Configuring Outbound Traffic

Network Access to Sonatype Data Services

The IQ Server needs to communicate securely with the Sonatype Data Services using HTTPS.

Firewall and HTTP proxy server administrators must ensure the following URL is accessible from the Nexus IQ Server process:

https://clm.sonatype.com:443

The Nexus IQ Server may also be configured to send HTML based notification emails to your users. These emails contain links to static resources loaded from:

http://cdn.sonatype.com:80

Therefore, email clients which load notification messages should have access to the  cdn.sonatype.com  sub-domain to ensure complete HTML formatted rendering.

HTTP Proxy Server

Many organizations filter, control and optimize HTTP network traffic via an HTTP proxy server.

To allow the IQ Server to reach Sonatype Data Services, you may have to configure IQ Server to use a specific HTTP Proxy Server for outbound requests. The proxy server must support the CONNECT method of tunneling. The connection details are specified in the proxy section of the config.yml file, which by default is commented out.

Example Disabled Proxy Configuration in config.yml
# Proxy settings.
#proxy:

  # The host running the proxy server to use.
  #hostname: "127.0.0.1"

  # The port at which the proxy server listens on.
  #port: 80

  # The username used to access the proxy server.
  #username: "anonymous"

  # The password used to access the proxy server.
  #password: "guest"

Uncomment the proxy section and adjust the values to match your configuration.

Example Enabled Proxy Configuration in config.yml
# Proxy settings.
proxy:

  # The host running the proxy server to use.
  hostname: "http-proxy-host.example.com"

  # The port at which the proxy server listens on.
  port: 8888

  # The username used to access the proxy server.
  #username: "anonymous"

  # The password used to access the proxy server.
  #password: "guest"

NTLM Authentication

If your proxy server uses NTLM authentication supply your user name in the following format:

Example NTLM Authentication Based HTTP Proxy Username
  username: "DOMAIN\\username"

Appending a User Agent To Outbound Requests

To address the firewall configurations set by some organizations, you can customize the user agent header used for HTTP requests. To add a user agent string, add the following line to the IQ Server config.yml:

userAgentSuffix: "test string"

Control characters are not permitted in the user agent and the max length of the text is 128 characters.