How to configure sonarqube to run on https without any reverse proxy

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) 7.6
  • what are you trying to achieve - run sonarqube on https without any proxy server

Hi,

Sorry, but that’s simply not possible.

 
Ann

To complement Ann’s answer, you really wouldn’t want it to be possible!

Installing and keeping an up-to-date configuration for HTTPS can be complicated (which ciphers to use, which key size, etc.). Traditionally this is done by system administrators and/or a security team that is aware of the way of doing it properly and keeping the configuration up to date.

So there are three big wins by using the reverse proxy method rather than native support (and these are why we dropped native support in 5.x):

  • System Administrators know better the configuration of Apache httpd or Nginx and the way to have them secured in their environment
  • If there is a security breach on a well-known reverse proxy, a patch is usually readily available and doesn’t require a SonarQube update (when there was native support, the only way to receive an update if there was a vulnerability was to wait for a SonarQube release)
  • The SonarQube configuration is simpler
2 Likes

Hi @ganncamp / @ColinHMueller

Thanks for your inputs.
Concern is we are setting up sonarqube for a banking project and the client need end to end encryption.

Even if there is any alternative way please share the method to setup.

Thanks & Regards,
Prudhvi

There is not an alternative.

Best regards,

Colin