Skip to main content

Routing Rules

Administrators want to control the remote traffic to upstream repositories to limit the exposure from those repositories. This could be to limit the access to a single component's versions or to a specific namespace within that repository. Routing Rules are used to limit access to remote proxies to the namespaces for the components needed from that repository.

Steps to setting up a routing rule:

  1. Create a block or allow a routing rule

  2. Apply the routing rule to the proxy repository

Creating or Modifying a Routing Rule

The Routing Rules are found in the Adminstration section under Repository. The nx-all privilege is required to view or make changes to routing rules.

67211112.png

Routing rules have two modes: BLOCK and ALLOW

BLOCK

When a matcher compares with the request path, the request is blocked.

ALLOW

When a matcher compares with the request path, the request is allowed.

Matchers

The matches must be valid regular expressions allowed by Java. Defining the matcher requires an understanding of URIs used by formats or by simple namespace matching as shown below.

.*sonatype.*

Important

Regular expressions can be expensive to evaluate and in extreme cases lead to a Regular Expression Denial of Service. For any complex management of proxies, use Repository Firewall to set policies on allowed components.

Assigning a Rule to a Repository

Previously created routing rules may be assigned to a proxy repository. Only one rule may be added to the proxy but the rule can be used on more than one proxy repository in a one-to-many relationship.

  1. Navigate to the Add or Edit view for a proxy repository

  2. Under Routing Rule, select a previously created rule from the dropdown.

  3. Save the proxy repository.

27361654.png

Testing Routing Rules

Below the routing rule editor is a section to help test the rule. Specify possible request paths to verify whether the request would be allowed or blocked by the rule as written.

Request paths begin with a leading slash supplied by the test tool automatically.

67211123.png

Deleting a Routing Rule

Routing rules can be removed by selecting the Delete Routing Rule button. The rule must not be assigned to any repositories for the deletion to be successful.

Difference from Nexus Repository 2

The following are differences in the implementation of routing rules from Nexus Repository 2.

  • There are no automatic routing rules.

  • NexusRepository 2 had confusing names for rule types whereas Nexus Repository 3 uses BLOCK and ALLOW.

  • Nexus Repository 2 routing rules were to route requests to inbound group repo members. Nexus Repository 3 routing rules are applied to specific repositories and take effect no matter what group that repo is inside of.

  • Routing rules are not moved during the migration from Nexus Repository 2 to 3.

  • Routing rules in Nexus Repository 3 are applied to proxy repos only.