Recently I installed SonarQube 6.1 version and I used Apache to enable HTTPs, now i am able to connect to SonarQube using both the URL's below.
Any idea how to disable the HTTP and make only HTTPs work ?
HTTPs URL = https://<SonarServer>/sessions/new
HTTP URL = http://<SonarServer>:9000/
According to your URL, the web front server and Apache are installing on the same host. So you just need to configure SonarQube to listen on localhost (in sonar.properties sonar.web.host=127.0.0.1) and configure Apache to do the reverse proxy for 127.0.0.1.
Well there are two approaches which you can try:
Approach, make sonar https (http://docs.sonarqube.org/display/SONARQUBE52/Running+SonarQube+Over+HTTPS)
based on the link above you could easily set sonar to https, instead of http - just be sure to provide a certificate etc.
you could as https://stackoverflow.com/users/2435199/eric-hartmann described, just simply bind it only to localhost
block 9000 from outside ips via firewall!
Imho i would stick with 1 or 2 depending on the time you would like to spend on that issue!
Related
I have a problem with configuration with was elb to IIS 7.5.
The SSL protocol is shared on elb and we can't take the SSL for configuring into IIS , when I configure the port https of elb that point to HTTP port of IIS.
The problem is that when i logIn the j_spring_security_check.action redirect all in HTTP.
There is a method for force response of j_spring_security_check.action in HTTPS?
I tried with Url Rewrite module but not working for me .
It seems that there might be something wrong with settings on the application level.
I am not familiar with Spring Security framework. See this link.
Offloading https to load balancers with Spring Security
Besides, please refer to the official guideline for configuring SSL offloading to build connection between the web server and the ELB.
https://docs.aws.amazon.com/cloudhsm/latest/userguide/ssl-offload-windows.html
Here is a discussion about how to set up SSL offloading with the ARR load balance.
https://forums.iis.net/t/1182259.aspx
Our Organization is using SonarQube application which is hosted in azure server which we are using internally and is not accessible via internet. For adding security we implement https for the application with the help of ssl certificate which is given by our internal certification authority.
But after i implement https we are getting "Your Connection to this Site is not Secure".
Is their is any way to make the connection secure? As we are using the application internally.
As per the SonarQube documentation, for adding security/Https their recommendation is to use a reverse proxy and not adding the SSL to the SonarQube website directly. Here is the official documentation and the link:
To run the SonarQube server over HTTPS, you must build a standard reverse proxy infrastructure.
The reverse proxy must be configured to set the value "X_FORWARDED_PROTO: https" in each HTTP request header. Without this property, redirection initiated by the SonarQube server will fall back on HTTP.
Using an Apache Proxy
We assume that you've already installed Apache 2 with module mod_proxy, that SonarQube is running and available on http://private_sonar_host:sonar_port/ and that you want to configure a Virtual Host for www.public_sonar.com.
At this point, edit the HTTPd configuration file for the www.public_sonar.com virtual host. Include the following to expose SonarQube via mod_proxy at http://www.public_sonar.com/:
ProxyRequests Off
ProxyPreserveHost On
<VirtualHost *:80>
ServerName www.public_sonar.com
ServerAdmin admin#somecompany.com
ProxyPass / http://private_sonar_host:sonar_port/
ProxyPassReverse / http://www.public_sonar.com/
ErrorLog logs/somecompany/sonar/error.log
CustomLog logs/somecompany/sonar/access.log common
</VirtualHost>
Using Nginx
We assume that you've already installed Nginx, that you are using a Virtual Host for www.somecompany.com and that SonarQube is running and available on http://sonarhost:sonarport/.
At this point, edit the Nginx configuration file. Include the following to expose SonarQube at http://www.somecompany.com/:
# the server directive is nginx's virtual host directive
server {
# port to listen on. Can also be set to an IP:PORT
listen 80;
# sets the domain[s] that this vhost server requests for
server_name www.somecompany.com;
location / {
proxy_pass http://sonarhost:sonarport;
}
}
Using IIS
SonarQube recommends the use of a Reverse Proxy to secure you sonar installation. With the help of IIS and the Url Rewrite module, that's a piece of cake to setup.
What you'll need:
IIS enabled on a machine (doesn't have to be the SonarQube machine, but I'm going to assume you're doing this on the same system)
The Url Rewite extension for IIS (https://www.iis.net/downloads/microsoft/url-rewrite)
The Application Based Routing extension for IIS (https://www.iis.net/downloads/microsoft/application-request-routing)
An SSL certificate (can be self signed or a real one)
First step is to create a IIS website which will act as the reverse proxy.
Unless you're required to do Kerberos authentication, you don't need to configure any form of authentication on your Reverse Proxy. It should forward the challenge from SonarQube if you've configured Active Directory integration there.
