how to enable SSL for both jenkins and sonarqube running on the same server

August 7, 2017 1.2k views
Apache Ubuntu
Amrutha
By:
Amrutha

Hi,

I have installed jenkins and sonarqube in the same server. Jenkins is running on port 8080 and sonarqube is running on port 9000.

I want to enable SSL for both jenkins and sonarqube using the same DNS name.

I have the apache config as below

<VirtualHost *:80>
  ServerName example.com
  ServerAlias www.example.com
  ProxyRequests Off
  ProxyVia On
  Redirect permanent / https://example.com/
</Virtualhost>

<VirtualHost *:443>
  ServerName example.com
  ServerAlias www.example.com

  SSLEngine On
  SSLProxyEngine On
  SSLCertificateFile    /etc/apache2/ssl/crt/example.com.cer
  SSLCertificateKeyFile /etc/apache2/ssl/key/example.com.key

  ProxyRequests     Off
  ProxyPass         /  http://localhost:8080/
  ProxyPassReverse  /  http://localhost:8080/

  ProxyPass        /sonar http://localhost:9000/sonar
  ProxyPassReverse /sonar http://localhost:9000/sonar

RequestHeader set X_FORWARDED_PROTO "https"
  RequestHeader set X-Forwarded-Port "443"
  SetEnv force-proxy-request-1.0 1
  SetEnv proxy-nokeepalive 1

  <Proxy *>
   Order allow,deny
    Allow from all
  </Proxy>
  ProxyPreserveHost on
</VirtualHost>

When i browse https://example.com, jenkins log i page opens wit the following URL https://jenkins-thunderbolt.comcast.com/login?from=%2F which is as expected.

But when i browse https://example.com/sonar , i get the URl as https://jenkins-thunderbolt.comcast.com/login?from=%2Fsonar, which gets the jenkins login page, but the expected should that when i browse https://example.com/sonar i should get the sonarqube login page

Could you please let me know what configs that iam missing out?

1 Answer

Try switching the order of the ProxyPass directives like so:

  ProxyRequests     Off
  ProxyPass        /sonar http://localhost:9000/sonar
  ProxyPassReverse /sonar http://localhost:9000/sonar

  ProxyPass         /  http://localhost:8080/
  ProxyPassReverse  /  http://localhost:8080/

Per https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass it appears that Apache checks them in the order that they are specified in. / matches everything so that might be why sonar requests are also getting proxied to Jenkins.

Have another answer? Share your knowledge.