aboutsummaryrefslogtreecommitdiffstats
path: root/archiva-docs/src/site/apt/adminguide/proxy-connectors.apt
blob: ad5bf1a20f2865580bfc0c164c2c3164f6f59b79 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 ------
 Understanding Proxy Connector Configuration of Apache Archiva
 ------

~~ Licensed to the Apache Software Foundation (ASF) under one
~~ or more contributor license agreements.  See the NOTICE file
~~ distributed with this work for additional information
~~ regarding copyright ownership.  The ASF licenses this file
~~ to you under the Apache License, Version 2.0 (the
~~ "License"); you may not use this file except in compliance
~~ with the License.  You may obtain a copy of the License at
~~
~~   http://www.apache.org/licenses/LICENSE-2.0
~~
~~ Unless required by applicable law or agreed to in writing,
~~ software distributed under the License is distributed on an
~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~~ KIND, either express or implied.  See the License for the
~~ specific language governing permissions and limitations
~~ under the License.

~~ NOTE: For help with the syntax of this file, see:
~~ http://maven.apache.org/guides/mini/guide-apt-format.html

Understanding Proxy Connector Configuration of Apache Archiva

  Archiva uses the terminology "proxy" for two different concepts:

    * The remote repository proxying cache, as configured through proxy connectors between repositories

    * {{{./network-proxies.html} Network proxies}}, which are traditional protocol based proxies (primarily for HTTP access to remote repositories over a firewall)

    []

  A proxy connector is used to link a managed repository (stored on the Archiva machine) to a remote repository (accessed via a URL). This will mean that when a request
  is received by the managed repository, the connector is consulted to decide whether it should request the resource from the remote repository (and potentially cache
  the result locally for future requests).

  Each managed repository can proxy multiple remote repositories to allow grouping of repositories through a single interface inside the Archiva instance. For instance,
  it is common to proxy all remote releases through a single repository for Archiva, as well as a single snapshot repository for all remote snapshot repositories.

  A basic proxy connector configuration simply links the remote repository to the managed repository (with an optional network proxy for access through a firewall).
  However, the behaviour of different types of artifacts and paths can be specifically managed by the proxy connectors to make access to remote repositories more flexibly controlled.

* Proxy Connectors

** List of proxy connectors

[../images/proxy-connectors-list.png]

** Configuring order

  You can configured repositories order using drag&drop

[../images/proxy-connectors-order.png]

* Configuring policies

  When an artifact is requested from the managed repository and a proxy connector is configured, the policies for the connector are first consulted to decide whether
  to retrieve and cache the remote artifact or not. Which policies are applied depends on the type of artifact.

  By default, Archiva comes with the following policies:

    * <<<Releases>>> - how to behave for released artifact metadata (those not carrying a <<<SNAPSHOT>>> version). This can be set to <<<always>>> (default), <<<hourly>>>, <<<daily>>>, <<<once>>> and <<<never>>>.

    * <<<Snapshots>>> - how to behave for snapshot artifact metadata (those carrying a <<<SNAPSHOT>>> version). This can be set to <<<always>>> (default), <<<hourly>>>, <<<daily>>>, <<<once>>> and <<<never>>>.

    * <<<Checksum>>> - how to handle incorrect checksums when downloading an artifact from the remote repository (ie, the checksum of the artifact does not match the corresponding detached checksum file).
      The options are to fail the request for the remote artifact, fix the checksum on the fly (default), or simply ignore the incorrect checksum

    * <<<Cache failures>>> - whether failures retrieving the remote artifact should be cached (to save network bandwidth for missing or bad artifacts), or uncached (default).

    * <<<Return error when>>> - if a remote proxy causes an error, this option determines whether an existing artifact should be returned (error when <<<artifact not already present>>>), or the error passed on regardless (<<<always>>>).

    * <<<On remote error>>> - if a remote error is encountered, <<<stop>>> causes the error to be returned immediately, <<<queue error>>> will return all errors after checking for other successful remote repositories first, and <<<ignore>>> will disregard ay errors.

    []

[../images/proxy-connectors-policies.png]

* Configuring whitelists and blacklists

  By default, all artifact requests to the managed repository are proxied to the remote repository via the proxy connector if the policies pass. However, it can be more efficient to
  configure whitelists and blacklists for a given remote repository that match the expected artifacts to be retrieved.

  If only a whitelist is configured, all requests not matching one of the whitelisted elements will be rejected. Conversely, if only a blacklist is configured, all requests not matching one of
  the blacklisted elements will be accepted (while those matching will be rejected). If both a whitelist and blacklist are defined, a path must be listed in the whitelist and not in the blacklist
  to be accepted - all other requests are rejected.

  The path in the whitelist or blacklist is a repository path, and not an artifact path, and matches the request and format of the remote repository. The characters <<<*>>> and <<<**>>> are wildcards,
  with <<<*>>> matching anything in the current path, while <<<**>>> matches anything in the current path and deeper in the directory hierarchy.

  For instance, to only retrieve artifacts in the Apache group ID from a repository, but no artifacts from the Maven group ID, you would configure the following:

    * White list: <<<org/apache/**>>>

    * Black list: <<<org/apache/maven/**>>>

    []


[../images/proxy-connectors-lists.png]