If you are using Kerberos or IIS Advanced protection, please look here for guidance on configuring that correctly. (https://blogs.technet.microsoft.com/latam/2015/06/24/kerberos-authentication-and-application-request-routing/)
Configure the binding to use SSL and setup the correct hostnames and the certificate. I'm cheating a little by using the IIS Express Development Certificate installed on my machine:
Next we'll open the URL Rewrite settings to configure reverse proxy:
Click Add Rule to create a new rule:
And pick "Reverse Proxy" from the list of templates:
Enter the destination server URL (can be http://localhost:9000, or even a remote server) and click OK to create the rule:
You're back in the URL Rewrite screen where we'll need to add an extra server variable which we'll send along with the request to the other server in order to tell SonarQube it's actually behind a Reverse Proxy that's doing the SSL offloading for it:
Click "Add..." to create the server variable:
Add the server variable "X_FORWARDED_PROTO" to allow the Rewrite Module to manipulate this header:
You should now have the variable listed in the Variable list. Click "Go back to Rules" to move back to the rules list:
Edit the URL Rewrite rule you've just created:
Expand the Server variables section of the rule definition:
Add the "X_FORWARDED_PROTO" header you've allowed in the previous step and give it the value "https":
Apply the changes:
And now you should be able to access SonarQube over SSL. You may want to configure the original SonarQube instance to only accept traffic from your reverse proxy or only accept traffic from localhost through the Windows Firewall.
Copied from:
USING IIS
Server setup documentation
Can anyone help me setup web polygraph for testing an HTTPS servers via proxy servers in middle
linux machine:192.168.21.7
proxy server :192.168.21.9
https server : 192.168.21.11
This link contains the needed information:
http://www.web-polygraph.org/docs/userman/simple.html
Basically polygraph has couple files which are bundled with it and use for testing.
The manual I gave you give example that uses polysrv but on different distributions you will probably have different names for the tool(on ubuntu it's polygraph-server and polygraph-client)
You need to set the listening service ip+port outgoing "robot" ip and then start it using command line.
For https setup we will configure our pg file on server and client with SslWrap module.
Details of same can be found in http://www.web-polygraph.org/docs/reference/models/ssl.html
I followed the example in the following SO question to successfully set up an Apache forwarding proxy: Setting up an Apache Proxy with Authentication
It works well, except that when accessing sites via https, it says it cannot find the site. For example, Chrome gives
Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error.
And on the server, I do not even see something in the access logs. For my proxy settings, I have configured the same for http and https (i.e. port 80 on my proxy server).
Do you perhaps have an example of how to set up a forward proxy with Apache for https?
It seems the only thing I was missing is that I had not enabled mod_proxy_connect which was achieved with
sudo a2enmod proxy_connect
To quote the mod_proxy_connect documentation page:
This module requires the service of mod_proxy. It provides support for
the CONNECT HTTP method. This method is mainly used to tunnel SSL
requests through proxy servers.
Are you attempting to terminate the SSL or just trying to create a forward proxy without handling any SSL certs? The issue that you are having is because during HTTPS proxying, the browser attempts to create an HTTP tunnel and it seems that your server is not correctly configured to handle tunneling. You can see another example here: Implementing a Simple HTTPS Proxy Application.
Here is another helpful thread on proxying HTTPS traffic with HTTP tunneling: Tunnel over HTTPS.
If you can choose something else other than Apache, I would suggest you use a robust forward proxy such as Squid or TrafficServer that are built to handle this type of setup.
I have a web server that responds to a number of different sites on port 80. Currently, IIS does the mapping to various sites via host headers, but I'd like to be able to serve other web apps on port 80 hosted in Jetty or Tomcat. IIS prevents that by grabbing all port 80 traffic.
I basically need a reverse proxy to just change the port number to something that another app stack can listen in on. I was looking into nginx but it seems to not be quite ready for prime time on Windows. Eventually I may set up a Linux box specifically for this, but for now I'm interested in a solution which will run all on the same box.
All I really need is something very light which mostly just matches hostname/port and allows rewriting of the port. Does anyone have any suggestions?
If you are running in IIS 7 or above you can use Application Request Routing for that: http://www.iis.net/download/ApplicationRequestRouting
For IIS 5-6, it looks like Apache Tomcat Connector (JK 1.2) is a clean solution. This is an IIS ISAPI filter which allows IIS to act as a reverse proxy for other web servers. It uses Apache JServ Protocol (AJP) to communicate with the app server actually serving requests. Both Tomcat and Jetty implement AJP. URLs are mapped with regex-like config to a particular AJP server instance.
Overview: http://www.iisadmin.co.uk/?p=40&page=3
IIS Config: http://tomcat.apache.org/connectors-doc/reference/iis.html
Mapping Config: http://tomcat.apache.org/connectors-doc/reference/workers.html
This ISAPI plug-in also works with IIS 7.x, but in that case the Application Request Routing (see marked answer) should be considered as it might work better with non-AJP servers.