We are running our own artifact repository using Sonatype Nexus.
We are using the community edition which has a request limit of 200K requests per day, and since our team is growing we're nearing the point where we will regularly get over the limit.
Since my higher-ups don't want to pay the $10K for an enterprise license that would remove the limit unless there is no other option, I've been tasked with finding another solution.
Our previous setup was to define Maven Central as a proxied repository in Nexus and define Nexus as the proxy for everything in settings.xml.
However this means that all dependency resolutions run through Nexus one way or another. To save requests to Nexus, we want Maven to resolve all publicly available artifacts directly from Maven Central and only our own artifacts from Nexus.
Therefore the relevant part of settings.xml looks like this:
<repository>
<id>central</id>
<url>https://repo1.maven.org/maven2/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<repository>
<id>nexus</id>
<name>Nexus</name>
<url>http://nexus.internal.ourdomain.com/repository/all/</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
So, my understanding is that Maven will try to resolve all dependencies from repo1.maven.org first, and if it doesn't find them there, try nexus.internal.ourdomain.com.
However, for some dependencies, Maven will try to resolve them via totally different repos, like repo.maven.apache.org or repository.apache.org - those aren't defined anywhere in the settings.xml.
Why does Maven do that?
The issue with this is that all URLs need to be whitelisted in our company proxy, therefore the URLs Maven uses need to be predictable.
You need to define your own repository as <mirror> in the settings.xml, not just as repository. Something like this:
<mirror>
<id>custom-mirror</id>
<url>http://your-mirror-repository-url</url>
<mirrorOf>*,!central</mirrorOf>
</mirror>