11

Does someone know how to use Squid to proxify maven repositories ?

What are the configuration files for that ?

The main problem is that maven client issue HTTP request with headers which control the cache behavior (and I want to bypass that).

Here is a typical request :

GET /maven/proxy/jboss-public/org/richfaces/richfaces-bom/4.2.0.Final/richfaces-bom-4.2.0.Final.pom HTTP/1.1
Cache-control: no-cache
Cache-store: no-store
Pragma: no-cache
Expires: 0
Accept-Encoding: gzip
User-Agent: Apache-Maven/3.0.4 (Java 1.6.0_26; Linux 2.6.32-38-generic)
Host: 192.168.2.171
Connection: Keep-Alive

I'm already using Apache HTTPD (and disk_cache proxy_http modules enabled) for that, but I'm creating a mirror, not a proxy.

Here is the configuration (based on that site) :

<Proxy *>
Order deny,allow 
Allow from all 
</Proxy>

# central 
ProxyPass /maven/proxy/central http://repo1.maven.org/maven2
ProxyPassReverse /maven/proxy/central http://repo1.maven.org/maven2
CacheEnable disk /maven/proxy/central

# jboss-public-repository-group 
ProxyPass /maven/proxy/jboss-public http://repository.jboss.org/nexus/content/groups/public
ProxyPassReverse /maven/proxy/jboss-public http://repository.jboss.org/nexus/content/groups/public
ProxyPassReverseCookiePath /nexus /maven/proxy/jboss-public
CacheEnable disk /maven/proxy/jboss-public

# codehaus
ProxyPass /maven/proxy/codehaus http://repository.codehaus.org/
ProxyPassReverse /maven/proxy/codehaus http://repository.codehaus.org/
CacheEnable disk /maven/proxy/codehaus

CacheDirLength 2
CacheDirLevels 3

# Override default cache expiration and control 
CacheDefaultExpire 2419200
CacheMaxExpire 2419200

# Ignore requests to not serve from cache. Maven data never changes. 
CacheIgnoreCacheControl On
CacheIgnoreNoLastMod On
CacheStoreNoStore On

# Default max file size is 64K. Set to 1GB. 
CacheMaxFileSize 1073741824
Anthony O.
  • 674
  • 1
  • 5
  • 13
  • 1
    Have you considered using nexus instead? – artbristol Mar 08 '12 at 16:03
  • Of course I've considered it. I've also tested others. But nothing was as fast as Apache in proxy mode. That's why I wanted to use a real proxy and use Squid to perhaps obtain even more performances. – Anthony O. Mar 09 '12 at 13:07
  • 5
    If you want perfomance, make more sense use a internal artifactory repository like artifactory, nexus or apache archiva. Every time you want a new module they will download from internet and store on your local network, if someone in your network needs this same module, there is no need do go to internet make the download again. Saving bandwidth and without care about Cachesize. – Joao Vitorino Jun 01 '16 at 14:49
  • I agree with @JoaoVitorino - using a pull through cache of artifactory is probably the best option. – slm Jun 15 '18 at 01:22

1 Answers1

1

I would recommend using a proper repository like Nexus which will enable much more flexibility such as combining central maven with your own local artifact into one repository, caching of artifacts downloaded from central upon first request (so you don't need to host all artifacts, only those you need), protects you from artifacts deletion in central (think NPM leftpad fiasco), enables you to prevent usage of certain artifacts (say there is a broken artifact that has a security flaw, you can block all users from using it).

And, above all that, your users don't have to waste time setting up proxy configurations for Maven/Gradle/etc. which can be tricky at times...

But if you must do it in Squid:

Put allowed domains in /etc/squid/mavendomains.list.

In squid.conf (or if you have include files...):

acl maven-domains dstdomain "/etc/squid/mavendomains.list"
acl allowed-networks src x.x.x.x/x
http_access allow allowed-networks maven-domains
ETL
  • 6,443
  • 1
  • 26
  • 47