SonarScanner behind an http proxy

  • SonarQube Enterprise Edition Version 9.2.1 (build 49989)
  • sonarsource/sonar-scanner-cli :latest ( d182cb611a88)
  • GITLAB-CI
  • Sonar URL = https://sonarqube.domain

My SonarQube server is accessed by my Docker server through an http proxy but the url is in https.

The CI config :slight_smile:

stages:

  - test

quality:

  image:

    name: sonarsource/sonar-scanner-cli:latest

    entrypoint: [""]

  stage: test

  variables:

    PROXY_HOST: '10.x.x.x'

    PROXY_PORT: '8080'

    HTTP_PROXY: 'http://${PROXY_HOST}:${PROXY_PORT}'

    HTTPS_PROXY: 'http://${PROXY_HOST}:${PROXY_PORT}'

    SONAR_URL: 'https://sonarqube.domain'

    SONAR_TOKEN: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

  script:

    - 'curl -k https://sonarqube.domain/batch/index -I'

    - 'sonar-scanner -X "-Djava.net.useSystemProxies=true" "-Dsonar.host.url=${SONAR_URL}" "-Dsonar.login=${SONAR_TOKEN}" "-Dsonar.projectVersion=${CI_COMMIT_BRANCH}" "-Dsonar.projectKey=xxxxxxx" "-Dsonar.projectName=xxxxx" "-Dsonar.sources=." "-Djava.net.preferIPv4Stack=true"'

  tags:

    - docker

I’ve tested the http.proxy and https.proxy variables without a better result :frowning:

"-Dhttp.proxyHost=${PROXY_HOST}" "-Dhttp.proxyPort=${PROXY_PORT}"

13:46:55.659 DEBUG: Download: https://sonarqube.domain/batch/index
13:47:25.766 INFO: ------------------------------------------------------------------------
13:47:25.766 INFO: EXECUTION FAILURE
13:47:25.765 ERROR: SonarQube server [https://sonarqube.domain] can not be reached

The curl request works fine :frowning:

`` $ curl -k https://sonarqube.domain/batch/index -I % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0HTTP/1.1 200 Connection established 0 0 0 0 0 0 0 0 --:--:-- --:--:-- HTTP/1.1 200

I've searched the java proxy settings without much result too..

I hope you'll have some ideas..

David

Ok, with some help, found the problem.

I have to use the “SONAR_SCANNER_OPTS” variable to pass the proxy parameters… Still can’t figure why.

SONAR_SCANNER_OPTS: '-Dhttps.proxyHost=xx.xx.xx.xx -Dhttps.proxyPort=xxxx'

Then add an SSL handshake failure. The certificate was valid, the root CA was valid but the intermediate CA wasn’t recognized…

Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

add to convert the pem intermediate certificate in der format

openssl x509 -in certigna-service-ca.pem -inform pem -out certigna-service-ca.der -outform der

and add the certificate to the java keystore…

- 'keytool -importcert -alias certigna-ca -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -file certigna-service-ca.der'

what a pain in the …

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.