Having issue with HTTPS reverse proxy looping on Host

Hi and welcome to me, I hope everything is good and having fun with coverage.

I am encountering trouble with nginx doing the HTTPS reverse proxy.

Issue is caused by proxy_set_header Host $host, when set, I keep getting redirected in loop.

When not set, I get redirected to the intranet IP, resulting in DNS failure.

It seems that the application is doing some sort of redirection. I have not configured anything in app regarding the FQDN.

sonarqube version 6.3.1

Hi @Kopax_Anderson,

6.3 is pretty old and no longer supported, so I’m not sure what the issue could be here. But why do you pass the Host header in the first place? SonarQube should be able to run without it. Why not only use proxy_pass?

Hi @Wouter_Admiraal, I tested with and without the Host header.

Without the host header, I was redirected to the upstream which is internal.
With host header, I was redirected in loop.

Since I have replaced nginx reverse proxy with traefik v2.1, it work fine.

I couldn’t find a working configuration with nginx. The client seems to cause the redirect.

I want to upgrade but since the version is now old, I am afraid of loosing all the data.

Hi,

The upgrade procedures call for you to start by backing up your database, but that’s mostly a precaution. You shouldn’t lose any data by doing a normal upgrade. From 6.3, you’ll need to go to 6.7.7 first, and then to 7.9.2. From there you can upgrade to 8.1 (E.T.A. this week) if you like, or hang out on 7.9.* until the next LTS is released, probably in early 2021.

 
HTH,
Ann

Hi @ganncamp and thanks for trying to help me moving forward with the latest version of sonarqube.

I still have some fear doing this upgrade, of course I can backup the data, but will the sonar-scanner command require some change as well? or an upgrade?

Also, I have configured sonarqube within a docker container, this is how the Dockerfile looks like:

FROM sonarqube:6.3.1
ENV SONAR_LDAP_PLUGIN_VERSION=2.1.0.507
COPY assets /assets
# Add Hook
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]

This is entrypoint.sh

#!/bin/bash

set -e

# call your procedure/other scripts here below
echo "Starting $ENV_NAME"
mkdir -p $SONARQUBE_HOME/conf

cp -rv /assets/$ENV_NAME/* $SONARQUBE_HOME/conf

# install secret key
if [ ! -f "~/.sonar/sonar-secret.txt" ]; then
  mkdir -p ~/.sonar
  ls -altr $SONARQUBE_HOME/conf
  mv $SONARQUBE_HOME/conf/sonar-secret.txt ~/.sonar/sonar-secret.txt
fi
chmod 444 ~/.sonar/sonar-secret.txt

# install ldap
if [ ! -f "extensions/plugins/sonar-ldap-plugin-$SONAR_LDAP_PLUGIN_VERSION.jar" ]; then
	echo "Downloading LDAP"
	wget "http://repo1.maven.org/maven2/org/sonarsource/ldap/sonar-ldap-plugin/$SONAR_LDAP_PLUGIN_VERSION/sonar-ldap-plugin-$SONAR_LDAP_PLUGIN_VERSION.jar" \
		-P extensions/plugins
fi


# purge configuration
rm -rf /assets 

# start
if [ "${1:0:1}" != '-' ]; then
  exec "$@"
fi

exec java -jar lib/sonar-application-$SONAR_VERSION.jar \
  -Dsonar.log.console=true \
  -Dsonar.jdbc.username="$SONARQUBE_JDBC_USERNAME" \
  -Dsonar.jdbc.password="$SONARQUBE_JDBC_PASSWORD" \
  -Dsonar.jdbc.url="$SONARQUBE_JDBC_URL" \
  -Dsonar.web.javaAdditionalOpts="$SONARQUBE_WEB_JVM_OPTS -Djava.security.egd=file:/dev/./urandom" \
  "$@"

As you can see, I use an LDAP plugin, will this need to be upgraded as well?

I already have backups of my data, can you please confirm once more that replacing in Dockerfile in order will normally work?

- FROM sonarqube:6.3.1
+ FROM sonarqube:6.7.7
- FROM sonarqube:6.7.7
+ FROM sonarqube:7.9.2

And then 8.1 when available.

Thanks a lot for supporting and I wish you all good holiday!

Hi,

What I know about Docker wouldn’t fill a thimble. I can, however, tell you that the analysis command won’t change. (BTW, this is not the case for people who have pinned old versions of the Maven analyzer in their pom files. Fortunately, you don’t seem to be in that situation.)

I can also tell you that the modern SQ bundles include all the SonarSource-supported integrations, so you don’t need to worry about “upgrading” LDAP; just download and run.

Back to your upgrade, if you’re really nervous about this, then stand up a test copy of your DB and dry-run the upgrades against it.
Or…
I don’t know what your operational constraints are, but if you have some flexibility, an option you might consider is not worrying about Docker for the intermediate versions. Just spin them up locally to get the database upgrades done, then you can use the Beta Docker image we put out for the latest version.

 
HTH,
Ann

1 Like

After upgrading from sonarqube 6.3.1 and sonar-scanner 2.8 to sonarqube 7 and sonar-scanner 4.8 and all the plugins, I have no more issue with the scanner. Migration was a pretty straight forward process and involved a little bit of manual actions.

It is now all solved, thanks for your support, and happy new year,

1 Like