SonarScanner behind an http proxy

troupier · April 4, 2022, 3:10pm

SonarQube Enterprise Edition Version 9.2.1 (build 49989)
sonarsource/sonar-scanner-cli :latest ( d182cb611a88)
GITLAB-CI
Sonar URL = https://sonarqube.domain

My SonarQube server is accessed by my Docker server through an http proxy but the url is in https.

The CI config

stages:

  - test

quality:

  image:

    name: sonarsource/sonar-scanner-cli:latest

    entrypoint: [""]

  stage: test

  variables:

    PROXY_HOST: '10.x.x.x'

    PROXY_PORT: '8080'

    HTTP_PROXY: 'http://${PROXY_HOST}:${PROXY_PORT}'

    HTTPS_PROXY: 'http://${PROXY_HOST}:${PROXY_PORT}'

    SONAR_URL: 'https://sonarqube.domain'

    SONAR_TOKEN: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

  script:

    - 'curl -k https://sonarqube.domain/batch/index -I'

    - 'sonar-scanner -X "-Djava.net.useSystemProxies=true" "-Dsonar.host.url=${SONAR_URL}" "-Dsonar.login=${SONAR_TOKEN}" "-Dsonar.projectVersion=${CI_COMMIT_BRANCH}" "-Dsonar.projectKey=xxxxxxx" "-Dsonar.projectName=xxxxx" "-Dsonar.sources=." "-Djava.net.preferIPv4Stack=true"'

  tags:

    - docker

I’ve tested the http.proxy and https.proxy variables without a better result

"-Dhttp.proxyHost=${PROXY_HOST}" "-Dhttp.proxyPort=${PROXY_PORT}"

13:46:55.659 DEBUG: Download: https://sonarqube.domain/batch/index
13:47:25.766 INFO: ------------------------------------------------------------------------
13:47:25.766 INFO: EXECUTION FAILURE
13:47:25.765 ERROR: SonarQube server [https://sonarqube.domain] can not be reached

The curl request works fine

`` $ curl -k https://sonarqube.domain/batch/index -I % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0HTTP/1.1 200 Connection established 0 0 0 0 0 0 0 0 --:--:-- --:--:-- HTTP/1.1 200

I've searched the java proxy settings without much result too..

I hope you'll have some ideas..

David

troupier · April 5, 2022, 1:50pm

Ok, with some help, found the problem.

I have to use the “SONAR_SCANNER_OPTS” variable to pass the proxy parameters… Still can’t figure why.

SONAR_SCANNER_OPTS: '-Dhttps.proxyHost=xx.xx.xx.xx -Dhttps.proxyPort=xxxx'

Then add an SSL handshake failure. The certificate was valid, the root CA was valid but the intermediate CA wasn’t recognized…

Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

add to convert the pem intermediate certificate in der format

openssl x509 -in certigna-service-ca.pem -inform pem -out certigna-service-ca.der -outform der

and add the certificate to the java keystore…

- 'keytool -importcert -alias certigna-ca -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -file certigna-service-ca.der'

what a pain in the …

system · April 12, 2022, 3:59pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cannot log-in via https proxy SonarQube Server / Community Build sonarqube	2	674	March 17, 2022
Failed: dotnet sonarscanner command can't reach my sonarqube server SonarQube Server / Community Build scanner , docker , dotnet	3	311	August 20, 2024
Sonar behind http proxy Nginx failed to enable ALM Integration with gitlab in https protocal SonarQube Server / Community Build sonarqube	4	1820	February 21, 2022
Issue when running Sonar-scanner command SonarQube Server / Community Build ssl	2	797	July 15, 2021
Self hosted Gitlab Runner running sonar-scan cannot connect to sonarqube server SonarQube Server / Community Build scanner , gitlab , ssl	4	1127	February 29, 2024

SonarScanner behind an http proxy

Related topics