Monday, January 9, 2017

Maven nonProxyHosts are not used

Leave a Comment

I've got a problem deploying to our companys nexus using a proxy.

  • Our Nexus is hosted on http://nexus.my.company.de:8081/
  • My Jenkins is hosted on http://myjenkins.my.company.de:8080/

To access the internet I need a proxy. Due to security reasons the proxy has no connection from the proxy to internal network, meaning as soon as there is a call (from my jenkins or any other server) to the proxy this call can't get a connection back to internal network only to the "real/outside" internet.

Therefor I defined several <nonProxyHosts> in the maven settings.xml used by the jenkins.

<proxy>   <id>optional</id>   <active>true</active>   <protocol>http</protocol>   <host>inet.my.company.de</host>         <port>5555</port> <!-- switched to 5555 for StackOverflow -->   <nonProxyHosts>localhost|127.0.0.1|<ip-of-the-nexus>|*.my.company.de</nonProxyHosts> </proxy> 

But everytime I run a build, which should deploy to nexus I get an

Access denied to: http://nexus.my.company.de:8081/<....> , ReasonPhrase: Forbidden.

I already talked to our network administrators and when monitoring the network traffic we always see that the proxy is called. So we run several tests together, always watching if the proxy is called or not:

  • When I change the port of the proxy it fails completly as the proxy port is wrong and the calls are blocked correctly
  • Trying several <nonProxyHosts> entries, with *, with IP, with full hostname, with hostename and port (nexus.my.company.de:8080) result in calls to the proxy that are not routed back to internal network as intended
  • Chaning <distributionManagement> inside the project from hostname to IP based and setting correspondending <nonProxyHosts> entries also result in calls to the proxy that are not routed back to internal network as intended
  • When deactivating the proxy (setting <active>false</active>) the proxy is not called and the deployment works smoothly. This also shows that firewall settings and access rights are correct.

Our conclusion is that the <nonProxyHosts> entries are not used / regognized. So my question is how can I define hosts for which maven does not use the proxy definied in settings.xml but calls them directly?

1 Answers

Answers 1

Nexus ip/hostname should be in <nonProxyHosts>.

You can also pass value over command line:

mvn clean build -Djava.net.useSystemProxies=false -Dhttp.proxyHost=inet.my.company.de -Dhttp.proxyPort=5555 –Dhttp.nonProxyHosts= localhost|127.*| <ip-of-the-nexus>|*.my.company.de

Please can you check do you get anything related to 403 error in the nexus log. If you get this message on nexus side please check this first:

Code 403 - Forbidden

The login credentials sent were valid, but the user does not have permission to upload to the repository. Go to "administration/security" in the Nexus UI, and bring up the user (or the user's role if they are mapped via an external role mapping) and examine the role tree to see what repository privileges they have been assigned. A user will need create and update privileges for a repository to be able to deploy into it.

If You Enjoyed This, Take 5 Seconds To Share It

0 comments:

Post a Comment