One of the best advantages of running your own VPS is that you have complete freedom on what you can run on it. In my case I installed Jenkins and SonarQube because since the last free upgrade from Linode (SSDs and double RAM!) I can run them without problems. This post is about configuring these services to use SSL thanks to NGINX.
Introduction
We all know that using SSL is always the best way to go but sometimes setting everything up is just more complicated than it should be. I already have a working NGINX server that handles a couple of websites, it isn’t very hard to set it up. If you need help this guide has everything you need to create a simple SSL website with NGINX: How To Create a SSL Certificate on nginx for Ubuntu 12.04.
Configuring NGINX as a proxy
Once you know that the SSL works correctly on you site it’s time to install the services that you want to use, as an example I’ll use SonarQube. On Ubuntu it all boils down to:
deb http://downloads.sourceforge.net/project/sonar-pkg/deb binary/
sudo apt-get update
sudo apt-get install sonar
After that you should see that SonarQube is listening on port 9000 (remember to configure a real database once your tests are finished!). Now it’s time to setup NGINX as a proxy, you only need to create a file in /etc/nginx/sites-available/sonar with the following lines:
server {
listen 9001 default ssl;
server_name example.com;
ssl_certificate /etc/ssl/localcerts/my.crt;
ssl_certificate_key /etc/ssl/localcerts/my.key.nopass;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
error_page 497 https://$host:$server_port$request_uri;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http:// https://;
add_header Pragma "no-cache";
proxy_pass http://127.0.0.1:9000;
}
}
If you take a look at the configuration you’ll see that even if you use HTTP you’ll be redirected to HTTPS, it’s very handy but it took me some time to figure out how to write it. To finish enable the new site and reload NGINX:
sudo ln -s /etc/nginx/sites-available/sonar /etc/nginx/sites-enabled/sonar
sudo service nginx reload
Update your firewall configuration and browse https://www.example.com:9001/ to see the SonarQube homepage.