Central Sync with Nexus Smart Proxy

Overview

Generally, projects use the hosted repository OSSRH in order to publish artifacts to the Central Repository. However, for organizations hosting their own public repositories, a synchronization with OSSRH the preferred mechanism. Smart Proxy is a Nexus Repository Manager feature that allows synchronization between multiple repositories. It can be set up by a Nexus Repository Manager administrator using the user interface.

With Smart Proxy:

  • Sonatype subscribes to events in the repositories you configure.

  • When Sonatype receives notification that new artifacts are available, those artifacts are retrieved from your repository and published to the Central Repository.

  • Sonatype uses the IP addresses 18.205.57.22 (central-sync01) and 18.205.141.218 (central-sync02) for these actions.

Prerequisites

  • Nexus Repository Manager installed and hosting at least one repository containing the artifacts you wish to sync to the Central Repository.

  • Staging rulesets within your Nexus Staging workflow ensuring that the artifacts you wish to sync conform to the Central Requirements

  • Identify & configure the IP & port at which Smart Proxy will be available.

Checklist

  1. Choose repositories in your Nexus Repository Manager that you wish to sync via Smart Proxy.

  2. Configure Smart Proxy within your Nexus Repository Manager Installation.

  3. Provide Sonatype with the following info:

    • Your Nexus Repository Manager public key.
    • The Smart Proxy Advertised URI.
    • The URL(s) the publicly available Nexus Repository Manager repositories you wish to sync.

Enable Smart Proxy

Detailed information and background about Smart Proxy is documented in the Smart Proxy chapter of the book Repository Management with Nexus.

To enable the Smart Proxy feature on your Nexus Repository Manager instance, you need to navigate to the global Smart Proxy configuration screen. It is available in the left hand navigation in the Enterprise section. Selecting Smart Proxy will show you the configuration screen displayed below.

OSSRH with Build Promotion Menu

  • Set a non-zero port for the service to listen on; a value of 0 causes Nexus Repository Manager to set the port to an arbitrary number on restart. Users behind a firewall should set a specific value here, and ensure that their network allows access to this port.

  • The Advertised URI defines a specific, externally-accessible address to be broadcasted to the subscribing Smart Proxy clients.

Security

The servers publishing as well as subscribing to events use x509 certificates for authentication. These certificates have to be registered with the other servers in the Trusted Certificates section of the Smart Proxy configuration screen.

Sonatype uses two servers to connect to your Smart Proxy. To configure Sonatype's primary server, central-sync01, as a trusted Smart Proxy, click the Add button in the Trusted Certificates section, and paste the public key:

-----BEGIN CERTIFICATE-----
MIIDijCCAnKgAwIBAgIGAWL9dDcgMA0GCSqGSIb3DQEBBQUAMIGEMS0wKwYDVQQD
DCRjZGEwYTViMi0zZGExLTQyZWEtYjk4MC1kZTE5MjgwYzVjY2ExDjAMBgNVBAsM
BU5leHVzMREwDwYDVQQKDAhTb25hdHlwZTEWMBQGA1UEBwwNU2lsdmVyIFNwcmlu
ZzELMAkGA1UECAwCTUQxCzAJBgNVBAYTAlVTMCAXDTE4MDQyNTE1Mzc1NFoYDzIx
MTgwNDAxMTUzNzU0WjCBhDEtMCsGA1UEAwwkY2RhMGE1YjItM2RhMS00MmVhLWI5
ODAtZGUxOTI4MGM1Y2NhMQ4wDAYDVQQLDAVOZXh1czERMA8GA1UECgwIU29uYXR5
cGUxFjAUBgNVBAcMDVNpbHZlciBTcHJpbmcxCzAJBgNVBAgMAk1EMQswCQYDVQQG
EwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIQAH/WZ02nLzrw1
Fyy2daXb9DH667iCBcgsyWNJvG7l5ClyVFPfkwtJt7MHKkdaUChKSD+pL4bAN/Hp
HEgRRVx4ujNXbcI++9ebR5L5ZphiaynZHjoAWYJkIGq6Ft+UFSpOm7zLwVOlyluq
E4DA8ZfDQk/UIYxt1qG35FoSYBaot5oNUC+giiAvMc/DMppOzNfEaMwR06fdxUi4
rhQIOwvv+Ys7vH8GB8bslKXYoJqYR3SCy/p2qjJolrZwy+LoUb/YP2CIpFDqdk0M
aBeXOztHjlIu5i/z9j9mSsETzAP6r6B8ZFGGfPnoX1VXfYiEvyxDohBFi7T8dQwD
kfQXQq8CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAL4hK89V2efpLptimt4oHemLo
vKGHWV5+7Dm1WwT6+hDBh0gOy2S3Xtw7UlKVtXijW4uzJ8rBlhjUHMav3VNijkMf
qqV0Bh0inDLusJRtcFnfaCbHZ/1zoOmcnNYgEEHeHwAhTsV+yqWmez9uroaz2rjj
EpgHkgXiyTIoR0S0VW1e9/BFemud9g4ykaRWZasXvrvg5PhZrIoVbCXQfWy50kem
6l9HDnFleBq/EbDxZhrJfsTtCxZlJ6Ty0RIZnfXkZkoxiN+nYFHXFJzGxBvGtTCw
+QlHKJ/yXLcQS4EFodq6V9MqcwhYgVLASuubIuO7JMV234eh+2l42+GGYoHKRw==
-----END CERTIFICATE-----

