Blog

Configure SSL for SonarQube on Windows

12 Apr, 2016
The documentation for SonarQube explains how to configure SSL when you’re running on Linux and how to use the native Tomcat functionality for a simple test environment, yet they recommend not to use this functionality in any production like setting.

Instead SonarQube recommends the use of a Reverse Proxy to secure you sonar installation. With the help of IIS and the Url Rewrite module, that’s a piece of cake to setup.

What you’ll need:

After installing and enabling these features, I had to do an IIS Reset and re-open the IIS Manager for all features to start working.
Next we’ll go through the steps to configure the reverse proxy.
First step is to create a IIS website which will act as the reverse proxy.
Unless you’re required to do Kerberos authentication, you don’t need to configure any form of authentication on your Reverse Proxy. It should forward the challenge from SonarQube if you’ve configured Active Directory integration there. 
Configure the binding to use SSL and setup the correct hostnames and the certificate. I’m cheating a little by using the IIS Express Development Certificate installed on my machine:
Next we’ll open the URL Rewrite settings to configure reverse proxy:
Click Add Rule to create a new rule
And pick “Reverse Proxy” from the list of templates:
Enter the destination server URL (can be https://xebia.com/blog:9000, or even a remote server) and click OK to create the rule:

You’re back in the URL Rewrite screen where we’ll need to add an extra server variable which we’ll send along with the request to the other server in order to tell SonarQube it’s actually behind a Reverse Proxy that’s doing the SSL offloading for it:
Click “Add…” to create the server variable:
Add the server variable “X_FORWARDED_PROTO” to allow the Rewrite Module to manipulate this header:
You should now have the variable listed in the Variable list. Click “Go back to Rules” to move back to the rules list:
Edit the URL Rewrite rule you’ve just created:
Expand the Server variables section of the rule definition:
Add the “X_FORWARDED_PROTO” header you’ve allowed in the previous step and give it the value “https“:
Apply the changes:
And now you should be able to access SonarQube over SSL. You may want to configure the original SonarQube instance to only accept traffic from your reverse proxy or only accept traffic from localhost through the Windows Firewall.
Jesse is a passionate trainer and coach, helping teams improve their productivity and quality all the while trying to keep work fun. He is a Professional Scrum Trainer (PST) through Scrum.org for the Professional Scrum Foundations (PSF), Professional Scrum Master (PSM) and Developer (PSD .NET) programs. With a strong background in the .NET platform and C#, Jesse is able to translate the needs of development teams when it comes to tools to manage work, build the code and keep quality up. He has contributed to a number of open source products that extend – as well as supported commercial tools like NDepend in their integration into – Team Foundation Server. Jesse regularly blogs and contributes to numerous communities on StackExchange and MSDN networks, he has received the Microsoft Community Contributor Award three years in a row and has been recently been awarded the Microsoft Most Valuable Professional award. He’s spoken at conferences and user groups, including the Microsoft TechDays and the Scrum Day Europe. Trainer certifications: Professional Scrum Foundations Professional Scrum Master Professional Scrum Developer (.NET) Scaled Professional Scrum (SPS) Scaled Agile Program Consultant In past years Jesse has delivered ALM, Test Automation and Scrum training all over the world, most recently in Sydney, Milan and Bangalore. He has redelivered materials from industry leading partners as well as developed his own. In addition to the previously mentioned subjects Jesse has taught courses on Visual Studio, Object Oriented Analysis and Design, Design Patterns for C# developers, Unified Modelling languages and Regular Expressions. Jesse is married with Charlotte, recently became father of his first daughter and lives in a house that’s more than a century old in the beautiful city of Utrecht. He loves espresso and dark chocolate, travels a lot and takes photos everywhere he goes.

Explore related posts