As of SonarQube v4.0, the server natively supports HTTPS access. The official configuration instructions, however, are not really clear for people who 1) aren't familiar with Java and 2) are running on a Windows server. So in this post, I'm documenting the steps I followed to get SonarQube server up and running with an SSL cert purchased from a signing authority.
Step 1: Create a PKCS#12 Cert File
If you already have a version of your cert that ends with .p12 or .pfx, you can skip this step. Otherwise, you likely have a .cert, .cer or .crt file. You'll need to convert it to PKCS#12 format using the instructions I've provided in a separate post: Converting a SSL Certificate to PKCS#12 Format on Windows
Step 2: Configure SonarQube
Copy the .pfx file you created in Step 1 to the /conf folder of your SonarQube install location. Then open the sonar.properties file in that same folder.
In the "Web" section of the sonar.properties file, you'll need to change the properties as follows:
sonar.web.https.port=443- This will enable HTTPS access on the port you provide (443 is the standard HTTPS port). If you want to force HTTPS access only, you should also set
sonar.web.port=-1to turn off HTTP access.
- This will enable HTTPS access on the port you provide (443 is the standard HTTPS port). If you want to force HTTPS access only, you should also set
sonar.web.https.keyPass=changeit(wherechangeitis the password you provided during the Export Wizard in Step 1)sonar.web.https.keystoreFile=C:/Path/To/Your/SonarQube/conf/exportedCert.pfx- Enter the correct path to the .pfx file (hit,
Shift-Right-Clickthe file and choose "Copy as path". Make sure to use forward slashes in your path here, not the standard Windows back-slashes.
- Enter the correct path to the .pfx file (hit,
sonar.web.https.keystoreType=PKCS12
Now, restart your SonarQube server.
If there were issues loading your cert, such as a bad password, you may see entries like this in the /log/sonar log file:
Step 3: Change your default URL
Go to the Settings page for your SonarQube server and in the General section, change the URL to use https://hostname.in.your.cert.file/. This will ensure links generated by the system (such as in emails) point to the https link. Make sure the hostname you use matches your cert!
Enjoy!