Black Duck Hub - adding nginx reverse proxy

August 2017

The Black Duck Hub helps security and development teams identify and mitigate open source related risks across corporate apps. It can be used as a part of build job (integrated with Bamboo Server), scan code to identify any open source in use, identify licenses and such.

If your team decided to deploy Black Duck Hub instance, it might be reasonable to add reverse nginx proxy in front of it (audit log, additional access control and such).

Your first step would be search for vendor’s documentation… but there is no public documentation available.

Second step might be ‘google fu’, but query ‘black duck hub nginx revproxy config’ returns no reasonable results.

How about asking technical support for help? Yeah, but how long you can wait for them to reply?

Long story short, should you have any problems with getting example of nginx revproxy from Black Duck support, take a look at example below. HTTPS ready.

server {
	listen 80;

	server_name blackduck.test.internal.corp;
	rewrite ^ https://$server_name$request_uri? permanent;

}


server {
	listen 443;
	server_name blackduck.test.internal.corp;
	
	ssl on;
	ssl_certificate ssl/cert.pem;
	ssl_certificate_key ssl/cert.key;

	ssl_session_timeout 5m;

	ssl_protocols SSLv2 SSLv3 TLSv1;
	ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2L+EXP;
	ssl_prefer_server_ciphers on;

	location / {
		proxy_set_header Host $host:$server_port;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Ssl on;
		proxy_set_header X-Forwarded-Proto https;

		proxy_pass http://ip-of-application-server:8080;
	}
}

It has been tested with nginx 1.10.1 and Black Duck Hub 3.4.0_alpha.

Hope we saved your day.