Using oauth service from GitLab failed because rewriting the callback uri

CoolMischa · October 24, 2025, 9:54am

Moin, moin (Dear) community,

I’m running

SonarQube Community Build Version: v25.10.0.114319
Deployment: ZIP on RHEL 9.5 air-gapped (no internet connection)
Service runs as systemd service behind a nginx proxy

Properties set in the sonar.properties:

sonar.web.host=0.0.0.0
sonar.web.context=/qa
sonar.web.port=9000

To avoid maintaining multiple user registry I tried to use our gitlab server as oauth2 services. Unfortunately the sonarqube-server re-writes the callback uri, which obviously does not work and I could not figured out how to solve the problem.

GitLab-Server URL: https://repo-server.zlo-uedem.internal/
Sonarqube URL: https://ci-cd-02.zlo-uedem.internal/qa

The sonarqube service is running on http://localhost:9000 where the location /qa is redirected from the nginx-proxy. The proxy listens on https://ci-cd-02.zlo-uedem.internal/ and redirect the location /qa to the sonaqube service . That works very well with users defined in the sonarqube

The oauth-application within the gitlab-server is configured and the test configuration button shows “Configuration is valid for Just-In-Time provisioning”. The Redirect URI in the gitlab application is:

https://ci-cd-02.zlo-uedem.internal/qa/oauth2/callback/gitlab

If I try to “Log in with GitLab” I get the error “The redirect URI included is not valid.” In the URL of this error page I can see that the URI is now:

http://localhost:9000/qa/oauth2/callback/gitlab

I have no idea where the rewriting occurs. Where do I miss something

Any help is appreciated

Mischa

Colin · October 27, 2025, 9:30am

Hey there.

Have you configured your Server Base URL?

CoolMischa · October 27, 2025, 3:17pm

Thank you for the hint!
Now I have set it to the URL and the URI is now correct. But I got the same error.

I’m coming closer

Colin · October 27, 2025, 3:36pm

Is it the same error? Or do perhaps the URLs use different protocols (http vs https)?

I suppose what I’m asking, is are these two now the exact same?

CoolMischa · October 27, 2025, 4:07pm

It is the same error. I detected an error in the DNS configuration but fixing that does not help. In the log of the gitlab-workhorse/current I find the correct callback URI but in the same log entry “remote_addr”:”127.0.0.1:0” and “remote_ip”:”127.0.0.1”. Could it be, that my nginx configuration misses somehing?

Best regards and thank you for helping me.

Mischa

CoolMischa · October 27, 2025, 4:16pm

And after correcting the next typo: It works!

The tip with exact same show me a missing slash, which was URL encoded not that easy to see.

Best regards and enjoy your day. You made mine great!

system · November 3, 2025, 4:17pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Oauth2 integration with gitlab when sonar is running behind an nginx proxy SonarQube Server / Community Build	6	8612	January 20, 2021
SonarQube failed redirect with OAuth2AccessTokenErrorResponse on Gitlab OAuth callback SonarQube Server / Community Build sonarqube	0	847	November 16, 2021
Wrong redirection after succesfull gitlab authentication SonarQube Server / Community Build gitlab , authentication	1	640	February 28, 2022
Redirect to sonarqube on http after Gitlab Authentication SonarQube Server / Community Build ssl	3	3106	April 22, 2021
Sonarqube auth in gitlab SonarQube Server / Community Build sonarqube , gitlab , authentication	4	962	August 31, 2020

Using oauth service from GitLab failed because rewriting the callback uri

Related topics