Configuring Multiple Maven Repositories
I recently started colaborating on a project which had a couple of private Maven dependencies. The client owning the project hosted these dependencies in a private Nexus repository which was also configured as a caching proxy for all the public dependencies. They provided a custom settings.xml Maven configuration file for the developers which routed all requests to their Nexus server:
<mirrors>
<mirror>
<id>nexus</id>
<mirrorOf>*</mirrorOf>
<url>https://nexus.client.com/repository/maven-public/</url>
</mirror>
</mirrors>
<profiles>
<profile>
<id>nexus</id>
<repositories>
<repository>
<id>central</id>
<url>http://central</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>central</id>
<url>http://central</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</pluginRepository>
</pluginRepositories>
</profile>
</profiles>
<activeProfiles>
<activeProfile>nexus</activeProfile>
</activeProfiles>
For internal developers with their computers always inside the company network such a configuration will speed up the dependency download process and reduce external traffic as the dependencies will be retrieved from the internal Nexus mirror instead of downloaded from the Maven central public repository.
For external partners who work off-site, this configuration has several disadvantages:
- Downloading the dependencies from the Nexus mirror will mean unnecessary additional traffic for the VPN tunnel with the client's network.
- Dependencies from other projects will also be downloaded from the same Nexus mirror and cached there even if the client's internal developers are not using them on their projects.
- Downloading of dependencies will fail if the VPN tunnel is not established, e.g. when I'm not in the office and don't need a VPN connection because I'm working for other clients.
To resolve this issues, I reconfigured Maven to primarily use the official public repository and only fall back to the private Nexus server for dependencies which couldn't be resolved. These are the relevant parts of my settings.xml file after the change:
<profiles>
<profile>
<id>nexus</id>
<repositories>
<repository>
<id>Maven repository</id>
<url>http://central.maven.org/maven2/</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
<releases>
<enabled>true</enabled>
</releases>
</repository>
<repository>
<id>Nexus repository</id>
<url>https://nexus.client.com/repository/maven-public/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>Maven repository</id>
<url>http://central.maven.org/maven2/</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
<releases>
<enabled>true</enabled>
</releases>
</pluginRepository>
<pluginRepository>
<id>Nexus repository</id>
<url>https://nexus.client.com/repository/maven-public/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</pluginRepository>
</pluginRepositories>
</profile>
</profiles>
<activeProfiles>
<activeProfile>nexus</activeProfile>
</activeProfiles>
The repositories will now be accessed in the order specified, i.e. the public Maven repository will be used first. Because of this only client's private dependencies will be downloaded from their Nexus server. For projects which only use public dependencies, they will be successfully resolved even without a VPN connection.
