I work in an environment where internet resources are accessible only through proxy, and the urls have to be whitelisted to be accessible.
I can work with cache-redirector[.]jetbrains[.]com, but how often is the cloudfront hostname refreshed?
I would not feel secure whitelisting the whole cloudfront.net domain, and it looks like the domains printed in the logs executing the task with --debug https://dtahfujkndrht.cloudfront.net/plugins.jetbrains.com/maven/idea/ideaIC/2024.3.3/ideaIC-2024.3.3.pom can become defunct pretty quickly.
What would be the proper approach to deal with this scenario?
I know the common approach in corporate environments is to setup a Maven proxy, such as Sonatype Nexus and use it instead of default repositories
yes, we have that approach in place for things like maven central.
So the suggestion is to do the same for cache-redirector as well?
I also tried to disable the use of the cache-redirector, and I still get some issues, because the logs shows urls that return 404 error when are browsed, https://www.jetbrains.com/intellij-repository/releases/idea/ideaIC/2024.3.3/ideaIC-2024.3.3.pom but the resource is available when accessed with the right group coordinates.
Is there any guide on how to setup the proxy/mirroring of the jebtrains repositories?