Archiva Documentation - Understanding Network Proxy Configuration of Apache Archiva

Reply-To: dev@archiva.apache.org Delivered-To: mailing list commits@archiva.apache.org Received: (qmail 76878 invoked by uid 99); 3 Feb 2014 04:52:40 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Feb 2014 04:52:40 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Feb 2014 04:52:29 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id AD5552388AA6; Mon, 3 Feb 2014 04:52:06 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1563776 [5/48] - in /archiva/site-content/docs/2.0.0-RC3: ./ adminguide/ adminguide/webservices/ css/ customising/ images/ images/logos/ images/profiles/ images/tour/ img/ js/ rest-docs-archiva-rest-api/ rest-docs-archiva-rest-api/css/ res... Date: Mon, 03 Feb 2014 04:51:53 -0000 To: commits@archiva.apache.org From: olamy@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20140203045206.AD5552388AA6@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Added: archiva/site-content/docs/2.0.0-RC3/adminguide/network-proxies.html URL: http://svn.apache.org/viewvc/archiva/site-content/docs/2.0.0-RC3/adminguide/network-proxies.html?rev=1563776&view=auto ============================================================================== --- archiva/site-content/docs/2.0.0-RC3/adminguide/network-proxies.html (added) +++ archiva/site-content/docs/2.0.0-RC3/adminguide/network-proxies.html Mon Feb 3 04:51:44 2014 @@ -0,0 +1,465 @@ + + + + + + + + + Archiva Documentation - Understanding Network Proxy Configuration of Apache Archiva + + + + + + + + + + + + + + + + +

+ + +

+ +

+ + +

+ +

+ + +

+ +

Understanding Network Proxy Configuration of Apache Archiva

Archiva uses the terminology "proxy" for two different concepts:

The remote repository proxying cache, as configured through proxy connectors between repositories
Network proxies, which are traditional protocol based proxies (primarily for HTTP access to remote repositories over a firewall)

Network proxies are configured using standard HTTP proxy settings as provided by your network administrator.

Once configured, the network proxy can be attached to operations that access remote resources. At present, this is configured on the remote repository proxy connectors that need to access the remote repository over the HTTP protocol.

+ +

+ + + + \ No newline at end of file Added: archiva/site-content/docs/2.0.0-RC3/adminguide/proxy-connector-rules.html URL: http://svn.apache.org/viewvc/archiva/site-content/docs/2.0.0-RC3/adminguide/proxy-connector-rules.html?rev=1563776&view=auto ============================================================================== --- archiva/site-content/docs/2.0.0-RC3/adminguide/proxy-connector-rules.html (added) +++ archiva/site-content/docs/2.0.0-RC3/adminguide/proxy-connector-rules.html Mon Feb 3 04:51:44 2014 @@ -0,0 +1,467 @@ + + + + + + + + + Archiva Documentation - Proxy Connectors Rules + + + + + + + + + + + + + + + + +

+ + +

+ +

+ + +

+ +

+ + +

+ +

Understanding Proxy Connectors Rules of Apache Archiva

Configuring whitelists and blacklists in "bulk mode"

Proxy Connectors have white/black list for filtering which artifacts are retrieve or not from remote repositories (see Configuring proxy connectors section "Configuring whitelists and blacklists")

NOTE: configuring black list will improve performance of your tests. You probably don't to get org/apache/** from all of your remote repositories !

List of Rules

Editing a rule

+ +

+ + + + \ No newline at end of file Added: archiva/site-content/docs/2.0.0-RC3/adminguide/proxy-connectors.html URL: http://svn.apache.org/viewvc/archiva/site-content/docs/2.0.0-RC3/adminguide/proxy-connectors.html?rev=1563776&view=auto ============================================================================== --- archiva/site-content/docs/2.0.0-RC3/adminguide/proxy-connectors.html (added) +++ archiva/site-content/docs/2.0.0-RC3/adminguide/proxy-connectors.html Mon Feb 3 04:51:44 2014 @@ -0,0 +1,493 @@ + + + + + + + + + Archiva Documentation - Understanding Proxy Connector Configuration of Apache Archiva + + + + + + + + + + + + + + + + +

+ + +

+ +

+ + +

+ +

+ + +

+ +

Understanding Proxy Connector Configuration of Apache Archiva

Archiva uses the terminology "proxy" for two different concepts:

The remote repository proxying cache, as configured through proxy connectors between repositories
Network proxies, which are traditional protocol based proxies (primarily for HTTP access to remote repositories over a firewall)

A proxy connector is used to link a managed repository (stored on the Archiva machine) to a remote repository (accessed via a URL). This will mean that when a request is received by the managed repository, the connector is consulted to decide whether it should request the resource from the remote repository (and potentially cache the result locally for future requests).

