Browse Source
[DOCS] SONAR-15626 added documentation about the network topology and recommendations
tags/9.2.0.49834
Tobias Trabelsi
2 years ago
2 changed files with 37 additions and 0 deletions
+ 20
- 0
server/sonar-docs/src/pages/setup/operate-cluster.md
View File
| @@ -177,6 +177,26 @@ Property | Description | Default | Required | |||
| When you're using the SonarSource Docker images, the truststore/keystore should be provided as volumes. | |||
| On Kubernetes, you need to create a new Secret from the truststore/keystore and provide the name to the Helm chart. | |||
| ## Secure your Network | |||
| To further lock down the communication in between the nodes in your SonarQube Cluster, you can define the following network rules: | |||
| Protocol | Source | Destination | Port | default | |||
| ---|---|---|---|--- | |||
| TCP | Reverse Proxy | App Node | `sonar.web.port` | 9000 | |||
| TCP | App Node | Search Node | `sonar.cluster.node.search` | 9001 | |||
| TCP | Search Node | Search Node | `sonar.cluster.node.es.port` | 9002 | |||
| TCP | App Node | App Node | `sonar.cluster.node.port` | 9003 | |||
| you can further segrement your network configuration if you specify a frontend, a backend and a search network. | |||
| Network | Parameter | Description | |||
| ---|---|--- | |||
| Frontend | `sonar.web.host` | Frontend HTTP Network | |||
| Backend | `sonar.cluster.node.host` | Backend App to App Network | |||
| Backend | `sonar.cluster.search.hosts` | Backend App to Search Network | |||
| Search | `sonar.cluster.node.search.host` | Backend Search to Search Network | |||
| ## Limitations | |||
| * Cluster downtime is required for SonarQube upgrades or plugin installations. | |||
| * All application nodes must be stopped when installing, uninstalling, or upgrading a plugin. | |||
+ 17
- 0
server/sonar-docs/src/pages/setup/operate-server.md
View File
| @@ -198,3 +198,20 @@ server { | |||
| } | |||
| } | |||
| ``` | |||
| ## Secure your Network | |||
| To further lock down the communication in between the reverse proxy and SonarQube, you can define the following network rules: | |||
| Protocol | Source | Destination | Port | default | |||
| ---|---|---|---|--- | |||
| TCP | Reverse Proxy | SonarQube | `sonar.web.port` | 9000 | |||
| TCP | SonarQube | SonarQube | `sonar.search.port` | 9001 | |||
| TCP | SonarQube | SonarQube | `sonar.es.port` | random | |||
| you can further segrement your network configuration if you specify a frontend network and keep Elasticsearch restricted to the loopback NiC. | |||
| Network | Parameter | Description | default | |||
| ---|---|---|--- | |||
| Frontend | `sonar.web.host` | Frontend HTTP Network | 0.0.0.0 | |||
| Elasticsearch | `sonar.search.host` | Elasticsearch Network | 127.0.0.1 | |||
Loading…