Comment on page
SSO with Cover Reports
How to secure access to your Cover Reports server using SSO
NGINX can be used to secure access to your Cover Reports server using SSO. NGINX provide various setup guides for different SSO providers - see Set Up Single Sign-On for Proxied Applications on the NGINX docs site.
- A server running Cover Reports.
- A server running NGINX Plus (this can be the same server as Cover Reports) with a valid subscription.
- An SSO provider.
Note the following when setting up NGINX with Auth0. For details of the full process, see Single Sign-On With Auth0 on the NGINX docs site.
- On your NGINX Auth0 Dashboard, set the callback URL to
http://<YOUR-NGINX-SERVER-IP>:80/_codexch(replace<YOUR-NGINX-SERVER-IP>with the IP address of your NGINX instance). - On your NGINX server, update the
upstreamdetails for Cover Reports in thefrontend.conffile (replace<YOUR-COVER-REPORTS-SERVER-IP>with the IP address of your Cover Reports instance):
upstream cover-reports {
zone cover-reports 64k;
server <YOUR-COVER-REPORTS-SERVER-IP>:8080;
}
- Also in the
frontend.conffile, make sure that the NGINX server is listening on port 80 and that yourproxy_passdestination matches theupstreamvalue configured above (cover-reports):
listen 80;
...
proxy_pass http://cover-reports;
- Once SSO has been configured for Cover Reports, port 8080 will still be open, bypassing SSO. To prevent this you will need to close port 8080 which can be done as part of your network configuration. However, blocking port 8080 entirely will prevent reports bundles being uploaded using Cover Pipeline and Cover CLI. We recommend that you add the IP range of your CI runners and Cover CLI users to your network allow-list for port 8080.
Last modified 22d ago