SonarQube GitHub integration

We have configured the integration with github for sonarqube developer 8.7.0.41497 version. When logging in to the sonarqube via github we are getting below error message

Note: We have configured Nginx proxy for https.

Hi,

Is anyone aware of this issue?

Hi @deepak.amte and welcome to the community :wave:

please note that this is an open source effort driven by people who provide support in their spare time. as stated in our FAQ, you should wait a few days before bumping a topic.

regarding your issue:
it looks like you entered the wrong callback url into your github app, resulting in a 404 from your nginx reverse proxy.
you have to make sure that the callback url in the github app is the same as the base url of your sonarqube instance. so if you sonarqube instance is accessible on https://sonarqube.company.com/instance/ this will have to be the callback url in the github app. there are more details on this in our docs

hope that helps :slight_smile:

Thank you for your response.

I have verified the callback url and is same as base url. as per the documentation I have tried adding
‘<value_of_sonar.core.serverBaseURL_property>/oauth2/callback’ but still its giving the same error.

where is this information in our docs? i can’t find it anywhere.

what is your base URL and where does it differ from the URL where you are facing a 404 from your nginx?

Please see this.

Ah so this is a reminiscent that is only valid for using github for authentication. if you want to use the same github app for authentication and onboarding, you need to have just the base url as a callback url.

:point_up:

and while you are at it, could you state if you are talking about github.com or a dedicated github enterprise instance?

I am using different github app for ALM and authentication.

base url: https://mycomany.sonar.com
404 page url: http://mycomany.sonar.com/sessions/unauthorized

I am using github.com for this authentication
Thanks

okay then we need to search for the issue in your nginx configuration, as this path is present in sonarqube and you should be able to access this path if you ssh into your sonarqube vm and try it via curl to localhost:9000/sessions/unauthorized

i guess you already have had a look at our docs regarding reverse proxy configuration? how exactly did you define the reverse proxy settings?

I am able to curl this. localhost:9000/sessions/unauthorized

Please see below the Ngnix config file.

server {

listen 443 ssl;
#server_name sonar.com;
ssl_certificate path to cert file;
ssl_certificate_key path to key file;
location / {
proxy_pass http://localhost:9000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto https;
}
}
Thanks

there has to be another part of you nginx config that blocks this from reaching sonarqube. i could not reproduce this behavior with the following configuration:

Ubuntu 20.04

nginx:

nginx version: nginx/1.18.0 (Ubuntu)
built with OpenSSL 1.1.1f  31 Mar 2020
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-5J5hor/nginx-1.18.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module

test.conf

server { 
 listen 80; 
 listen 443 ssl;
 #server_name sonar.com;
 ssl_certificate /etc/ssl/private/example.com+2.pem;
 ssl_certificate_key /etc/ssl/private/example.com+2-key.pem;
 location / {
   proxy_pass http://localhost:9000;
   proxy_set_header Host $host;
   proxy_set_header X-Forwarded-For $remote_addr;
   proxy_set_header X-Forwarded-Proto https;
 }
}

This is how my nginx.config file looks like.

I have added the sonarqube config details in
etc/nginx/site-enabled/ directory.

anyone have any idea what is missing in my config file

Thanks

any help on this will be really appreciated. I am stuck on this from 2 weeks.

Thanks in advance for your help