[英]SonarQube: How to connect to SSL enabled Google Cloud Postgresql server
I have set up a SonarQube and configured SSL certificates to make the URL always HTTPS using CertBot . 我已经设置了SonarQube并配置了SSL证书,以使URL始终使用CertBot进行 HTTPS。 As of now, the PostgreSQL database has a public IP and below are the values changed in sonar.properties file:
到目前为止,PostgreSQL数据库具有公共IP,以下是sonar.properties文件中更改的值:
sonar.jdbc.username=weakusername
sonar.jdbc.password=strongpassword
sonar.web.host=127.0.0.1
sonar.jdbc.url=jdbc:postgresql://xx.xxx.xxx.xxx/sonarqube
sonar.search.javaOpts=-Xms512m -Xmx512m
# Change max limits
sysctl -w vm.max_map_count=262144
I am using Cloud SQL PostGres as the database. 我正在使用Cloud SQL PostGres作为数据库。 I would like to allow Only SSL Only Connections to the database and here the way how to do it, generate client certificate, etc.
我想允许“仅SSL仅连接”到数据库以及此处的操作方式,生成客户端证书等。
After setting "Allow only SSL Connections" to true I understand there is a way to connect to the database using the client certificate described here . 在将“仅允许SSL连接”设置为true之后,我知道有一种方法可以使用此处描述的客户端证书连接到数据库。
Below is the command to start the psql client: 以下是启动psql客户端的命令:
psql "sslmode=verify-ca sslrootcert=server-ca.pem \
sslcert=client-cert.pem sslkey=client-key.pem \
hostaddr=[INSTANCE_IP] \
user=postgres dbname=[DB_NAME]"
However, SonarQube is not able to connect to the Database (Not sure how to tell SonarQube to use the client certificates). 但是,SonarQube无法连接到数据库(不确定如何告诉SonarQube使用客户端证书)。 What changes are required in the configuration file to make SonarQube use appropriate client certificate and connect to the database using SSL?
为了使SonarQube使用适当的客户端证书并使用SSL连接到数据库,需要对配置文件进行哪些更改?
You should add the following to the URL: 您应将以下内容添加到URL:
jdbc:postgresql://xx.xxx.xxx.xxx/sonarqube?ssl=true&sslmode=verify-ca&sslrootcert=/path/to/server-ca.pem&sslkey=/path/to/client-key.pem&sslcert=/path/to/client-cert.pem
See the documentation for the available SSL connection parameters and SSL client configuration . 请参阅文档以获取可用的SSL连接参数和SSL客户端配置 。
Convert client key format from PEM to PK8: 将客户端密钥格式从PEM转换为PK8:
openssl pkcs8 -topk8 -inform PEM -outform DER -in client-key.pem -out client-key.pk8 -nocrypt
Be sure to update the value for the sslkey
query param in sonar.jdbc.url
with the new path/filename. 确保使用新路径/文件名更新
sonar.jdbc.url
sslkey
查询参数的值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.