Http code 400 when use nginx reverse proxy when upgrade to 7.7-community

(Anton Patsev) #1

I use sonarqube in docker

Nginx config

upstream sonar_backend {
    server 10.193.84.93:8080;
}

server {
    listen 443 ssl;
    server_name sonar.yyyyy.xx; 

    ssl_certificate /etc/nginx/ssl/xxxx.crt;
    ssl_certificate_key /etc/nginx/ssl/xxx.key;

    access_log /var/log/nginx/sonar-access.log main;
    error_log /var/log/nginx/sonar-error.log warn;

    location / {
        proxy_pass http://sonar_backend;
    	client_max_body_size 50M;
    }

}

If use 7.6-community - ok
If use 7.7-community - get http code 400

Logs
10.235.43.191 - - [28/Mar/2019:09:03:14 +0300] “GET / HTTP/1.1” 400 5 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36” “-”
10.235.43.191 - - [28/Mar/2019:09:04:52 +0300] “GET / HTTP/1.1” 400 5 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36” “-”
10.235.43.191 - - [28/Mar/2019:09:05:47 +0300] “GET / HTTP/1.1” 400 5 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0” “-”
10.235.43.191 - - [28/Mar/2019:09:05:47 +0300] “GET /favicon.ico HTTP/1.1” 400 5 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0” “-”

Dont have error in logs sonarqube in docker

(Wouter Admiraal) #3

Hi @1117, welcome to the community :slight_smile:

Can you access the SonarQube container directly, by going to http://10.193.84.93:8080 ? Probably irrelevant, but is NginX also in a container?

(Anton Patsev) #4

Yes. I can access the SonarQube container directly, by going to http://10.193.84.93:8080

May be need add proxy_http_version 1.1; to nginx ?

After Add block:

proxy_http_version      1.1;
proxy_set_header        X-Forwarded-Host $http_host;
proxy_set_header        X-Forwarded-Proto $scheme;
proxy_set_header        X-Real-IP $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header        Upgrade $http_upgrade; # WebSocket support
proxy_set_header        Connection $connection_upgrade; # WebSocket support

I get HTTP ERROR 400 again.

Failed to load resource: the server responded with a status of 400 ()

(Wouter Admiraal) #5

Hm, strange. I would have been surprised if it were linked to the HTTP version, but at least that’s ruled out.

I can reproduce the issue locally. I’ll investigate further a bit. If you find more info, I’m happy to hear it.

(Wouter Admiraal) #6

Found the issue. It’s the hostname used by the upstream. It contains an underscore, which isn’t considered valid (probably by Tomcat, as we upgraded it?)

The quickest fix is changing the upstream label to something without an underscore. Otherwise, you can override the Host variable:

upstream sonar_backend {
    server 10.193.84.93:8080;
}

server {
   #...

    location / {
        proxy_pass http://sonar_backend;
        proxy_set_header Host "sonarqube";
    	client_max_body_size 50M;
    }
}
(Anton Patsev) #7

Great!
It is work!
Thank you!! :slight_smile: