Hi there, we are working with Maven using Nexus 3 (although we could also install Nexus 2 if needed), and were wondering if it is possible to create what one might term a “Meta Repository” or “Federated Repository”.
We would like to have a Nexus instance which shows and allows the search of a curated set of groupId/artifactIds from a list of proxied repositories.
For example, we would like a repo which proxies all artifacts with groupId
org.community.abc from https://repo.somecompany.com, and also
com.othercompany from https://repo.othercompany.com.
Does that make sense? We want to configure a list of repositories and restrict the groupId/artifactIds to proxy from each.
Nexus Repository Manager 3.17 (coming soon) will have a new Routing Rules feature which can be used to block or allow specific requests for content. You can assign one rule to each proxy repository to accomplish what you are asking for. You’ll find more information in the docs and release notes once the release goes live.
Another possibility is our paid Nexus Firewall solution which can also be used to block components that match specific criteria (like license or security risks) without having to whitelist group ids. Open Source Security - Nexus Firewall | Sonatype
So my scenario is that we have a custom Maven plugin which allows for an extension packaging type of
xar. These Xar files are plugins written in Java and are just Jar files with some additional metadata. These Xar files and can be published to any Maven Repo such as Maven Central.
However, the community for these plugins is rather small, and as such trying to highlight all the available Xar files on Maven Central might be hard. Also organisations might publish their Xar files to their own public Maven repos.
The idea was to have a meta repo for the community which we could configure to just show the Xars from all repos that we know of which host Xars.
As such I don’t think Nexus Firewall would be the right solution, as really we want to whitelist rather than blacklist.
It sounds to me like you’ll want to use the new Routing Rules feature then. You could probably even write a single rule assigned to all your proxy repos that just allows only xar files to be downloaded. The routing rules match paths based on regular expressions so something like
^.*\.xar$ might work.
Awesome, thanks @mmartz
I look forward to trying out 3.17
Have you had a chance to try the routing rule feature in nexus 3.17? Any feedback?