CI for the cheapskates – part 1 – Maven repository with Nginx and SSH

The motivation for this article is the situation I found myself in. I wanted to set up continuous integration pipeline for Java-based project I was working, and it needed to be as cheap as possible :-).  Initial idea was to get a cheap cloud instance ($10-20 per month), set up Jenkins build server and Nexus Maven repository manager , and ready to go. Everything was up and running in a few hours. Bingo :-).

But, problems appeared quickly. It turned out that cloud instance with 2GB RAM is not sufficient to run Nexus. Every once in a while, Nexus would crash with OutOfMemoryError. Naturally, larger instance would solve this problem, but it would violate basic requirement of low cost. So, another solution I came up with is to drop Nexus, and use SSH/SCP/Nginx for Maven repository setup. The features of this setup would be:

  • artifacts are uploaded to repository through SCP
  • artifacts are downloaded over HTTP through Nginx proxy
  • only authenticated users can access repository artifacts
  • only authenticated users can upload artifacts

In the rest of the article, we’ll see the process how to set this up.

Create directory structure for repository

First step is to create repository structure that will hold our maven repository. Create directories as follows in user home directory (you can choose different paths if you want):

We will also create a group mvnrepo , which will have write access to this folder:

This will set group of our repository, and restrict access to non-authorizes users. Now, to make sure you have access to your repository, try to copy a file over SCP:

If everything is OK, you will be able to copy the file to your repository.

One more thing we can do is add a link to repository from root, so we can prettier URL for server configuration:

 

Configuring Maven project

The next step is to configure our Maven build file to upload artifacts to newly created repository. We will use Maven Wagon plugin for upload. Add extension configuration to build section of pom.xml .

Now we need to add distributionManagement section where we configure our repository. We will create repositories for both snapshots and release artifacts.

Now we need to specify credentials for SCP login. In your Maven  settings.xml  file, add the following to <servers>  section.

Now, when you run mvn deploy , artifacts will be uploaded to Maven repository over SCP.

Configure repository for dependency downloads

Now we have our repository ready for deploying artifacts. But, we also need a way to make our artifacts available to clients. Using SCP for this might not be a good idea, since each user must have SSH credentials for login, which might pose a security risk. Instead, we will make our artifacts avaiable for download through HTTP, using Nginx.

To make our repository available to the world, clients need to configure it in their POM files. Something like this should be added to POM:

This will reference separate repositories for snapshots and release versions. Based on this configuration, we need  http://repo.myhost.com/repository/maven-releases  to point to maven-releases  directory we created earlier, and  http://repo.myhost.com/repository/maven-snapshots  to point to maven-snapshots . This needs to be configured in Nginx.

Nginx configuration

We assume that Nignx is already installed in your system. If not, you can follow the instructions here.

In /etc/nginx/sites-enabled , create a file called repo. Add the following content to this file:

This configuration will proxy all HTTP requests to repo.myhost.com . Further, Nginx will serve files under /mvnrepo  as static content.

 

Checkout part 2 to learn how to secure this setup.

 

2 thoughts on “CI for the cheapskates – part 1 – Maven repository with Nginx and SSH

    1. Thanks a lot for your comment. Hope you will find more interesting stuff in the future.

Leave a Reply

Your email address will not be published. Required fields are marked *