Each managed repository can proxy multiple remote repositories to allow grouping of repositories through a single interface inside the Archiva instance. For instance, it is common to proxy all remote releases through a single repository for Archiva, as well as a single snapshot repository for all remote snapshot repositories.

A basic proxy connector configuration simply links the remote repository to the managed repository (with an optional network proxy for access through a firewall). However, the behaviour of different types of artifacts and paths can be specifically managed by the proxy connectors to make access to remote repositories more flexibly controlled.

Proxy Connectors

List of proxy connectors

Configuring order

You can configured repositories order using drag&drop

Configuring policies

When an artifact is requested from the managed repository and a proxy connector is configured, the policies for the connector are first consulted to decide whether to retrieve and cache the remote artifact or not. Which policies are applied depends on the type of artifact.

By default, Archiva comes with the following policies:

Releases - how to behave for released artifact metadata (those not carrying a SNAPSHOT version). This can be set to always (default), hourly, daily, once and never.
Snapshots - how to behave for snapshot artifact metadata (those carrying a SNAPSHOT version). This can be set to always (default), hourly, daily, once and never.
Checksum - how to handle incorrect checksums when downloading an artifact from the remote repository (ie, the checksum of the artifact does not match the corresponding detached checksum file). The options are to fail the request for the remote artifact, fix the checksum on the fly (default), or simply ignore the incorrect checksum
Cache failures - whether failures retrieving the remote artifact should be cached (to save network bandwidth for missing or bad artifacts), or uncached (default).
Return error when - if a remote proxy causes an error, this option determines whether an existing artifact should be returned (error when artifact not already present), or the error passed on regardless (always).
On remote error - if a remote error is encountered, stop causes the error to be returned immediately, queue error will return all errors after checking for other successful remote repositories first, and ignore will disregard ay errors.

Configuring whitelists and blacklists

By default, all artifact requests to the managed repository are proxied to the remote repository via the proxy connector if the policies pass. However, it can be more efficient to configure whitelists and blacklists for a given remote repository that match the expected artifacts to be retrieved.

If only a whitelist is configured, all requests not matching one of the whitelisted elements will be rejected. Conversely, if only a blacklist is configured, all requests not matching one of the blacklisted elements will be accepted (while those matching will be rejected). If both a whitelist and blacklist are defined, a path must be listed in the whitelist and not in the blacklist to be accepted - all other requests are rejected.

The path in the whitelist or blacklist is a repository path, and not an artifact path, and matches the request and format of the remote repository. The characters * and ** are wildcards, with * matching anything in the current path, while ** matches anything in the current path and deeper in the directory hierarchy.

For instance, to only retrieve artifacts in the Apache group ID from a repository, but no artifacts from the Maven group ID, you would configure the following:

White list: org/apache/**
Black list: org/apache/maven/**

+ +

+ + + + \ No newline at end of file Added: archiva/site-content/docs/2.0.0-RC3/adminguide/redback-runtime-configuration.html URL: http://svn.apache.org/viewvc/archiva/site-content/docs/2.0.0-RC3/adminguide/redback-runtime-configuration.html?rev=1563776&view=auto ============================================================================== --- archiva/site-content/docs/2.0.0-RC3/adminguide/redback-runtime-configuration.html (added) +++ archiva/site-content/docs/2.0.0-RC3/adminguide/redback-runtime-configuration.html Mon Feb 3 04:51:44 2014 @@ -0,0 +1,488 @@ + + + + + + + + + + + Archiva Documentation - Apache Archiva Redback Runtime Configuration + + + + + + + + + + + + + + + + +

+ + +

+ +

+ + +

+ +

+ + +

+ +

Apache Archiva Redback Runtime Configuration

Apache Archiva Redback Runtime Configuration +

Apache Redback User Manager/RbacManager Implementations

Since 1.4-M4, you can choose to switch dynamically

User Manager Implementations (from Database and/or LDAP).
RbacManager Implementations (from Database and/or LDAP): to manage if roles management comes from Database and/or LDAP.

LDAP configuration

LDAP configuration can now be done via an UI and it's now dynamic (no more need of using vi to edit a file :-) ) and no more need of restarting.

You can test your ldap configuration too.

LDAP Group-Roles mapping

Since 1.4-M4, you can map dynamically LDAP Group to Archiva Roles

Runtime properties

You can now too modify some Redback configuration properties. You have a help button which explains to you what the property is doing.

Users Cache

You can enable/disable users cache and configure various ttl values

+ +

+ + + + \ No newline at end of file