Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The reverse proxy must be configured to set the value "X_FORWARDED_PROTO: https" in each HTTP request header.

Without this property, redirection initiated by the SonarQube server will fall back on HTTP.

...

Generating the SSL Certificate

Generate a RSA certificate

Run the following command:

...

It adds the certificate to USER_HOME/.keystore

Using an existing SSL certificate

 

Code Block
languagebash
# Generate a PKCS12 file with existing certificates and CAFile
$ openssl pkcs12 -export -in myserver.cert -inkey myserver.key -out myserver.p12 -name myserver -CAfile myserver.cert -caname root -chain

The name attribute value will be used for sonar.web.https.keyAlias

The export password you have entered should be specify for sonar.web.https.keyPass

Then copy your myserver.p12 file in a secure place (e.g. /opt/sonar/conf) and configure SonarQube to use it :

Code Block
...
# TCP port for incoming HTTP connections. Disabled when value is -1.
sonar.web.port=-1

# TCP port for incoming HTTPS connections. Disabled when value is -1 (default).
sonar.web.https.port=443

# HTTPS - the alias used to for the server certificate in the keystore.
# If not specified the first key read in the keystore is used.
sonar.web.https.keyAlias=myserver

# HTTPS - the password used to access the server certificate from the
# specified keystore file. The default value is "changeit".
sonar.web.https.keyPass=mykeypass

# HTTPS - the pathname of the keystore file where is stored the server certificate.
# By default, the pathname is the file ".keystore" in the user home.
# If keystoreType doesn't need a file use empty value.
sonar.web.https.keystoreFile=/opt/sonarqube/conf/myserver.p12

# HTTPS - the password used to access the specified keystore file. The default
# value is the value of sonar.web.https.keyPass.
#sonar.web.https.keystorePass=

# HTTPS - the type of keystore file to be used for the server certificate.
# The default value is JKS (Java KeyStore).
sonar.web.https.keystoreType=PKCS12

 

Configuring the SonarQube Web Server

...