- Sonatype Help
- Sonatype Nexus Repository
- Nexus Repository Administration
- Repository Management
- Configurable Repository Fields
Configurable Repository Fields
The sections below provide details on different configurations you can make when you create a new repository or open an existing repository's management view (i.e. when you select it from the list of created repositories). Available configurations vary depending on repository type and format.
The Name is the identifier that will be used in the URL for access to the repository. For example, the proxy repository for the Central Repository is named "maven-central." The Name must be unique in a given Nexus Repository instance and is required.
A repository's format is the format in which Nexus Repository exposes the repository to external tools. Examples include docker, npm, go, pypi, etc. You can learn more about supported formats in our Formats help topic.
The repository type field indicates whether this is a hosted, proxy, or group repository. You can learn more about repository types in our Repository Types help topic.
The URL field displays the user-facing URL for this repository. Maven and other tools can access the repository directly at that URL (e.g., http://localhost:8081/repository/maven-central
).
The Online checkbox allows you define whether or not a given repository is available to client-side tools. Check the checkbox to make the repository available; de-select the checkbox to make it unavailable.
The Blob store field indicates which blob store among your available blob stores this repository will use to store its binary parts. You can learn more about blob stores in our Storage Guide help topic.
When the Strict Content Type Validation checkbox is checked, validation will check that the MIME type of all files published into the repository conform to the allowed types for that specific repository format.
The Cleanup Policies section provides a list of cleanup policies that can be used against hosted and proxy repositories. When the Admin - Cleanup repositories using their associated policies task is executed, Nexus Repository will respect the cleanup policies you have put in the Applied column for this repository and delete components as defined by said cleanup policies.
Ultimately, cleanup policies provide a way of controlling your disk space and making sure unused items are removed from Nexus Repository. By default, the Applied section is empty; use the arrow buttons to move any cleanup policies you wish to associate with this repository to the Applied section. You can learn more about cleanup policies in our Cleanup Policies help topic.
The Deployment Policy field is only available for hosted repositories. It controls how the repository allows or disallows component deployment. Possible configurations include the following:
Disable redeploy (default value) - A client can only deploy a particular component once; any attempt to deploy a component again will result in an error.
Allow redeploy - Clients can deploy components to this repository and overwrite the same component in subsequent deployments.
Read-only - No deployment allowed.
Deploy by replication only - This is a deprecated setting that should not be used.
The Remote Storage field is only available for proxy repositories. This field contains the URL for the remote repository that this repository will proxy.
As a best practice, avoid proxying remote repository groups as this can impact performance optimization. Instead, create multiple proxy repositories that each proxy the different hosted repositories that make up the group instead of proxying the group itself.
The Use the Nexus Repository truststore checkbox is only available for proxy repositories that use an HTTPS URL. When enabled, Nexus Repository will manage the remote repository's SSL certificate.
You can also select the View certificate button to view SSL certificate details and, optionally, add or remove the certificate from the truststore that Nexus Repository maintains. Further details are documented in Outbound SSL - Trusting SSL Certificates of Remote Repositories.
The Blocked checkbox configuration is only available for proxy repositories. Check this box to prevent Nexus Repository from sending outbound requests to the remote repository.
The Auto blocking enabled field is only available for proxy repositories. When enabled, Nexus Repository automatically blocks the proxy repository if the remote repository becomes unavailable. While a proxy repository is blocked, components will still be served to clients from a local cache, but Nexus Repository will not attempt to locate a component in a remote repository. Nexus Repository periodically retests the remote repository and unblocks the proxy once the remote becomes available.
Maximum component age is only available for proxy repositories. When the proxy receives a request for a component, it does not request a new version from the remote repository until the existing component is older than the number of minutes configured in this field.
Maximum metadata age is only available for proxy repositories. Nexus Repository will only retrieve metadata updates from the remote repository after the number of minutes configured in this field. For component metadata, Nexus Repository honors whichever value between Maximum component age and Maximum metadata age is greater before rechecking.
The Not found cache enabled checkbox and corresponding Not found cache TTL field are only available for proxy repositories. When the cache is enabled, Nexus Repository will cache responses for content that is not present in the proxied repository. If Nexus Repository does not locate a component, it will cache this result for however many minutes you configure in Not found cache TTL field. During this time, Nexus Repository will not perform repeated attempts to find this component. The Not found cache enabled setting is enabled by default, and the Not found cache TTL is set to 1,440 minutes (i.e., 24 hours) by default.
