Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The reverse proxy must be configured to set the value "X_FORWARDED_PROTO: https" in each HTTP request header.

Without this property, redirection initiated by the SonarQube server will fall back on HTTP.


Generating the SSL Certificate

Generate a RSA certificate

Run the following command:


It adds the certificate to USER_HOME/.keystore

Using an existing SSL certificate


Code Block
# Generate a PKCS12 file with existing certificates and CAFile
$ openssl pkcs12 -export -in myserver.cert -inkey myserver.key -out myserver.p12 -name myserver -CAfile myserver.cert -caname root -chain

The name attribute value will be used for sonar.web.https.keyAlias

The export password you have entered should be specify for sonar.web.https.keyPass

Then copy your myserver.p12 file in a secure place (e.g. /opt/sonar/conf) and configure SonarQube to use it :

Code Block
# TCP port for incoming HTTP connections. Disabled when value is -1.

# TCP port for incoming HTTPS connections. Disabled when value is -1 (default).

# HTTPS - the alias used to for the server certificate in the keystore.
# If not specified the first key read in the keystore is used.

# HTTPS - the password used to access the server certificate from the
# specified keystore file. The default value is "changeit".

# HTTPS - the pathname of the keystore file where is stored the server certificate.
# By default, the pathname is the file ".keystore" in the user home.
# If keystoreType doesn't need a file use empty value.

# HTTPS - the password used to access the specified keystore file. The default
# value is the value of sonar.web.https.keyPass.

# HTTPS - the type of keystore file to be used for the server certificate.
# The default value is JKS (Java KeyStore).


Configuring the SonarQube Web Server