On-prem Installation
      Back to home
      1. CodeScene Support Hub
      2. FAQs
      3. On-prem Installation

      Configuring a Proxy Server for CodeScene

      When running CodeScene in environments that require internet access through a proxy, proper proxy configuration is essential to ensure license checks and updates work smoothly. In this guide, we’ll walk you through how to configure a proxy server, including authentication options and best practices for secure connectivity.

      Why You Need a Proxy Configuration

      CodeScene regularly contacts its license server to:

      • Validate your license

      • Fetch updates or changes to license limitations

      If the application cannot connect to the internet (e.g., due to missing proxy settings), it will eventually become unusable once your current subscription period ends. CodeScene includes a 3-day grace period after license expiration, but after that, a connection is required unless you operate in offline mode.

      Where to Configure It

      You can set up the proxy configuration by navigating to:

      Configuration → License → Proxy Server

      In this section, you’ll be able to provide:

      • Host

      • Port

      • Username

      • Password

      Proxy Without Authentication

      If your proxy server doesn’t require authentication, CodeScene may automatically detect the proxy settings based on your system configuration. Even in that case, it's a good idea to verify or override the configuration manually under the Proxy Server section in the License settings.

      Proxy With Basic Authentication

      If your proxy server uses Basic authentication, you must enter:

      • Username

      • Password

      These fields are available in the Proxy Server configuration section. Once successfully authenticated by an admin user during login, CodeScene will store these values globally for future use.

      Proxy With Kerberos Authentication

      CodeScene also supports Kerberos-authenticated proxy servers.

      Option 1: Use TGT Ticket from System Cache

      If your system has a valid Ticket Granting Ticket (TGT) in its credentials cache, CodeScene should be able to authenticate without prompting for credentials.

      To manually obtain a TGT, use:

      kinit <principal_name>

      Note: TGTs typically expire within 24 hours. If you can’t refresh them automatically, use one of the options below.

      Option 2: Specify Username and Password

      You can provide your Kerberos principal and password in the Proxy Server configuration panel.

      Option 3: Use a Keytab File

      If you prefer not to store credentials directly in CodeScene, create a keytab file and configure login.conf in CodeScene’s root directory like this:

      com.sun.security.jgss.initiate {
        com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=true doNotPrompt=false refreshKrb5Config=true
        principal=codescene useKeyTab=true keyTab=codescene.keytab;
      };
      com.sun.security.jgss.accept {
        com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=true doNotPrompt=false refreshKrb5Config=true
        principal=codescene useKeyTab=true keyTab=codescene.keytab;
      };

      For more details on Java GSS-API and Kerberos integration, refer to the official Java documentation.

      Setting Up a Reverse Proxy for HTTPS

      CodeScene does not natively support HTTPS. Instead, we recommend placing a reverse proxy, such as Nginx, in front of your CodeScene instance to handle HTTPS encryption.

      Sample Nginx Configuration

      http {

        server {
          listen 80;
          server_name codescene.example.com;
          location / {
            return 301 https://$host$request_uri;
          }
        }

        server {
          listen 443 ssl;
          server_name codescene.example.com;

          ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
          ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

          location /  {
            proxy_pass http://localhost:3003;
            proxy_redirect http:// $scheme://;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
          }
        }

      This setup redirects HTTP to HTTPS and ensures correct header forwarding to CodeScene. The proxy_redirect rule ensures that all upstream HTTP redirects are rewritten to HTTPS, preventing unnecessary round trips in the browser.

      Docker-Based Setup (Optional)

      If you’re running CodeScene in Docker, there’s also a Docker-based sample project that bundles CodeScene with an Nginx reverse proxy using a self-signed certificate. This setup can be used as a quick-start template for secure deployments.

      Summary

      To ensure uninterrupted access to CodeScene:

      • Configure a proxy server if you’re behind one

      • Make sure authentication credentials (if required) are set correctly

      • Use a reverse proxy for HTTPS support

      A correct setup ensures CodeScene can validate and update your license reliably, keeping your analysis engine running smoothly.