we are using nexus3 to host build artifacts. We want to use nexus to provide these artifacts to our customers. We are now facing a problem: currently nexus accepts unauthenticated (anonymous) requests (the actual setup is a bit more complicated). We do not want to change this, since this is a huge relief for the developers. However this would be unacceptable when requested from outside our vpn.
Is it generally possible to accept anonymous request only from a specific network interface, ip address range or protocol (http vs https)?
If not what are best practices to secure access from the internet while giving anonymous access to a private network?