Useful info:
- SonarQube Server Developer Edition 2025.1.1 LTA
- Zip installation on Windows Server 2022
- Server Encryption enabled
Hi there,
I’m trying to configure our client’s SonarQube instance to connect through their corporate proxy in order to enable outbound connectivity (DevOps integrations, Marketplace, AI Code Fix, etc.).
However, the connection fails due to proxy authentication issues. From the logs:
2025.05.23 14:10:40 DEBUG web[876f078e-6b1a-48ee-8874-b4a8d28d5207][o.s.w.c.OkHttpClientBuilder] <-- HTTP FAILED: java.io.IOException: Failed to authenticate with proxy
2025.05.23 14:10:40 WARN web[876f078e-6b1a-48ee-8874-b4a8d28d5207][c.s.f.s.api.r.h] Error while checking AI CodeFix service status
java.io.IOException: Failed to authenticate with proxy
at okhttp3.internal.connection.RealConnection.createTunnel(RealConnection.kt:476)
at okhttp3.internal.connection.RealConnection.connectTunnel(RealConnection.kt:262)
at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:201)
[...]
Here are the relevant configuration properties (sanitized for security):
#--------------------------------------------------------------------------------------------------
# UPDATE CENTER
# Update Center requires an internet connection to request https://downloads.sonarsource.com/?prefix=sonarqube/update
# It is enabled by default.
#sonar.updatecenter.activate=false
# HTTP proxy (default: none)
http.proxyHost=10.10.10.1
http.proxyPort=8080
# HTTPS proxy (defaults to http.proxyHost and http.proxyPort)
#https.proxyHost=
#https.proxyPort=
# NT domain name if NTLM proxy is used
#http.auth.ntlm.domain=
# SOCKS proxy (default: none)
#socksProxyHost=
#socksProxyPort=
# Proxy authentication (used for HTTP, HTTPS, and SOCKS proxies)
http.proxyUser=usrSonarQube
http.proxyPassword=m4g1cP455w0rd
# Proxy exceptions (hosts to bypass the proxy), separated by '|'. Wildcards supported.
# (localhost and 127.0.0.1 are always excluded)
http.nonProxyHosts=some|internal|services
What I’ve tried so far:
-
HTTP and HTTPS proxy configuration
According to the documentation, HTTPS defaults to the HTTP proxy values, but I tested both explicitly with no success. -
NTLM authentication
The proxy works fine with basic auth from the command line, but since the environment uses NTLM, I tested the following—also without success:http.auth.ntlm.domain=DOMhttp.proxyUser=DOM\\usrSonarQube
-
Plain text vs. encrypted passwords
There’s no clear documentation on which properties are affected by SonarQube Server Encryption. I looked into the source code and believe this specific password (http.proxyPassword) should be provided in plain text:
Source reference.
I tested both encrypted and plain values, neither worked.
As seen in the screenshot, we can reach the proxy successfully from the server.
My questions:
I could only find documentation about proxy configuration specifically for accessing the Marketplace, such as:
- https://docs.sonarsource.com/sonarqube/latest/server/marketplace/#using-the-marketplace-behind-a-proxy
- https://docs.sonarsource.com/sonarqube/latest/setup/environment-variables/#update-center
I couldn’t find any reference about enabling proxy support for general outbound connectivity (e.g. AI Code Fix or DevOps integrations).
- Is there any official documentation or support for configuring a global outbound proxy (not just for Marketplace)?
- Is there something else I should try to make proxy authentication work?
Thanks a lot for your help!