The HTTP configuration section is only available for proxy repositories. In this section, you can configure access to the remote repository either via providing authentication details or connecting to a proxy server. This configuration is only necessary if it is specific to this repository. Global HTTP proxy and authentication are documented in HTTP and HTTPS Request and Proxy Settings.
In the HTTP Authentication section, select Username or Windows NTLM as the Authentication type. Then, provide the required Username and Password for plain authentication or Username, Password, Windows NTLM hostname ,and Windows NTLM domain for Windows NTLM-based authentication.
The HTTP request settings section is only available for proxy repositories. Changes made to HTTP request settings are applied to all HTTP requests that Nexus Repository makes to the remote repository being proxied. Enabling these settings at the repository level will override any general settings defined in HTTP and HTTPS Request and Proxy Settings.
You can make the following configurations to HTTP request settings:
User-agent customization - Enter a string to append to user-agent HTTP headers.
Connection retries - Enter the total number of connection attempts after an initial timeout.
Connection timeout - Set the timeout interval (in seconds) for requests.
Enable circular redirects - Allow proxy repositories to follow redirects indicated by the remote server even if they point to an already processed URL.
Enable cookies - Authorize using HTTP cookies sent by the remote server when processing future requests.
https://maven.oracle.com
is a server that requires both Enable circular redirects and Enable cookies. When requesting data, you are redirected to a queue of different URLs; most of these are involved with authentication.
By enabling these options, you allow Nexus Repository to maintain the authentication state in a cookie that would be sent with each request, eliminating the need for authentication-related redirects and avoiding timeouts.
The Proprietary Components field is only available for hosted repositories and requires integration with Sonatype Repository Firewall. Checking this box tells Nexus Repository and Repository Firewall that components in this repository should be considered as proprietary for namespace conflict attacks. If you are unsure if your repository contains public open-source components, do not enable this feature. For full details, see the Namespace Confusion Protection help topic.
The Group section and Member Repositories configuration are only available for group repositories. The Member Repositories selector allows you to add and remove repositories to and from the repository group. The Members column lists all of the group member repositories. The Available column lists all repositories and repository groups that you could potentially add to the group.
Add or Remove a Repository to or from a Group
To add or remove a repository to the group, either drag the repository from whichever column it is into the new column in which you want it to appear, or select the repository and use the arrows that appear between the two columns to move the repository.
Repository Order in the Group Member List
The order of the repositories listed in the Member section is important. When Nexus Repository searches for a component in a repository group, it will return the first match. To reorder a repository in this list, click and drag the repositories and groups in the Members list or use the arrow buttons between the Available and Members list.
The order of repositories or other groups in a group can be used to influence the effective metadata that will be retrieved from a repository group. It is recommended best practice to put hosted repositories higher in the list than proxy repositories. For proxy repositories, Nexus Repository may need to check the remote repository, which will incur more overhead than a hosted repository lookup.
It is also recommended to place repositories with a higher probability of matching the majority of components higher in this list for best performance. These best practices are implemented in the default configuration.
Format-Specific Configurations
Some repository formats include additional configuration options:
Apt-specific repository configurations include the following:
Distribution - This field defines the distribution (e.g., focal, bionic) of the packages in the repository. For a hosted repository, you should use the distribution from the repository properties. For a proxy repository, the distribution should be the same as in the original remote repository settings.
Flat - This checkbox is only available for proxy repositories. If the remote repository has a flat format (i.e., doesn't use a 'dists' hierarchy), check the Flat checkbox.
Signing Key and Passphrase - The Signing Key and Passphrase configurations are only available for hosted apt repositories. In these fields, enter the private GPG key and passphrase for that key in the respective boxes. For full details, see our Apt repositories help topic.
The Enable rewrite of Package URLs option is only available for proxy Bower repositories and is enabled by default. Enabling this setting means that Bower will retrieve components and their dependencies through Nexus Repository even if the original metadata has hard-coded URLs to remote repositories. Disabling this setting means that Bower proxies the information directly from the remote registry without redirecting to Nexus Repository to retrieve components. Note that Bower is not compatible with H2 or PostgreSQL databases and will only appear in OrientDB deployments.
Docker-specific repository configurations include the following:
Repository Connectors - This section is available for both proxy and hosted Docker repositories. It allows you to provide an HTTP or HTTPS connector at a specified port so that the Docker client can interact with the repository. Full details are available in the SSL and Repository Connector Configuration help topic.
Docker Registry API Support - This checkbox is available for all Docker repository types. Docker client tools interact with a repository via the registry API. By default, Nexus Repository enables V2 of the registry API; however, tools will occasionally fall back to V1. Checking this checkbox allows Docker client tools to use V1 of the registry API when needed. See Support for Docker Registry API help topic for full details.
