Squid Labs

Part 4 CI: SSL for SonarQube on Premise

Kev's photo
Kev
·

2 min read

Following the previous The goal of this is to setup SSL for SonarQube on premise

Your SonarQube installation is now running, you can now install the Nginx web server.

Run the following apt command to install the Nginx web server the Ubuntu system. Input Y when prompted to confirm the installation and press ENTER to proceed.

sudo apt install nginx

Once nginx is installed, verify the nginx service and make sure the service status is running via the systemctl command as below.

sudo systemctl is-enabled nginx
sudo systemctl status nginx

Generate the SSL

Using openssl generate keys to be used by nginx

sudo openssl req -newkey rsa:2048 -nodes -keyout server.key -x509 -days 3650 -out server.crt -subj "/CN=localhost" -addext "subjectAltName = DNS:localhost, DNS:192.168.1.112, DNS:sonarqube.squidlabs.local"

After you have the Nginx web server is running, you will create a new server block configuration that will be used as a reverse proxy for SonarQube.

Create a new server blocks configuration '/etc/nginx/sites-available/sonarqube.conf' using the following command.

sudo nano /etc/nginx/sites-available/sonarqube.conf

Add the following configuration to your file and be sure to change the domain name.

server {

    listen 443 ssl;
    listen [::]:443 ssl;
    server_name sonarqube.testlabs.local;
    access_log /var/log/nginx/sonar.access.log;
    error_log /var/log/nginx/sonar.error.log;
    proxy_buffers 16 64k;
    proxy_buffer_size 128k;
    ssl_certificate /usr/share/ca-certificates/server.crt;
    ssl_certificate_key /usr/share/ca-certificates/server.key;

    location / {
        proxy_pass http://127.0.0.1:9000;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto http;
    }
}

After that save and perform Nginx restart

sudo systemctl restart nginx

Once done you can access your machine using sonarqube.testlabs.local

If you want to setup so your other machines able to use the same url, you would require setting up a DNS machine

sonarqubesonarqube installationCI/CDOn Premise