Configuring a Proxy Server for CodeScene

When running CodeScene in environments that require internet access through a proxy, proper proxy configuration is essential to ensure license checks and updates work smoothly. In this guide, we’ll walk you through how to configure a proxy server, including authentication options and best practices for secure connectivity.


Why You Need a Proxy Configuration

CodeScene regularly contacts its license server to:

  • Validate your license

  • Fetch updates or changes to license limitations

If the application cannot connect to the internet (e.g., due to missing proxy settings), it will eventually become unusable once your current subscription period ends. CodeScene includes a 3-day grace period after license expiration, but after that, a connection is required unless you operate in offline mode.


Where to Configure It

You can set up the proxy configuration by navigating to:

Configuration → License → Proxy Server

In this section, you’ll be able to provide:

  • Host

  • Port

  • Username

  • Password


Proxy Without Authentication

If your proxy server doesn’t require authentication, CodeScene may automatically detect the proxy settings based on your system configuration. Even in that case, it's a good idea to verify or override the configuration manually under the Proxy Server section in the License settings.


Proxy With Basic Authentication

If your proxy server uses Basic authentication, you must enter:

  • Username

  • Password

These fields are available in the Proxy Server configuration section. Once successfully authenticated by an admin user during login, CodeScene will store these values globally for future use.


Proxy With Kerberos Authentication

CodeScene also supports Kerberos-authenticated proxy servers.

Option 1: Use TGT Ticket from System Cache

If your system has a valid Ticket Granting Ticket (TGT) in its credentials cache, CodeScene should be able to authenticate without prompting for credentials.

To manually obtain a TGT, use:

kinit <principal_name>

Note: TGTs typically expire within 24 hours. If you can’t refresh them automatically, use one of the options below.

Option 2: Specify Username and Password

You can provide your Kerberos principal and password in the Proxy Server configuration panel.

Option 3: Use a Keytab File

If you prefer not to store credentials directly in CodeScene, create a keytab file and configure login.conf in CodeScene’s root directory like this:

com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=true doNotPrompt=false refreshKrb5Config=true
principal=codescene useKeyTab=true keyTab=codescene.keytab;
};
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=true doNotPrompt=false refreshKrb5Config=true
principal=codescene useKeyTab=true keyTab=codescene.keytab;
};

For more details on Java GSS-API and Kerberos integration, refer to the official Java documentation.


Setting Up a Reverse Proxy for HTTPS

CodeScene does not natively support HTTPS. Instead, we recommend placing a reverse proxy, such as Nginx, in front of your CodeScene instance to handle HTTPS encryption.

Sample Nginx Configuration

http {

server {
listen 80;
server_name codescene.example.com;
location / {
return 301 https://$host$request_uri;
}
}

server {
listen 443 ssl;
server_name codescene.example.com;

ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

location / {
proxy_pass http://localhost:3003;
proxy_redirect http:// $scheme://;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

This setup redirects HTTP to HTTPS and ensures correct header forwarding to CodeScene. The proxy_redirect rule ensures that all upstream HTTP redirects are rewritten to HTTPS, preventing unnecessary round trips in the browser.


Docker-Based Setup (Optional)

If you’re running CodeScene in Docker, there’s also a Docker-based sample project that bundles CodeScene with an Nginx reverse proxy using a self-signed certificate. This setup can be used as a quick-start template for secure deployments.


Summary

To ensure uninterrupted access to CodeScene:

  • Configure a proxy server if you’re behind one

  • Make sure authentication credentials (if required) are set correctly

  • Use a reverse proxy for HTTPS support

A correct setup ensures CodeScene can validate and update your license reliably, keeping your analysis engine running smoothly.