How do I configure routing in Nexus OSS 3

Question

Sonatype Nexus 2 has "routing" capabilities, so that I can configure my requests for internal artifacts to only be served by certain (internal) repositories.

I've got a version of Nexus 3 running but I don't see any way to implement this capability. There is something called "content selectors" which might be the new mechanism, but there is absolutely no documentation of it, so I can't use it. This is a pretty important security requirement.

Am I missing something? How do I route requests in Nexus 3?

score 2 · Answer 1 · answered Jul 10 '19 at 21:19

Nexus 3.17 is out. It is the first version to support routing rules. They work differently than in Nexus 2.X, but meet the same need. Things are now rule centered instead of repo centered. I found the Nexus 3 approach to be easier to understand.

This documentation page shows the new routing rules.

And for future readers:

Content selectors: privileges within nexus. Useful if you want to restrict a user to certain paths
Routing rules: which repos are queried for what patterns. Useful if you want to only look up certain paths from certain repos.

score 1 · Answer 2 · answered Jun 16 '17 at 18:27

1

From support question I asked of nexus team, this feature is not yet in Nexus 3. They are working on a simpler design as feedback on the feature in nexus 2 was that it was confusing.

answered Jun 16 '17 at 18:27

Daniel Holmes

342
1
2
13

It's 2018-09 and still no such thing. :-( – Benjamin Marwell Sep 10 '18 at 07:50
1

It's out now. I added a new answer. But since this one (barely) has the most votes, leaving a comment as well – Jeanne Boyarsky Jul 10 '19 at 21:20

score 0 · Answer 3 · answered Dec 16 '16 at 13:27

This question is quite old; I hope this answer helps to document the new implementation or Nexus 2 "routing" in Nexus 3 "Content selector".

It's correct, Sonatype Nexus 2 "routing" capabilities have been substituted by "Content selector" in Nexus 3, based on JEXL queries. Some notes are now available in Chapter 4 of Nexus Repository Manager 3.1 Documentation. Basically you have to create a new selector from

Server Administration and Configuration -> Repository Content Selectors.

Define the JEXL query for your scope, e.g. the query below searchs for all path beginning with com/mycompany in maven2 repositories:

format == "maven2" && path =^ "com/mycompany/"

You can test your query using "Preview" buttun.

After that you go on more or less as in Nexus 2.

Server Administration and Configuration -> Security -> Privileges -> Create privilege

Give a name and description, select your "Content selector", select the repositories to apply the privilege and the action (comma separated list), e.g.

read,browse

Next create or modify a Role

Server Administration and Configuration -> Security -> Roles giving the privilege you just configured.

Finally assign the role to the users you need.

I also have this question. I don't think answer addressed the Routing concept of Nexus 2.x; Routing is what provided inclusive/exclusive rules on repositories for whether certain paths would even be tried for those repositories. In Nexus2.x the Repository Targets was the place where paths were defined for the purpose of supporting user level privileges; I think this is what maps to the Content Selectors. — Daniel Holmes, Jun 16 '17 at 17:52
I agree, this does not answer the question entirely. Even without giving the new privilege to any users, there are still outbound connections containing my internal artifact paths. — Benjamin Marwell, Jan 31 '18 at 10:28

How do I configure routing in Nexus OSS 3

3 Answers3

Linked