Docker Index - This field is only available for proxy Docker repositories. A Docker proxy repository includes a configuration URL to access the Docker Index. The index is used for requests related to searches, users, Docker tokens, etc. The same provider typically co-hosts the registry and the index; however, they can use different URLs. For full details, see the Proxy Repository for Docker help topic.
By default, this field is set to Use proxy registry (specified above), which means that Nexus Repository will attempt to retrieve index data from the remote repository specified in the Remote storage field.
If set to Use Docker Hub, Nexus Repository will send index-related requests to the Docker Hub index at
https://index.docker.io/
.Selecting Custom Index allows you to specify a remote repository URL where Nexus Repository should send index-related requests.
Writable Repository - This option is only available for group Docker and npm repositories. In this field, you can enter a specific repository to which you want to route POST and PUT requests. When you push components to the group repository's URL, they will be stored in the designated writable repository.
Maven-specific repository configurations include the following:
Version Policy - This defines the type of artifacts stored in the repository. Possible options are Release, Snapshot, and Mixed. Full details are available in the Maven Repository Format help topic.
Layout Policy - This policy defines whether or not to allow assets into the repository that violate the Maven default format. Options include Permissive (to allow such assets into the repository) or Strict (to require assets to follow Apache Maven conventions). As a best practice, select Strict if you are using Apache Maven, Eclipse Aether, and other strictly compatible tools. Full details are available in the Maven Repository Format help topic.
Content-Disposition - This setting determines whether to display repository content within the browser or as an attachment that a user downloads. The default setting is Inline, which means that repository content will display within the browser. You can change this to Attachment to have content provided as an attachment to download.
The Writable Repository option is only available for group Docker and npm repositories. In this field, you can enter a specific repository to which you want to route POST and PUT requests. When you push components to the group repository's URL, they will be stored in the designated writable repository.
Special Note on npm Proxy Repositories
Once you create an npm proxy repository, do not change the remote server URL. Doing so may result in 404s as Nexus Repository attempts to retrieve cached data. Instead, create a new proxy repository.
NuGet-specific repository configurations include the following:
Note
Notable Compatibility Change for H2 or PostgreSQL Database Deployments
In Sonatype Nexus Repository release 3.43.0, we added compatibility with official NuGet v2 clients. The supported subset of the legacy NuGet v2 protocol is the same as that supported by Microsoft's NuGet Gallery, nuget.org. Use cases that rely on the deprecated parts of the v2 API are not supported, including many common Chocolatey use cases and some custom OData queries.
Protocol version - The Protocol version field is only available for proxy NuGet repositories. Select whether to use NuGet protocol version 2 or version 3. Full details are available in our NuGet Proxy Repositories and Migrating from NuGet v2 to v3 help topics.
Metadata query cache age - The Metadata query cache age configuration is only available for proxy NuGet repositories. This parameter defines how long (in seconds) query results are cached in the proxied repository. To avoid sending identical queries to the remote repository, Nexus Repository caches the queries and will rely on previously stored metadata if the same query is received again before the cache expires.
NEW IN 3.75.0
Cargo proxy and group repositories include an Authentication Requirements configuration to restrict repository content to authenticated users.
Cargo clients rely on a specific signal in the config.json file to determine authentication requirements, which could lead to unexpected behavior when anonymous access is enabled in Nexus Repository but restricted by the individual Cargo repository.
When creating proxy or group Cargo repositories, use the Restrict repository content to authenticated users checkbox to set auth-required
in /config.json
responses and ignore anonymous access configuration.
Yum-specific repository configurations include the following:
Repodata Depth - The Repodata Depth field is only available for hosted repositories. This configuration determines the level at which to create the repodata metadata folder and the expected minimum folder depth at which the RPMs can exist to match. Nexus Repository will reject RPMs with less depth. See the Yum Repositories help topic for full details.
Layout Policy - The Layout Policy field is only available for hosted Yum repositories and defaults to a Strict setting. The layout policy defines whether or not to allow users to upload assets that are not Yum-specific. Options include Permissive (to allow any file type into the repository) or Strict (to limit uploads to Yum-specific files like RPMs, and comps.xml).
See the Yum Repositories help topic for full details.
Signing Key and Passphrase - The Signing Key and Passphrase configurations are only available for proxy and group Yum repositories. In these fields, enter the private GPG key and passphrase for that key in the respective boxes. For full details, see our GPG Signatures for the Yum Proxy/Group help topic.