Configuring Outbound Traffic

Network Access to Sonatype Data Services

The IQ Server needs to communicate securely with the Sonatype Data Services using HTTPS.

Firewall and HTTP proxy server administrators must ensure the following URL is accessible from the Nexus IQ Server process:

https://clm.sonatype.com:443

The Nexus IQ Server may also be configured to send HTML based notification emails to your users. These emails contain links to static resources loaded from:

https://cdn.sonatype.com:443 (release 92 and newer)

http://cdn.sonatype.com:80 (release 91 and older)

Therefore, email clients which load notification messages should have access to the  cdn.sonatype.com  sub-domain to ensure complete HTML formatted rendering.

HTTP Proxy Server

Many organizations filter, control and optimize HTTP network traffic via an HTTP proxy server. To allow the IQ Server to reach Sonatype Data Services, you may have to configure IQ Server to use a specific HTTP Proxy Server for outbound requests. The proxy server must support the CONNECT method of tunneling.

Starting in version 84, the proxy server configuration is stored in IQ Server's database. If a proxy server configuration already exists in the config.yml file, then IQ Server version 84 will attempt to migrate it on first startup in a one-off operation, after which it will be obsolete.

IQ Server 84 and newer

NEW IN RELEASE 84

The connection details are specified using the HTTP Proxy Server Configuration REST API or through IQ Server's UI via the Proxy option in the System Preferences menu.

IQ Server 83 and older

The connection details are specified in the proxy section of the config.yml file, which by default is commented out.

# Proxy settings.
#proxy:

  # The host running the proxy server to use.
  #hostname: "127.0.0.1"

  # The port at which the proxy server listens on.
  #port: 80

  # The username used to access the proxy server.
  #username: "anonymous"

  # The password used to access the proxy server.
  #password: "guest"

Uncomment the proxy section and adjust the values to match your configuration.

# Proxy settings.
proxy:

  # The host running the proxy server to use.
  hostname: "http-proxy-host.example.com"

  # The port at which the proxy server listens on.
  port: 8888

  # The username used to access the proxy server.
  #username: "anonymous"

  # The password used to access the proxy server.
  #password: "guest"

NTLM Authentication

If your proxy server uses NTLM authentication supply your user name in the following format:

  username: "DOMAIN\\username"

Appending a User Agent To Outbound Requests

To address the firewall configurations set by some organizations, you can customize the user agent header used for HTTP requests. To add a user agent string, add the following line to the IQ Server config.yml:

userAgentSuffix: "test string"

Control characters are not permitted in the user agent and the max length of the text is 128 characters.