Repeat this process to add Sonatype’s secondary server, central-sync02 , using the following public key:

-----BEGIN CERTIFICATE-----
MIIDijCCAnKgAwIBAgIGAWL9dNGsMA0GCSqGSIb3DQEBBQUAMIGEMS0wKwYDVQQD
DCRjZWFmNmFiYy1lODcxLTQ3NjktOWMyMi04NGE1ZWFlNTk2MWIxDjAMBgNVBAsM
BU5leHVzMREwDwYDVQQKDAhTb25hdHlwZTEWMBQGA1UEBwwNU2lsdmVyIFNwcmlu
ZzELMAkGA1UECAwCTUQxCzAJBgNVBAYTAlVTMCAXDTE4MDQyNTE1MzgzNFoYDzIx
MTgwNDAxMTUzODM0WjCBhDEtMCsGA1UEAwwkY2VhZjZhYmMtZTg3MS00NzY5LTlj
MjItODRhNWVhZTU5NjFiMQ4wDAYDVQQLDAVOZXh1czERMA8GA1UECgwIU29uYXR5
cGUxFjAUBgNVBAcMDVNpbHZlciBTcHJpbmcxCzAJBgNVBAgMAk1EMQswCQYDVQQG
EwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIX+DuruRkh9TIJ9
VDuqc94dKtQZNmaDhFgt+x+hrQS53t05l8HOFQeBB20hsSJWknqS0WHB4rHtCpp0
DIECRGNAtq75xMBJmiV/T1GSJl7x+v4pJrH2Q+0S3ifuMzXzwBLiVvLHEcoDLoja
GRv6wjVPdbVTIwRlgYjiQQG9YaDYVX3kTn6oR3Pdxcgjs5XFY2NToTG0WpbdQHT0
8r31v0wzEjWwHqNSOGsSl42Lk/lmeXvAg9rt14C3+28bvRdsDOoC43Z67M0JaWk9
RVPokr4cU3CJ+C1ESDZ7roD6CNIkbvU2bPB9zQuEEEm3FtOCW0rFxl1g/r4itH5i
m33rQgMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAFhW4sYSyvZV0Uzn7cJQwFVNK
INK8UbujPZCP1HXg4ltMzGKLsw6O5enDRuGmSM6ZbPbV4FH2hPVyOHtvuYbVPbpz
Fil/ElwOwbqAoDUs67FpfdBRPElO6pyVlRMHvlLweSXN8nwmjCMH6ZnYQaLj8OZW
xejcZkPpR0aF+vA1oCop5gQmRKKTOMxXPtVGSoIgiHYxnQLjA3VGOubLKUqMhcgc
u1ARKRM16E02wMayrajxkSwjq1gZwSoPywDQdIkjga0/cermReDX2esOM4XX7YE3
WgxOQAFRZdmawQWMHb4SjKHjqnEcx0PVubjUjbQyqAbNqOccENXjFELK89bB8w==
-----END CERTIFICATE-----

Configure the Repository

On the publishing Nexus Repository Manager you have to enable Smart Proxy on the desired hosted, virtual or proxy repositories in the repository configuration. This is accomplished by selecting the Publish Updates check-box in the Publish section of the Smart Proxy configuration for a specific repository as displayed below and pressing save.

OSSRH with Build Promotion Menu

Verification and Sync Schedule

Once you have provided the required information to us , we will subscribe to the events produced by the repositories you have set up to sync. We will notify you when we are able to successfully connect to your Nexus Repository Manager and when we can retrieve the artifacts that you have released from your hosted repositories.

With a working trust established between the publishing and subscribing Nexus Repository Manager servers, the Smart Proxy configuration of the proxy repository on the subscribing Nexus Repository Manager will display connection status as depicted below:

OSSRH with Build Promotion Menu

Offline Nexus Repository Manager Configuration

By default, Nexus Repository Manager will locally cache 60 minutes worth of events, just in case connectivity issues prevent any particular subscriber from pulling those events more frequently. We strongly recommend that you change this default caching value to 4 hours. You can do so by adding:

smartproxy.eventPublisher.defaultTtl=4h

to your nexus.properties file. Changing this value will require you to restart Nexus Repository Manager.