-
Versions used (SonarQube, Scanner, Plugin, and any relevant extension)
upgrading from 7.3 to 7.9.6 -
Error observed (wrap logs/code around triple quote ``` for proper formatting)
We were able to bring an instance running SonarQube 7.9.6 up, and we can access HTTP endpoints on the instance, but whenever an HTTPS request is made, EGhttps://sonar.devops.wepay-inc.com/admin
, this error page is shown:
You're not authorized to access this page. Please contact the administrator.
Reason: The response was received at http://localhost:9000/oauth2/callback/saml instead of https://sonar.devops.wepay-inc.com/sessions/init/saml
- Steps to reproduce
using this sonar-qube.conf with nginx 1.20.4:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
# the server directive is nginx's virtual host directive
server {
# port to listen on. Can also be set to an IP:PORT
listen 443;
# sets the domain[s] that this vhost server requests for
server_name sonar.devops.wepay-inc.com;
large_client_header_buffers 4 32k;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;
# SSL Configuration
ssl on;
ssl_certificate /etc/wepay/certs/star.devops.wepay-inc.com.crt;
ssl_certificate_key /etc/wepay/certs/star.devops.wepay-inc.com.key;
ssl_protocols TLSv1.2;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:2m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!3DES:!IDEA:!RC2:!RC4;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/dhparams.pem;
keepalive_timeout 70;
keepalive_requests 20;
client_max_body_size 50M;
client_body_buffer_size 128k;
location / {
proxy_pass http://localhost:9000;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
proxy_redirect off;
proxy_buffering off;
proxy_http_version 1.1;
}
}
Run the server with all other configuration matching that of the 7.3 server, and same DB. I Verified that the server was available locally by curling the status page:
curl http://0.0.0.0:9000/status
***returns valid HTML***
```, and could also visit the server homepage using a webbrowser
However, any attempt to access the service using HTTPS results in the error above.
Other setup info:
Sonar is deployed to a Google Compute VM instance, using a load balancer for routing of traffic from our subdomain.
We are using NGINX 1.20 as the reverse proxy on the VM