Hi- I’m having some difficulties with webhooks and proxy settings behind a corporate firewall.
Must-share information:
- versions: SonarQube 7.9.1 (build 27448) on Linux
- trying to achieve: webhook from SonarQube to Jenkins via HTTPS
- tried so far: various combinations of proxyHost, proxyPort, and nonProxyHosts
The intent is to have SonarQube communicate to a Jenkins via webhooks (Administration > Configuration > Webhooks). The firewall is external only.
Scenario 1: no proxy information in sonar.properties
- Jenkins pipeline initiates a Sonar scan
- webhook from SonarQube to Jenkins is delivered correctly
- no -D options have been set
- Jenkins and SonarQube can communicate to each other, but external connectivity (Marketplace, Update Center) is compromised
Scenario 2: proxy host and port provided in sonar.properties
- using the placeholders in the “Update Center” section (https://github.com/SonarSource/sonarqube/blob/d1fd889554bccbb50122550899dbb66b90b04f78/sonar-application/src/main/assembly/conf/sonar.properties#L288)
- Jenkins pipeline initiates a Sonar scan
- webhook from SonarQube to Jenkins fails, ce.log indicates “Read timed out”
- specifying a proxy (host/port) seems to trigger the -Dhttp.nonProxyHosts=localhost|127.*|[::1] default to be added to the java command even though it is not specified in sonar.properties
Scenario 3: proxy host, port, and nonProxyHosts provided in sonar.properties
- using the placeholders in the “Update Center” section (https://github.com/SonarSource/sonarqube/blob/d1fd889554bccbb50122550899dbb66b90b04f78/sonar-application/src/main/assembly/conf/sonar.properties#L288)
- manually specified “http.nonProxyHosts” using double quotes, pipe separated, including the “localhost|127.*|[::1]” defaults found in Scenario 2
- Jenkins pipeline initiates a Sonar scan
- webhook from SonarQube to Jenkins fails, ce.log indicates “Read timed out”
Scenario 4: proxy host, port, and nonProxyHosts provided as -D JVM options for sonar.ce (and others)
- using the javaOpts section (https://github.com/SonarSource/sonarqube/blob/d1fd889554bccbb50122550899dbb66b90b04f78/sonar-application/src/main/assembly/conf/sonar.properties#L242)
- Jenkins pipeline initiates a Sonar scan
- webhook from SonarQube to Jenkins fails, ce.log indicates “Read timed out”
Doing some research, I have found a closed item (https://jira.sonarsource.com/browse/SONAR-11251) which indicates some previous success with using the javaOpts which prompted Scenario 4 testing. There was also a community post about OkHttp3 not honoring the nonProxyHosts setting (WebhookCallerImpl (Okhttp3) doesn't honour http.nonProxyHosts) which is a bit older and I don’t know if this is still relevant.
The ce.log also does not seem to provide more detail despite the DEBUG log level being specified.