Central Sync with Nexus Smart Proxy

Overview

Generally, projects use the hosted repository OSSRH in order to publish artifacts to the Central Repository. However, for organizations hosting their own public repositories, a synchronization with OSSRH the preferred mechanism. Smart Proxy is a Nexus Professional feature that allows synchronization between multiple repositories. It can be set up by a Nexus administrator using the Nexus user interface.

With Smart Proxy:

  • Sonatype subscribes to events in the repositories you configure.

  • When Sonatype receives notification that new artifacts are available, those artifacts are retrieved from your repository and published to the Central Repository.

  • Sonatype uses the IP address 207.223.241.94 for these actions.

Prerequisites

  • Nexus Professional installed and hosting at least one repository containing the artifacts you wish to sync to the Central Repository.

  • Staging rulesets within your Nexus Staging workflow ensuring that the artifacts you wish to sync conform to the Central Requirements

  • Identify & configure the IP & port at which Smart Proxy will be available.

Checklist

  1. Choose repositories in your Nexus that you wish to sync via Smart Proxy.

  2. Configure Smart Proxy within your Nexus Professional Installation.

  3. Provide Sonatype with the following info:

    • Your Nexus public key.
    • The Smart Proxy Advertised URI.
    • The URL(s) the publicly available Nexus repositories you wish to sync.

Enable Smart Proxy

Detailed information and background about Smart Proxy is documented in the Smart Proxy chapter of the book Repository Management with Nexus.

To enable the Smart Proxy feature on your Nexus instance, you need to navigate to the global Smart Proxy configuration screen. It is available in the left hand navigation in the Enterprise section. Selecting Smart Proxy will show you the configuration screen displayed below.

OSSRH with Build Promotion Menu

  • Set a non-zero port for the service to listen on; a value of 0 causes Nexus to set the port to an arbitrary number on restart. Users behind a firewall should set a specific value here, and ensure that their network allows access to this port.

  • The Advertised URI defines a specific, externally-accessible address to be broadcasted to the subscribing Smart Proxy clients.

Security

The servers publishing as well as subscribing to events use x509 certificates for authentication. These certificates have to be registered with the other servers in the Trusted Certificates section of the Smart Proxy configuration screen.

Sonatype uses two servers to connect to your Smart Proxy. To configure Sonatype's primary server, central-sync01, as a trusted Smart Proxy, click the Add button in the Trusted Certificates section, and paste the public key:

-----BEGIN CERTIFICATE-----
MIIDijCCAnKgAwIBAgIGATrcnHuJMA0GCSqGSIb3DQEBBQUAMIGEMS0wKwYDVQQD
DCRhZTA0MDQ2ZC01MTQ1LTRkZmItYWJjMi1kNjAxZDlhOTBjYmIxDjAMBgNVBAsM
BU5leHVzMREwDwYDVQQKDAhTb25hdHlwZTEWMBQGA1UEBwwNU2lsdmVyIFNwcmlu
ZzELMAkGA1UECAwCTUQxCzAJBgNVBAYTAlVTMCAXDTEyMTEwNzIwNDI1M1oYDzIx
MTIxMDE0MjA0MjUzWjCBhDEtMCsGA1UEAwwkYWUwNDA0NmQtNTE0NS00ZGZiLWFi
YzItZDYwMWQ5YTkwY2JiMQ4wDAYDVQQLDAVOZXh1czERMA8GA1UECgwIU29uYXR5
cGUxFjAUBgNVBAcMDVNpbHZlciBTcHJpbmcxCzAJBgNVBAgMAk1EMQswCQYDVQQG
EwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKr2VhSj/nWDS1FD
JGY9wocx/+sq2CitooAye2DWOI8K5S0rMoS2fU2hZlJrANX5Ah2/09i2IQ8/yvDs
yLcPeX6ha6ru9PxEp7jFG6n/QJ/VeJQL6vReb8HS6A5/NG8+TZtPe9iEVeGkC7Ss
njdUcwv9hJpjCTtml5TBd+TZxgqY+Aw8futJ9IwC3O1TTKtla1M2EZ7gjDdmQEMF
KS1CfyYTd7JyRoC3wwh7UI60eysoQBB0ZqdVNk3dPY6x0kflgDuZkPjor+faaNfY
hP3jLiAsC4vFndXbZZbZHn9OMZUH5F43vG0tYguDcOLejOp3JKgE0Ge3smTzjVkU
+zImauUCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAlp87NNOTDtEp3xP475mQEoHa
CLe3+z0yarG7GE+haTTXFJSNBeHnaVn7a7SEDxozZl3wOc9VAtYJLAivw0p9/4kn
MjeXxeLRrhisMbU3Gccs+PastTWsuRrwePABPWC9bjIrdmJbgljFxC+ZcBJRZxA7
YX9Kfk7NYI4t2t2Z6Www6XLOGTruRA7V56AEWNBDw/8894lZmRFf9f+X2rInU8Tp
atf79TmaivI6dz+MwZ1sWmov18LslQCmTIXll2n3tFKjYhrbQJ5bWLCAXN9C+E9m
TO82IBo78WVe6t5FoGPJGP+0O1TzjDga2JE5p87X6RuEco5JggrfrvIyztG+1g==
-----END CERTIFICATE-----

