Consumers

A consumer is something that would like to access the content of the Central repository.

Central HTTP and HTTPS access is maintained by Sonatype on a Content Delivery Network (CDN).

The canonical URLs for accessing Central are

  • HTTP: http://repo1.maven.org/maven2

  • HTTPS: https://repo1.maven.org/maven2


Here is some general guidance in configuring tools to use Central.

Sonatype Nexus Repository Manager

Versions 2.9 and greater use the HTTPS URL by default.

We recommend all versions earlier than 2.9 to change the URL of the "Central" proxy repository to https://repo1.maven.org/maven2.

Apache Archiva

Apache Archiva 2.2 default configuration and greater uses a HTTPS URL by default.

We recommend all previous versions to switch to the HTTPS URL.

JFrog Artifactory

Artifactory default configuration indirectly proxies the Central Repository via JCenter.

We suggest to add a direct proxy to Central Repository using the HTTPS URL. We have reports of improved performance when proxying Central directly.

Apache Maven

Apache Maven retrieves all components from the Central Repository by default. Starting with Maven 3.2.3 the default access is via HTTPS and no further configuration is required.

Up to Maven version 3.2.2, no further configuration is required for access via HTTP, though this is no longer recommended given the availability of the HTTPS transport.

Access via HTTPS can be configured by reconfiguring the built in configuration for the "central" in your settings.xml placed in ~/.m2:

<settings>
  <activeProfiles>
    <!--make the profile active all the time -->
    <activeProfile>securecentral</activeProfile>
  </activeProfiles>
  <profiles>
    <profile>
      <id>securecentral</id>
      <!--Override the repository (and pluginRepository) "central" from the
         Maven Super POM -->
      <repositories>
        <repository>
          <id>central</id>
          <url>https://repo1.maven.org/maven2</url>
          <releases>
            <enabled>true</enabled>
          </releases>
        </repository>
      </repositories>
      <pluginRepositories>
        <pluginRepository>
          <id>central</id>
          <url>https://repo1.maven.org/maven2</url>
          <releases>
            <enabled>true</enabled>
          </releases>
        </pluginRepository>
      </pluginRepositories>
    </profile>
  </profiles>
</settings>

Apache Ivy (and Apache Ant)

Apache Ivy has a built-in resolver for the Central Repository that can be configured in ivysettings.xml and accesses the repository via HTTP.

<ivysettings>
  <settings defaultResolver="chain"/>
  <resolvers>
    <chain name="chain">
      <ibiblio name="central" m2compatible="true"/>
    </chain>
  </resolvers>
</ivysettings>

To access the Central Repository with Ivy via HTTPS you can add the URL to the resolver definition in the root attribute.

<ivysettings>
  <settings defaultResolver="chain" />
  <resolvers>
    <chain name="chain">
      <ibiblio name="securedcentral" m2compatible="true" root="https://repo1.maven.org/maven2" />
    </chain>
  </resolvers>
</ivysettings>

Eclipse Aether (and Apache Ant)

Eclipse Aether and the Aether Ant tasks retrieve all components from the Central Repository by default. No further configuration is required for access via HTTP.

Access via HTTPS can be configured by taking advantage of the fact that Aether uses the Apache Maven settings.xml and configuring it. Alternatively you can configure a remote repository.

<remoterepo id="securecentral" url="https://repo1.maven.org/maven2">
    <releases enabled="true" updates="daily" checksums="fail"/>
    <snapshots enabled="false"/>
</remoterepo>

and use it in the resolve task.

Gradle

Gradle has a built-in configuration to access the Central Repository via HTTP as documented in the dependency tutorial.

repositories {
  mavenCentral()
}

To access the Central Repository with Gradle via HTTPS you can define a Maven repository specifying the URL.

repositories {
  maven {
    url "https://repo1.maven.org/maven2"
  }
}

Leiningen

The default Leiningen configuration for versions 2.4.3+ includes resolving components from the Central Repository via HTTPS.

To access the Central Repository with older Leiningen versions via HTTPS you can override the built-in central URL in your project.clj file.

:mirrors 
  {"central" {:name "securedcentral" :url "https://repo1.maven.org/maven2"}
  }

SBT

The default SBT configuration includes resolving components from the Central Repository via HTTP as documented in the library management documentation.

To access the Central Repository with sbt via HTTPS you can add a new resolver for the secured Central Repository, while disabling the default, in your build.sbt file

resolvers += "Secured Central Repository" at "https://repo1.maven.org/maven2"

externalResolvers := Resolver.withDefaultResolvers(resolvers.value, mavenCentral = false)

Alternatively you can add it as a global repository in ~/.sbt/repositories

[repositories]
local
secured-central: https://repo1.maven.org/maven2

and set sbt.override.build.repos=true when running sbt.