How do I setup a private, remotely accessible Maven repository?

Question

I need to set up a Maven repository for some internal company libraries, that need to be accessible only to our developers (ie. secure), yet should be securely accessible ov

Answer 1

The solution is to use a Maven Repository Manager, such as Nexus, Artifactory or Archivia.

You install the MRM on a server and configure it with the authentication details of the users you want to have access it.

You can see a publicly accessible Nexus instance at https://oss.sonatype.org and also at https://repository.apache.org So on that basis it is fairly safe to assume that the authentication in Nexus is reliable and secure.

Artifactory is available as an on-line hosted service, and we use it (the on-line hosted service) for our internal artifact hosting.

Archivia is maintained by some really good guys and I suspect they have that well locked down too.

If you want to get up and running fast and you don't want to have to manage a server, I would recommend using a hosting service such as Artifactory. I do not know if there is an online Nexus or Archivia hosting service.

Now for the disclosures:

1. JFrog (creators of Artifactory) is a partner of my employers and we use the Artifactory hosting service
2. Sonatype (creators of Nexus) is a partner of my employers
3. I am a member of the Apache Software Foundation (creators of Archivia)

I do not recommend which MRM you use. But as a Maven committer and PMC member I strongly recommend using a MRM.