search

sonatype-nexus-community / nexus-repository-apt

A Nexus Repository 3 plugin that allows usage of apt repositories
Eclipse Public License 1.0
105 stars 50 forks source link

Support PUT in addition to POST so maven-deploy-plugin and maven-wagon-plugin can be used #114

Open exabrial opened 5 years ago

exabrial commented 5 years ago

First, thanks for the work on this. We were using Freight, but it's super slow because it has to re-sign the entire repository, and you have to build a lot of glue code to get it to add new files. Overall, not a great experience.

One thing we noticed is that we build our packages with JDeb, then after that we would like to push the released deb files to our new shiney Nexus Apt repo. Both the maven deploy plugin and the maven wagon plugin only seem to support HTTP PUT, not HTTP POST, which only the latter seems to be supported by the nexus apt plugin.

I think this is a code change we can make, as it looks like there's just a handful of case statements that need to updated. Is there a reason this wasn't included in the original?

exabrial commented 5 years ago

Well nuts, I tried adding PUT in the case block of AptHandler, but we're still getting a 405 error. Any help appreciated

exabrial commented 5 years ago

I think I figured out the second problem. So while we were accepting PUT requests, the Wagon plugin is not setting the expected Content-Type to multipart-/form-data and uploading it as such. The apt repo is going to need to be a lot more flexible

exabrial commented 5 years ago

So we're able to workaround the lack of PUT support with some clever HaProxy rules. We use HaProxy to terminate TLS and provide a bit of protection against attacks on our nexus repo. Our HaProxy route for Nexus now looks like this, which rewrites the PUT to POST and adds the multipart-form content-type header:

frontend www-https
    bind :443 ssl crt /xxx/xxx/xxx/xxx.xxx.xxx.pem alpn h2,http/1.1
    reqadd X-Forwarded-Proto:\ https
    default_backend nexus-backend
    acl acl_apt-repo path_beg -i /repository/xxx-nexus-apt
    http-request set-method POST if METH_PUT acl_apt-repo
    http-request set-header Content-Type multipart/form-data if METH_PUT acl_apt-repo
    http-request set-path /repository/xxx-nexus-apt/ if METH_PUT acl_apt-repo

backend nexus-backend
    option httpchk OPTIONS / HTTP/1.0
    server nexus-workhorse 127.0.0.1:8081 #check

And our pom configuration looks like this:

<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>wagon-maven-plugin</artifactId>
    <executions>
        <execution>
            <id>upload-to-nexus</id>
            <phase>deploy</phase>
            <goals>
                <goal>upload-single</goal>
            </goals>
            <configuration>
                <serverId>xxx-nexus-apt</serverId>
                <fromFile>${project.build.directory}/${jdeb.name}</fromFile>
                <url>https://xxx.xxx.com/repository/xxx-nexus-apt</url>
            </configuration>
        </execution>
    </executions>
</plugin>
bhamail commented 5 years ago

APT is now part of Nexus Repository Manager. Version 3.17.0 includes the APT plugin by default. If this is still an issue if using 3.17.0 or later please file an issue at https://issues.sonatype.org/. Links to the new source code location are in the top level README.md