Wrong redirect to initial admin change password. (BUG-report)

Must-share information (formatted with Markdown):

  • version: SonarQube v9.3 (build 51899)

I installed SonarQube behind a NGINX reverse proxy to get HTTPS.
When I tried to log in with the default password it redirected to http.
No changes to the Proxy configuration helped.
When I gave up and manually added https to the url-bar I got to the change password page.
After that I could log in and was redirected correctly to https.

Thus I can not repeat the problem, LOGIN works now with the exact same proxy configuration.
The redirect to the change password page during the initial login pointed to http and thus did not work.

NB! My setup do not include a http server, only https, if there was unencrypted http availible this problem would not be vissible.

I believe your reverse proxy should forward http traffic to https.
Another thing you should check is if the address in the property sonar.core.serverBaseURL is correct (in the UI, go to ‘Administration → General Settings → General’), which should prevent sonarqube from redirecting to http in the first place.

Hi, thanks for responding.
As I tried to say in the original message, we do not allow plain http in the network, thus no redirect in the proxy is possible.
The proxy-configuration in NGINX works when I log in during normal operations.
(The Login-page sends a redirect to HTTPS.)
It is only the first redirect sent from the login-page to push the client to the change password page when starting SonarQube for the first time that goes wrong.

Did you get a chance to check the configuration of the server base URL?

Actually as far as I remember the BaseURL is a setting that is configured from inside the SonarQube WebUI. So I would not have been able to adjust that setting before logging in to SonarQube the first time with the default username+password. Thus you can probably assume it was set to the default since I would not have been able to change it before the broken redirect I am reporting occurred.

The baseUrl can also be set in the configuration file, using the property sonar.core.serverBaseURL. I believe that would solve the issue.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.