linuxea:sonarqube https代理配置

sonarqube https代理配置
我要用gitlab auth插件,gitlab auth插件需要https,在这个过程中,官网的推荐使用代理服务器来实现,本节主要记录https代理配置实用
可以参考:

https://docs.sonarqube.org/display/SONAR/Securing+the+Server+Behind+a+Proxy#SecuringtheServerBehindaProxy-UsingNginx
https://docs.sonarqube.org/display/SONARQUBE52/Running+SonarQube+Over+HTTPS

nginx代理,先安装

[root@LinuxEA-VM-Node61 ~]# yum install nginx -y

ca自己签

openssl req  -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt -subj "/C=CN/L=London/O=Company Ltd/CN=sonar-linuxea"
openssl req -newkey rsa:4096 -nodes -sha256 -keyout linuxea-sonar.ds.com.key -out server.csr -subj "/C=CN/L=London/O=Company Ltd/CN=linuxea-sonar.ds.com"
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out linuxea-sonar.ds.com.crt

如下:
在nginx目录下创建一个ssl目录。后添加一个文件代理

[root@LinuxEA-VM-Node61 ~]# cd /etc/nginx/
[root@LinuxEA-VM-Node61 /etc/nginx]# mkdir ssl && cd ssl

开始创建

[root@LinuxEA-VM-Node61 /etc/nginx/ssl]# openssl req  -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt -subj "/C=CN/L=London/O=Company Ltd/CN=sonar-linuxea"
/O=Company Ltd/CN=linuxea-sonar.ds.com"
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out linuxea-sonar.ds.com.crt

Generating a 4096 bit RSA private key
..................++
......................++
writing new private key to 'ca.key'
-----
.ds.com"
[root@LinuxEA-VM-Node61 /etc/nginx/ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout linuxea-sonar.ds.com.key -out server.csr -subj "/C=CN/L=London/O=Company Ltd/CN=linuxea-sona 
Generating a 4096 bit RSA private key
...................................................................................................++
...........++
writing new private key to 'linuxea-sonar.ds.com.key'
-----
[root@LinuxEA-VM-Node61 /etc/nginx/ssl]# openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out linuxea-sonar.ds.com.crt
Signature ok
subject=/C=CN/L=London/O=Company Ltd/CN=linuxea-sonar.ds.com
Getting CA Private Key

创建后会生成几个文件

[root@LinuxEA-VM-Node61 /etc/nginx/ssl]# ll
总用量 24
-rw-r--r-- 1 root root 1939 7月   9 15:13 ca.crt
-rw-r--r-- 1 root root 3272 7月   9 15:13 ca.key
-rw-r--r-- 1 root root   17 7月   9 15:13 ca.srl
-rw-r--r-- 1 root root 1826 7月   9 15:13 linuxea.sonar.com.crt
-rw-r--r-- 1 root root 3272 7月   9 15:13 linuxea.sonar.com.key
-rw-r--r-- 1 root root 1667 7月   9 15:13 server.csr

配置文件
我们配置一个文件,它大致如下(域名是内部dns)

[root@LinuxEA-VM-Node61 /etc/nginx/ssl]# vim /etc/nginx/conf.d/sonar.conf 
server {
         listen       443 ssl;
         server_name  linuxea-sonar.ds.com; 
         ssl    on;
         ssl_certificate /etc/nginx/ssl/ca.crt;
         ssl_certificate_key /etc/nginx/ssl/ca.key;
         location / {
            proxy_pass        http://10.0.1.61:9000;
            root   html;
            index  index.html index.htm;
        }
    }

检查并启动

[root@LinuxEA-VM-Node61 /etc/nginx/ssl]# /usr/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful  
[root@LinuxEA-VM-Node61 /etc/nginx/ssl]# /usr/sbin/nginx 
[root@LinuxEA-VM-Node61 /etc/nginx/ssl]# ss -tlnp
State       Recv-Q Send-Q                                             Local Address:Port                                                            Peer Address:Port              
LISTEN      0      1024                                                   127.0.0.1:9001                                                                       *:*                  )
LISTEN      0      511                                                            *:80                                                                         *:*                  )
LISTEN      0      128                                                            *:22                                                                         *:*                  )
LISTEN      0      511                                                            *:443                                                                        *:*                  )
LISTEN      0      50                                                     127.0.0.1:46109                                                                      *:*                  )
LISTEN      0      1                                                      127.0.0.1:32000                                                                      *:*                  )
LISTEN      0      128                                                            *:10050                                                                      *:*                  )
LISTEN      0      25                                                             *:9000                                                                       *:*                  )
LISTEN      0      511                                                           :::80                                                                        :::*                  )
LISTEN      0      128                                                           :::22                                                                        :::*                  )
LISTEN      0      128 

我们打开浏览器访问,已经配置完成

0 分享

您可以选择一种方式赞助本站

支付宝扫码赞助

支付宝扫码赞助

日期: 2018-07-10分类: 持续集成

标签: 持续集成工具

发表评论