The Q&A Corner articles

Author, Ilkka Turunen

Nexus and SSL

Nexus and SSL

For updates on articles and resources, follow @TSWAlliance on Twitter Today’s topic comes from an interesting conversation I had with a customer about SSL certificates that can be used to secure Nexus and serve it via HTTPS. Though HTTPS should be the cornerstone in securing any web service, I thought it useful to answer small

Author, Ilkka Turunen

Automating Nexus Deployment: Cookbooks, Modules and Playbooks

The first article in this two part series, Automating Nexus Management: Using the REST API in Nexus 2.x, examined the resources available for developers who want to use the Nexus 2.x REST API. In this installment we’ll focus on how to deploy Nexus itself using various cookbooks and modules for provisioning tools. Are there any

Author, Ilkka Turunen

Using the REST API in Nexus 2.x

I’ve recently received a few questions asking how the deployment of Nexus can be automated as much as is possible by using configuration management tools such as Chef, Puppet, Saltstack, Docker, etc. This is common in a scenario where you may want to set up multiple Nexuses with defined repository structures and pre-installed license keys.

Author, Ilkka Turunen

How to Detect and Enforce Open Source Licenses

I received this question from a client today: Right now we are using Nexus OSS. We are considering upgrading to Nexus Pro for two reasons: We need to control licences of our dependencies – with Maven it’s too easy to add dependencies We need to track updates of our dependencies Nexus Repository Health Check seems

Author, Ilkka Turunen

Understanding Open Source Copyleft Licensing Flags

I recently received a question from a client who had run an Application Health Check. They wished to understand why we highlight certain licenses in the health check report: Regarding the ‘License-Copyleft’ – some libraries have e.g. a LGPL license and a CDDL/GPL license: Using the LGPL license shouldn’t be a problem in my opinion

Author, Ilkka Turunen

Healthcheck Features in Nexus Pro / Nexus Auditor

Question of the Day I’ve downloaded the Nexus Pro Trial, focusing on the procured repository function. We want to check open source components for license and security status. Can this be achieved with Nexus Pro alone? If so, what benefit is added by Nexus Audit? Answer from Ilkka Nexus Pro Both of these points can be

CI Server HA - 520

High Availability (HA) and Continuous Integration (CI) with Nexus OSS

Interesting question from a client: “How can I do HA with Nexus OSS? Our CI Server has hundreds of projects writing to our nexus instance at a  fixed time (e.g. 9pm). We would like to ensure that the Nexus server can cope with this load. How do I ensure nexus stays performant?” Nexus 2 OSS

Author, Ilkka Turunen

How to turn on audit logging in Nexus

A client called today to ask what kinds of  Nexus logs they can follow and how they can turn on user auditing. To  turn on audit logging, follow this guide: ( Nexus 2.8 + section) The output can either be seen in in the User interface under Administration -> Logging or in $NEXUS_WORKDIR/logs/nexus.log Another log to tail

Author Rich Seddon

Improving NuGet and Nexus Performance – Recommendation

As of Nexus version 2.10.0, the “Download NuGet Feed” scheduled task is no longer needed for NuGet proxy repositories.  Newer versions of Nexus dynamically delegate incoming queries to remote  repositories and cache the results.  Consequentially Sonatype stopped adding the “Download NuGet Feed” task to Nexus configurations in version 2.10.0, and the 2.10.0 release notes recommend removing this