Sonarqube ECS Fargate keeps redirecting to login page

Hi all,

I am using the lts-community image to deploy SonarQube containers via ECS Fargate. I also have setup a Load Balancer with SSL termination and HTTP to HTTPS redirection witha a proper certificate.
I am now facing an issue where the inital SonarQube login screen loads but when I try to enter the default admin:admin credentials I am always redirected to login screen. I noticed that I am receiving a 401 Unauthorized error but I haven’t really been able to login so no changes have been made. Any ideas what would be the issue?

curl logs to base domain:

* Connection #0 to host <domain> left intact
* Issue another request to this URL: 'https://<domain>:443/'
*   Trying <domain-ip>:443...
* Connected to <host> (<domain-ip>) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=<cert>
*  start date: 
*  expire date: 
*  subjectAltName: host "<domain>" matched cert's "<cert>"
*  issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M03
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x12d00c600)
> Host: <domain>
> user-agent: curl/7.77.0
> accept: */*
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200
HTTP/2 200

401 Error

Request URL:
Request Method:
Status Code:
401 Unauthorized


The above error leads me to this part of the code:

    const { url, options } = this.getSubmitData({ ...getCSRFToken() });
    return window.fetch(getBaseUrl() + url, options);

but I’m not really sure what would be the issue since it’s the first time I’m trying to log in after initialization.

After running some tests the things get event weirder as when I run a curl command
curl -iv -u admin:admin https://<domain>/api/navigation/global -L
with the
and the default login credentials, it seems to be working:

> GET /api/navigation/global HTTP/2
> Host: <domain>
> authorization: Basic <auth token>
> user-agent: curl/7.77.0
> accept: */*
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200 
HTTP/2 200 

Hey there.

Sorry to start off so basic – but can you try clearing your cache/cookies? I know this can happen when accessing multiple SonarQube servers at the same address (say you started up an instance, trashed it, and started up another).

Hi Colin,

Thanks for your reply, I have tried to erase cookies. It seems like there’s an issue with session stickiness from the AWS ALB.

What I mean is that when I drop the number of tasks in my ECS Fargate deployment down to 1 everything works great. As soon as I try to add one or more tasks the redirection comes back.

What I figured out at the end of the day was that by enabling Target Group stickiness fixed the issue when deployments where >1.

So for anyone experiencing similar issue maybe this will work but beware there is Target Group and Listener group stickiness. The only one needed for this case is the Target Group stickiness.

1 Like

Hey there.

Thanks for the follow-up. To be clear, you should only run with one node unless you have Data Center Edition

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.