Configuring Outbound Traffic
Network Access to Sonatype Data Services
The IQ Server needs to communicate securely with the Sonatype Data Services using HTTPS.
Firewall and HTTP proxy server administrators must ensure the following URL is accessible from the Nexus IQ Server process:
The Nexus IQ Server may also be configured to send HTML based notification emails to your users. These emails contain links to static resources loaded from:
Therefore, email clients which load notification messages should have access to the cdn.sonatype.com sub-domain to ensure complete HTML formatted rendering.
HTTP Proxy Server
Many organizations filter, control and optimize HTTP network traffic via an HTTP proxy server. To allow the IQ Server to reach Sonatype Data Services, you may have to configure IQ Server to use a specific HTTP Proxy Server for outbound requests. The proxy server must support the CONNECT method of tunneling.
Starting in version 84, the proxy server configuration is stored in IQ Server's database. If a proxy server configuration already exists in the
config.yml file, then IQ Server version 84 will attempt to migrate it on first startup in a one-off operation, after which it will be obsolete.
IQ Server 84 and newer
The connection details are specified using the HTTP Proxy Server Configuration REST API or through IQ Server's UI via the Proxy option in the System Preferences menu.
IQ Server 83 and older
The connection details are specified in the
proxy section of the
config.yml file, which by default is commented out.
# Proxy settings. #proxy: # The host running the proxy server to use. #hostname: "127.0.0.1" # The port at which the proxy server listens on. #port: 80 # The username used to access the proxy server. #username: "anonymous" # The password used to access the proxy server. #password: "guest"
Uncomment the proxy section and adjust the values to match your configuration.
# Proxy settings. proxy: # The host running the proxy server to use. hostname: "http-proxy-host.example.com" # The port at which the proxy server listens on. port: 8888 # The username used to access the proxy server. #username: "anonymous" # The password used to access the proxy server. #password: "guest"
If your proxy server uses NTLM authentication supply your user name in the following format:
Appending a User Agent To Outbound Requests
To address the firewall configurations set by some organizations, you can customize the user agent header used for HTTP requests. To add a user agent string, add the following line to the IQ Server config.yml:
userAgentSuffix: "test string"
Control characters are not permitted in the user agent and the max length of the text is 128 characters.