Recommendation: Private / Corporate Maven Repository: Sonatype Nexus or jFrog Artifactory

Requirements:

  • I am writing several reusable libraries which need to refer each other in myriad ways, each may be worked upon by different developer.
    • I don’t want to create a jumbo project with sub-modules where access control is a pita.
  • I don’t want the repository to be publicly accessible.
    • There should be fine-grained access control
  • I want to publish them as I would to maven central.
  • Ideally, it should also proxy maven central so I don’t have to use multiple repositories.
  • I want to install it in a lxd container behind haproxy (may write about the configuration in another post).
  • In short a sweet solution for most corporates.

Solution

The solution is to use a repository manager like Nexus or Artifactory. I prefer open source versions to start with.

So what are the good choices?

jFrog Artifactory

I downloaded the open source version and tried installing it. It was slow, very slow and confusing. There were myriad errors, the installation was complicated. In short, if I found it confusing inspite of copious documentation), you are very likely to. After couple of hours I decided it was not worth the pain.

Sonatype Nexus

Downloading was simple, running it was simpler. I installed it as systemd service. Only changes I had to do were:

  • Change user in nexus.service to ubuntu (default user in lxd)
  • Add one extra header in haproxy backend configuration:
    http-request set-header X-Forwarded-Proto https

Configuration

Only few changes were required to get Nexus up and running.

  • Removed anonymous access
  • Deactivated anonymous user
  • Changed admin password and added users

It works well with gradle and well documented. Best part is that it is significantly faster and satisfies all my requirements.

Winner?

The winner, for me, is Sonatype Nexus. It is fast, free, less cumbersome to install, setup and use. The default repositories serve my needs with minor tweaks.

Postscript

Could the slowness of Artifactory be due to https to http conversion as I use haproxy for SSL termination?

That does not seem to be the case because I could load it properly, just slow.

OTH: Nexus was not loading properly till I passed X-Forwarded-Proto header.