Setup Sonarqube behind a reverse proxy on RedHat

I would like to have Sonarqube 5.2 (https://my.sonarqube.com) configured as a secured connection and behind a reverse proxy, but it doesn't work. I installed mod_proxy and mod_ssl.

In httpd.conf

<VirtualHost *:80>
     ServerName my.sonarqube.com
     Redirect permanent / https://my.sonarqube.com/
 </VirtualHost>

 <VirtualHost *:443>

     ServerName my.sonarqube.com

     SSLEngine on
     SSLCertificateFile /etc/ssl/sonarhosting.pem

     ProxyRequests Off
     ProxyPreserveHost On
     AllowEncodedSlashes NoDecode
     <Proxy *>
         Order deny,allow
         Allow from all
     </Proxy>
     ProxyPass / http://my.sonarqube.com:8080
     ProxyPassReverse / http://my.sonarqube.com:443
     RequestHeader set X_FORWARDED_PROTO 'https'
     RequestHeader set X-Forwarded-Port "443"

Is there anyone who can help me please?

Upvotes: 1

Answers (2)

Henri Gomez

Reputation: 106

And if you want to have on Sonarqube access.log original IPs (and not proxy IP), update sonar.properties like this

sonar.web.accessLogs.pattern=%i{X-Forwarded-For} %l %u [%t] "%r" %s %b "%i{Referer}" "%i{User-Agent}"

Upvotes: 1

Eric Hartmann

Reputation: 1701

Your httpd configuration is incorrect. Here is the snippet you should set to make the reverse proxy working correctly.

RequestHeader set X-FORWARDED-PROTO "https"
ProxyPass "/" "http://my.sonarqube.com:8082/"
ProxyPassReverse "/" "http://my.sonarqube.com:8082/"

If you want to prevent issue with BREACH and CRIME attack, remove the SSLCompression :

SSLCompression          off

You should also check which SSL protocol you want (you should allow only TLS) with SSLProtocol directive and the ciphers you want with SSLCipherSuite directive.

Upvotes: 4

Setup Sonarqube behind a reverse proxy on RedHat

Answers (2)

Related Questions