Establish HTTPS secure connection on the Bitnami AMI backed Sonarqube instance

sumukha.prasanna 2021-01-08 17:56:04 UTC #1

Keywords: SonarQube - AWS - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: 27c4aad1-4699-f297-2022-c3b84dab6b2b
Description:
Hello,

I have spun up an EC2 instance with sonarqube running on it from the bitnami AMI available in the AWS marketplace. EC2 is in a private subnet behind a load balancer which routes requests from the domain (sonarqube.'domain'.com). Even though the documents mentioned bitnami stacks are HTTPS backed and enabled, right now, when I hit the domain, the connection is not secure (HTTP).

I am following this document (https://docs.bitnami.com/general/how-to/understand-bncert/) to enable HTTPS but I am getting error "Warning: The domain 'sonarqube.domain.com' resolves to a different IP address
than the one detected for this machine, which is 'xx.xx.xx.xx'. Please fix
its DNS entries or remove it. For more info see:
https://docs.bitnami.com/general/faq/configuration/configure-custom-domain/"

I will not have a public IP for my host as it's in the private subnet. Can you recommend other ways to enable HTTPS for my sonar instance?

Regards,
SKP

gongomgra 2021-01-11 10:20:37 UTC #2

Hi @sumukha.prasanna,

Thanks for using Bitnami. Please find my replies inline.

Even though the documents mentioned bitnami stacks are HTTPS backed and enabled, right now, when I hit the domain, the connection is not secure (HTTP).

Our solutions include a self-signed certificate. If you visit the domain with HTTPS, it will use that certificate unless you configure a different one.

I will not have a public IP for my host as it's in the private subnet. Can you recommend other ways to enable HTTPS for my sonar instance?

Our tool uses lego (a Go client for Let's Encrypt), which we use with public domains/IP addresses. In your specific case, I think you should better ask in the official Let's Encrypt forums for help on how to generate a certificate for internal private networks (if possible)

sumukha.prasanna 2021-01-11 16:52:21 UTC #3

Hi @gongomgra,

I followed the instructions on bitnami without trying the HTTPS way to access my instance. I added certificates to the right PATH even it was pre-setup. I am able to access the instance from the secure of my domain. Would there be any issues in future because I over-rid the certificates?

Regards,
SKP.

gongomgra 2021-01-12 10:01:47 UTC #4

Hi @sumukha.prasanna,

Which certificates are you using now? Note the certificates have an expiration date and that you need to renew them before that date to avoid issues.

In order to use the new certificates, you will need to replace the files on your server and restart Apache for changes to take effect

sudo /opt/bitnami/ctlscript.sh restart apache

sumukha.prasanna 2021-01-12 15:48:11 UTC #5

I followed the instructions found here - https://docs.bitnami.com/aws/apps/sonarqube/administration/enable-https-ssl-apache/

I did restart the apache service and set the expiration date to 3650.

Is there anything else that was or might be required?

gongomgra 2021-01-13 10:10:55 UTC #6

Hi @sumukha.prasanna,

I think nothing else is needed, just to be sure you don't let the certificate expire.

sumukha.prasanna 2021-01-13 16:41:56 UTC #7

Sure, I believe 3650 is 10 years which is good enough for now.

You can go ahead and close the ticket.

Thanks,
Sumukha

gongomgra 2021-01-14 10:29:51 UTC #8

Hi @sumukha.prasanna,

Thanks for letting us know. Yes, ten years looks like a very long period of time. We will close this thread as requested.

Regards,
Gonzalo

gongomgra 2021-01-14 10:30:07 UTC #9

Bitnami provides free all-in-one installers, virtual machines and cloud images for popular open source applications. Get them now!