Create a config file for define the certificate to be generated:
use the below file: save the content as req.conf , i saved it at /home/test/Downloads/docker_files/cert/req.conf
[req] distinguished_name = req_distinguished_name x509_extensions = v3_req prompt = no [req_distinguished_name] C = US ST = VA L = SomeCity O = MyCompany OU = MyDivision CN = www.company.com [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = localhost:9999 DNS.2 = company.com DNS.3 = localhost
Create the certificate key and crt file:
create the crt and key file in the same folder, we will mapping this folder to the docker volume so that docker container can access these files.
The name of crt and key file should be in the format <virtualhost>.key <virtualhostkey>.crt
as we are running the test in localhost, our virtualhost is localhost
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /home/test/Downloads/docker_files/cert/localhost.key -out /home/test/Downloads/docker_files/cert/localhost.crt -config /home/test/Downloads/docker_files/cert/req.conf -extensions 'v3_req'
Start the nginx reverse proxy using docker:
We are using https://hub.docker.com/r/jwilder/nginx-proxy nginx proxy
here we are exposing the https port of the nginx docker on port 9999
sudo docker run -d -p 9999:443 -v /home/test/Downloads/docker_files/nginx_docker:/etc/nginx/vhost.d:ro -v /home/test/Downloads/docker_files/cert:/etc/nginx/certs -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
Nginx by default will allow only 1MB file size to be send to it , we need to edit this property as sonarqube scan results will be more than 1MB.
We have mapped the below to vhost.d of the nginx container , we can add the ngix configuration to a file called <virtualhost> . here virtual host is subdomain.domain.com but as we are running it in localhost, the value is localhost.
/home/test/Downloads/docker_files/nginx_docker
to add <virtualhost> use below command:
{ echo 'server_tokens off;'; echo 'client_max_body_size 100m;'; } > /home/test/Downloads/docker_files/nginx_docker/localhost
Start sonarqube docker:
Nginx-reverse proxy detects the container image to which the traffic tobe routed by using the environment variable
VIRTUAL_HOST=localhostSo just pass this variable to the docker which you want to route the traffic to . Here we want to route to sonarqube so we pass that variable to sonarqube docker.
sudo docker run -d --name sonarqube -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -e VIRTUAL_HOST=localhost -p 9000:9000 sonarqube:latest
Now you can navigate to sonarqube at
You can do the same with any docker eg: running juice-shop in https at : https://localhost:9999
sudo docker run --rm -d -e VIRTUAL_HOST=localhost -p 3000:3000 bkimminich/juice-shop
Sonnarqube Scanner:
Sonnar scanner have to scan the repository and send the analysis to the sonarqube server at https://localhost:9999
But as the server uses selfsigned certificate , sonarqube scanner will fail the certificate check and will not send the analysis to server
To fix this we have to add the server certificate to trusted certificate list in the sonarqube scanner trusted certifcate list.
To do this first download the certificate chain:
Goto firefox: click the lock sign and click more “Show connection details“
Click more information and then click view certificate:
now click pem(chain):
Save it to /home/test/Downloads/docker_files/cert/ as localhost.pem
Now add this certificate to sonnarqube scanner truststore:
-keystore is inside /sonar-scanner-4.5.0.2216-linux/jre/lib/security , with file name cacerts , changeit is the default password , you can use as it is
keytool -importcert -trustcacerts -alias selfsigned -file /home/test/Downloads/docker_files/cert/localhost.pem -keystore /home/test/Downloads/sonar-scanner-cli-4.5.0.2216-linux/sonar-scanner-4.5.0.2216-linux/jre/lib/security/cacerts -storepass changeit
Ignore below steps :
To do this , first create the keystore file . Keystore file can be created from a pkcs12 file
To create pkcs file from crt and key files,
sudo openssl pkcs12 -export -in /home/test/Downloads/docker_files/cert/localhost.crt -inkey /home/test/Downloads/docker_files/cert/localhost.key -out /home/test/Downloads/docker_files/cert/localhost.p12
Now create the keystore file jks from the pkcs12 (p12) file:
sudo keytool -importkeystore -srckeystore /home/test/Downloads/docker_files/cert/localhost.p12 -srcstoretype PKCS12 -destkeystore /home/test/Downloads/docker_files/cert/localhost.jks -deststoretype JKS
Learn with praveen 