Redirect to sonarqube on http after Gitlab Authentication

SonarQube Developer Edition 8.5.1 incl. Nginx Version 1.18 for SSL termination under RHEL 7.8, integrated with
GitLab 13 with self signed certificate

sonarqube base url: https:\sonarcube.customer.lan
Gitlab base url: https:\gitlab.customer.lan
Gitlab SSL certificate is imported into SQ keystore

Behavior:

  • SonarQube Login Page via https (OK)
  • login via Gitlab via https (OK)
  • Authentfication on SQ (OK)
  • Redirect to SQ , but on http instead of https:

see our Nginx config file:
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
ssl_certificate /etc/nginx/sonarqube.customer.lan.crt;
ssl_certificate_key /etc/nginx/prodPrivate.key;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ‘ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA’;
ssl_session_timeout 1d;

location / {
proxy_pass http://sonarqube.customer.lan:9000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto https;
}
}

after that wrong http redirect: if I navigate to https:\sonarqube.customer.lan in my browser, it shows that the user has been logged into SQ successfully.

Any ideas?

Hello @Stephan_Krause,
This issue is more of a Nginx configuration issue than a SonarQube configuration one. I suggest you to have a look at the example we give in the documentation but we will not provide more help on the configuration of your proxy. This being a third party tool we do not provide support on it.
Alex.