Skip to main content

Enabling Smart Proxy Publishing in Nexus Repository 2

Nexus Repository 2

In order to enable the smart proxy feature on your Nexus Repository Manager Pro instance, you need to navigate to the Smart Proxy configuration screen. It is available in the left-hand navigation in the Enterprise section. Selecting Smart Proxy will show you the configuration screen displayed in Figure 7.1, “Global Configuration for Smart Proxy”.


Figure 7.1. Global Configuration for Smart Proxy

The Network Settings section allows you to enable the smart proxy server with a checkbox. This will need to be enabled on all servers that publish events in the smart proxy network, while servers that act only as subscribers can leave this option unchecked.

In addition, you can configure the address and port where the publishing server will be available. The default address of will cause the proxy to listen on all addresses. The default port number of 0 will trigger usage of a random available port number for connection listening. If a random port is used, it will be chosen when the server (re)starts.

With the Advertised URI field it is possible to configure a specific address to be broadcasted by the proxy to the subscribing smart proxy clients enabling, e.g., usage of a publicly available fully qualified hostname, including the domain or also just the usage of an externally reachable IP number.


It is important to configure the ports in the repository manager and any firewall between the servers to allow the direct socket connection between the servers and to avoid using random ports.

The Status field below the form will show the current status of the smart proxy including the full address and port.

The Public Key field displays the key identifying this server instance. It is automatically populated with the certificate associated with the public/private key pair that is generated when the server is first run.


The key is stored in sonatype-work/nexus/conf/keystore/private.ks and identifies this server. If you copy the sonatype-work folder from one server to another as part of an upgrade or a move from testing to staging or production you will need to ensure that keys are not identical between multiple servers. To get a new key generated, simply remove the keystore file and restart the repository manager.

Establishing Trust

The servers publishing as well as subscribing to events identify themselves with their public key. This key has to be registered with the other servers in the Trusted Certificates section of the Smart Proxy configuration screen.

To configure two repository managers as trusted smart proxies, you copy the public key from the certificate of the other server in the Trusted Certificates configuration section by adding a new trusted certificate with a meaningful description as displayed in Figure 7.2, “Copying a Certificate” and Figure 7.3, “Adding a Trusted Certificate”.


Figure 7.2. Copying a Certificate


Figure 7.3. Adding a Trusted Certificate

All of the key generation and certificates related to the trust management is handled by the repository manager itself. No external configuration or usage of external keys is necessary.