When running CodeScene in environments that require internet access through a proxy, proper proxy configuration is essential to ensure license checks and updates work smoothly. In this guide, we’ll walk you through how to configure a proxy server, including authentication options and best practices for secure connectivity.
Why You Need a Proxy Configuration
CodeScene regularly contacts its license server to:
-
Validate your license
-
Fetch updates or changes to license limitations
If the application cannot connect to the internet (e.g., due to missing proxy settings), it will eventually become unusable once your current subscription period ends. CodeScene includes a 3-day grace period after license expiration, but after that, a connection is required unless you operate in offline mode.
Where to Configure It
You can set up the proxy configuration by navigating to:
Configuration → License → Proxy Server
In this section, you’ll be able to provide:
-
Host
-
Port
-
Username
-
Password
Proxy Without Authentication
If your proxy server doesn’t require authentication, CodeScene may automatically detect the proxy settings based on your system configuration. Even in that case, it's a good idea to verify or override the configuration manually under the Proxy Server section in the License settings.
Proxy With Basic Authentication
If your proxy server uses Basic authentication, you must enter:
-
Username
-
Password
These fields are available in the Proxy Server configuration section. Once successfully authenticated by an admin user during login, CodeScene will store these values globally for future use.
Proxy With Kerberos Authentication
CodeScene also supports Kerberos-authenticated proxy servers.
Option 1: Use TGT Ticket from System Cache
If your system has a valid Ticket Granting Ticket (TGT) in its credentials cache, CodeScene should be able to authenticate without prompting for credentials.
To manually obtain a TGT, use:
kinit <principal_name>
Note: TGTs typically expire within 24 hours. If you can’t refresh them automatically, use one of the options below.
Option 2: Specify Username and Password
You can provide your Kerberos principal and password in the Proxy Server configuration panel.
Option 3: Use a Keytab File
If you prefer not to store credentials directly in CodeScene, create a keytab file and configure login.conf
in CodeScene’s root directory like this:
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=true doNotPrompt=false refreshKrb5Config=true
principal=codescene useKeyTab=true keyTab=codescene.keytab;
};
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=true doNotPrompt=false refreshKrb5Config=true
principal=codescene useKeyTab=true keyTab=codescene.keytab;
};
For more details on Java GSS-API and Kerberos integration, refer to the official Java documentation.
Setting Up a Reverse Proxy for HTTPS
CodeScene does not natively support HTTPS. Instead, we recommend placing a reverse proxy, such as Nginx, in front of your CodeScene instance to handle HTTPS encryption.
Sample Nginx Configuration
http {
server {
listen 80;
server_name codescene.example.com;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name codescene.example.com;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
location / {
proxy_pass http://localhost:3003;
proxy_redirect http:// $scheme://;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
This setup redirects HTTP to HTTPS and ensures correct header forwarding to CodeScene. The proxy_redirect
rule ensures that all upstream HTTP redirects are rewritten to HTTPS, preventing unnecessary round trips in the browser.
Docker-Based Setup (Optional)
If you’re running CodeScene in Docker, there’s also a Docker-based sample project that bundles CodeScene with an Nginx reverse proxy using a self-signed certificate. This setup can be used as a quick-start template for secure deployments.
Summary
To ensure uninterrupted access to CodeScene:
-
Configure a proxy server if you’re behind one
-
Make sure authentication credentials (if required) are set correctly
-
Use a reverse proxy for HTTPS support
A correct setup ensures CodeScene can validate and update your license reliably, keeping your analysis engine running smoothly.