To change this setting for one of the proxy repositories that ship with Nexus, change the option, save the repository, and then re-index the repository. Once this is done, artifact search will return every artifact available on the Maven Central repository.
Auto Blocking Enabled
If Auto blocking active is set to true, Nexus will automatically block a proxy repository if the remote repository becomes unavailable. While a proxy repository is blocked, artifacts will still be served to clients from a local cache, but Nexus will not attempt to locate an artifact in a remote repository. Nexus will periodically retest the remote repository and unblock the repository once it becomes available.
File Content Validation
If set to true, Nexus will perform a lightweight check on the content of downloaded files. This will prevent invalid content to be stored and proxied by Nexus, which otherwise can happen in cases where the remote repository (or some proxy between Nexus and the remote repository) for example returns an HTML page instead of the requested file.
Checksum Policy

Sets the checksum policy for a remote repository. This option is set to Warn by default. The possible values of this setting are:

  • Ignore - Ignore the checksums entirely
  • Warn - Print a warning in the log if a checksum is not correct
  • StrictIfExists - Refuse to cache an artifact if the calculated checksum is inconsistent with a checksum in the repository. Only perform this check if the checksum file is present.
  • Strict - Refuse to cache an artifact if the calculated checksum is inconsistent or if there is no checksum for an artifact.
Authentication
This section allows you to set a Username, Password, NT LAN Host, and NT Lan Manager Domain for a remote repository.
Access Settings

This section configures access settings for a repository.

Deployment Policy
This setting controls how a Hosted repository allows or disallows artifact deployment. If this policy is set to "Read Only", no deployment is allowed. If this policy is set to "Disable Redeploy", a client can only deploy a particular artifact once and any attempt to redeploy an artifact will result in an error. If this policy is set to "Allow Redeploy", clients can deploy artifacts to this repository and overwrite the same artifact in subsequent deployments. This option is visible for Hosted repositories as shown in Figure 6.11, “Repository Configuration Access Settings for a Hosted Repository”.
Allow File Browsing
When set to true, users can browse the contents of the repository with a web browser.
Include in Search
When set to true, this repository is search when you perform an Artifact Search in Nexus. If this setting is false, the contents of the repository are excluded from a search.
Publish URL
If this property is set to false, the repository will not be published on a URL, and you will not be able to access this repository remotely. You would set this configuration property to false if you want to prevent clients for connecting to this repository directly.
Expiration Settings

Nexus maintains a local cache of artifacts and metadata, you can configure expiration parameters for a proxy repository. The expiration settings are:

Not Found Cache TTL
If Nexus fails to locate an artifact, it will cache this result for a given number of minutes. In other words, if Nexus can’t find an artifact in a remote repository, it will not repeated attempt to resolve this artifact until the Not Found Cache TTL time has been exceeded. The default for this setting is 1440 minutes (or 24 hours).
Artifact Max Age
Tells Nexus when that maximum age of an artifact is before it retrieves a new version from the remote repository. The default for this setting is -1 for a repository with a Release policy and 1440 for a repository with Snapshot policy.
Metadata Max Age
Nexus retrieves metadata from the remote repository. It will only retrieve updates to metadata after the Metadata Max Age has been exceeded. The default value for this setting is 1440 minutes (or 24 hours).
Item Max Age
Some items in a repository may be neither an artifact identified by the Maven GAV coordinates or metadata for such artifacts. This cache value applies determines the maximum age for these items before updates are retrieved.
HTTP Request Settings
This section lets you change the properties of the HTTP request to the remote repository. In this section you can configure the User Agent of the request, add parameters to a request, and set the timeout and retry behaviour. This section refers to the HTTP request made from Nexus to the remote Maven repository being proxied.

6.2.5. Viewing the Summary Panel for a Repository

The Summary panel can be loaded by selecting a hosted, proxy, or virtual repository and then clicking on the Summary tab. The Summary tab of a hosted repository, as shown in Figure 6.12, “Repository Summary Panel for a Hosted Repository”, displays the distributionManagement settings which can be used to configure Maven to publish artifacts to the hosted repository.

figs/web/repository-manager_summary-hosted.png

Figure 6.12. Repository Summary Panel for a Hosted Repository


The Summary panel for a proxy repository, as shown in Figure 6.13, “Repository Summary Panel for a Proxy Repository”, contains all of the repository identifiers and configuration as well as a list of groups, in which the repository is contained.

figs/web/repository-manager_summary-proxy.png

Figure 6.13. Repository Summary Panel for a Proxy Repository


The Summary panel for a virtual repository, as shown in Figure 6.14, “Repository Summary Panel for a Virtual Repository”, displays repository identifiers and configuration as well as in which groups the repository is contained.

figs/web/repository-manager_summary-virtual.png

Figure 6.14. Repository Summary Panel for a Virtual Repository


6.2.6. Accessing The Central Repository Securely

One part of component lifecycle managemet is securing your component supply chain. The most important and widely used source for components for Java development and beyond is the Central Repository available at http://search.maven.org. It is the preconfigured default repository in Apache Maven and easily configured in other build systems as well.

Nexus Professional supports access to the Central Repository using HTTPS. This secure access to the Central Repository is the default configuration for Nexus Professional 2.2 and newer. It prevents anybody from gaining insight into the components you are downloading as well as compromising these components via Cross Build Injection XBI attacks.

The Remote Storage Location configured for the "Central" proxy repository is https://secure.central.sonatype.com/maven2/ as displayed in Figure 6.15, “Default Configuration for the Central Repository Using HTTPS”.

figs/web/secure-central-configuration.png

Figure 6.15. Default Configuration for the Central Repository Using HTTPS


The secure connection relies on an authentication token as well as Nexus running on a JVM with high-strength RSA cipher keys. The status of the secured access to the Central Repository can be inspected by accessing the "Secure Central " capability displayed in Figure 6.16, “Secure Central Capability”.

figs/web/secure-central-capability.png

Figure 6.16. Secure Central Capability


You can use the secure connection to the Central Repository on a version of Nexus that was either upgraded from Nexus Open Source or from an older version, where the Central location was http://repo1.maven.org/maven2/. On Nexus 2.2 and newer you simply replace the Remote Storage Location for the Central proxy repository with https://secure.central.sonatype.com/maven2/. The authentication token will automatically be requested and configured.

The secure access can be used on older versions of Nexus as well, although the preferred approach is to update to Nexus 2.2 or higher. If you require secure access to the Central Repository on an older version of Nexus please contact Sonatype support to receive your authentication token and configuration instructions.

6.2.7. Auto Block/Unblock of Remote Repositories

What happens when Nexus is unable to reach a remote repository? If you’ve defined a proxy repository, and the remote repository is unavailable Nexus will now automatically block the remote repository. Once a repository has been auto-blocked, Nexus will then periodically retest the remote repository and unblock the repository once it becomes available. You can control this behaviour by changing the Auto-blocking Active setting under the Remote Repository Access section of the proxy repository configuration as shown in the following figure:

figs/web/configuring_auto-block.png

Figure 6.17. Configuring Remote Repository Auto Block/Unblock