java - How do I setup a private, remotely accessible Maven repository?

Question

I need to set up a Maven repository for some internal company libraries, that need to be accessible only to our developers (ie. secure), yet should be securely accessible over the Internet.

I'm familiar with setting up public Maven repos, but am unsure of the best way to set up a private remotely accessible repo.

How can I do this?

Answer 1

The solution is to use a Maven Repository Manager, such as Nexus, Artifactory or Archivia.

You install the MRM on a server and configure it with the authentication details of the users you want to have access it.

You can see a publicly accessible Nexus instance at https://oss.sonatype.org and also at https://repository.apache.org So on that basis it is fairly safe to assume that the authentication in Nexus is reliable and secure.

Artifactory is available as an on-line hosted service, and we use it (the on-line hosted service) for our internal artifact hosting.

Archivia is maintained by some really good guys and I suspect they have that well locked down too.

If you want to get up and running fast and you don't want to have to manage a server, I would recommend using a hosting service such as Artifactory. I do not know if there is an online Nexus or Archivia hosting service.

Now for the disclosures:

1. JFrog (creators of Artifactory) is a partner of my employers and we use the Artifactory hosting service
2. Sonatype (creators of Nexus) is a partner of my employers
3. I am a member of the Apache Software Foundation (creators of Archivia)

I do not recommend which MRM you use. But as a Maven committer and PMC member I strongly recommend using a MRM.