Repeat this process to add Sonatype’s secondary server, central-sync02 , using the following public key:

-----BEGIN CERTIFICATE-----
MIIDijCCAnKgAwIBAgIGAUOw3NrNMA0GCSqGSIb3DQEBBQUAMIGEMS0wKwYDVQQD
DCRiNDE1NTY0My01OTE0LTQ2M2MtYjI2ZS00OGVhZTk5MGE3ZmIxDjAMBgNVBAsM
BU5leHVzMREwDwYDVQQKDAhTb25hdHlwZTEWMBQGA1UEBwwNU2lsdmVyIFNwcmlu
ZzELMAkGA1UECAwCTUQxCzAJBgNVBAYTAlVTMCAXDTE0MDEyMDE4MTUwMFoYDzIx
MTMxMjI3MTgxNTAwWjCBhDEtMCsGA1UEAwwkYjQxNTU2NDMtNTkxNC00NjNjLWIy
NmUtNDhlYWU5OTBhN2ZiMQ4wDAYDVQQLDAVOZXh1czERMA8GA1UECgwIU29uYXR5
cGUxFjAUBgNVBAcMDVNpbHZlciBTcHJpbmcxCzAJBgNVBAgMAk1EMQswCQYDVQQG
EwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJJhP9zY9YJSQghU
3f8O6hJ2QF+KhCOfZkR2ElaraxKVcdDBXGJaJOf/Y36Vr/8IjK6QOl56nN90VvHW
Ii35Ri4RxMehmARbYsHNzhIhNZ98hozhVng/99oCNcwRaRfeeHwi6FnQMfon9syz
y2R8U7GqsPoxM0odfo/faQvEX4fSgVt56lAmZ+qTRtnUASfTdkDtPuOwbYKETCBk
xaLxHEAQhvcI6knHudfYRJY8YReyhlfd1oMq17q/u9KVbs1DqdX/At/4bq2jRco4
oA+JvW9d3CxygFZdxqhIIRQKo6jDGrLj/oTSoqWKJZEvmnwAhDUhzVmvr2Im6iA/
dqpN7p8CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAZo5JmYa4EDYkmksZ4jKdLPFM
eTiNlMHz6BAmUgQ5Kb1aBiuv6b0GY7rkFWruJZ/N73pUfCexo+zboYumn7pS4kG1
6qDFE/6Gkf4tIixJTvfAZV1oQoiMhV8ST0vF9YrhZF/Jk2EG6EfjwrxoNBSF9xCD
TdbSyuatwCp6PePsNVlVH/+1gZ92cBYwam0KrW8PXbqxbCQMT3lfkzVfjGsyD2mn
ULBwqGBZwSYZA94jxoReD4I94c7Cz15aj4iJL4tN3frsIW/3V7mqGJmI3OnEoo+Y
ODspSth9jTcrEDP6vrN6894P8wZggPDa8MBbSd3KPZ7PPbfYU8u8QPToZplv3Q==
-----END CERTIFICATE-----

Configure the Repository

On the publishing Nexus server you have to enable Smart Proxy on the desired hosted, virtual or proxy repositories in the repository configuration. This is accomplished by selecting the Publish Updates check-box in the Publish section of the Smart Proxy configuration for a specific repository as displayed below and pressing save.

OSSRH with Build Promotion Menu

Verification and Sync Schedule

Once you have provided the required information to us , we will subscribe to the events produced by the repositories you have set up to sync. We will notify you when we are able to successfully connect to your Nexus and when we can retrieve the artifacts that you have released from your hosted repositories.

With a working trust established between the publishing and subscribing Nexus servers, the Smart Proxy configuration of the proxy repository on the subscribing Nexus will display connection status as depicted below:

OSSRH with Build Promotion Menu

Offline Nexus Configuration

By default, Nexus will locally cache 60 minutes worth of events, just in case connectivity issues prevent any particular subscriber from pulling those events more frequently. We strongly recommend that you change this default caching value to 4 hours. You can do so by adding:

smartproxy.eventPublisher.defaultTtl=4h

to your nexus.properties file. Changing this value will require you to restart Nexus.