Sonar Scanner doesn't connect to host URL via HTTPS
6,449 views
Skip to first unread message
Sebastian Krzyszkowiak
Oct 7, 2016, 6:53:24 PM10/7/16
to SonarQube
Hello,
I'm running an nginx reverse proxy before SonarQube server that's listening on both HTTP and HTTPS and forwarding to SonarQube listening on 8081 via HTTP.
I can't get sonar-scanner to work when using https URL in sonar.host.url property. Switching to HTTP makes it work (but I'd like to disable HTTP but switching it to a redirect to HTTPS)
It seems like after following some redirect it tries to connect to the server via HTTP on port 443.
dos@yoga:~/sonar/scanner/sonar-scanner-2.8$ bin/sonar-scanner -Dsonar.host.url=https://sonar.example.com -X
00:44:40.345 INFO: Scanner configuration file: /home/dos/sonar/scanner/sonar-scanner-2.8/conf/sonar-scanner.properties
00:44:40.352 INFO: Project root configuration file: NONE
00:44:40.373 INFO: SonarQube Scanner 2.8
00:44:40.374 INFO: Java 1.8.0_102 Oracle Corporation (64-bit)
00:44:40.374 INFO: Linux 4.8.0-1-ARCH amd64
00:44:40.565 DEBUG: keyStore is :
00:44:40.565 DEBUG: keyStore type is : jks
00:44:40.566 DEBUG: keyStore provider is :
00:44:40.566 DEBUG: init keystore
00:44:40.566 DEBUG: init keymanager of type SunX509
00:44:40.631 INFO: User cache: /home/dos/.sonar/cache
00:44:40.631 DEBUG: Extract sonar-scanner-api-batch in temp...
00:44:40.645 DEBUG: Get bootstrap index...
00:44:40.645 DEBUG: Download: https://sonar.example.com/batch_bootstrap/index
00:44:41.225 ERROR: SonarQube server [https://sonar.example.com] can not be reached
00:44:41.226 INFO: ------------------------------------------------------------------------
00:44:41.226 INFO: EXECUTION FAILURE
00:44:41.226 INFO: ------------------------------------------------------------------------
00:44:41.226 INFO: Total time: 0.907s
00:44:41.254 INFO: Final Memory: 4M/119M
00:44:41.256 INFO: ------------------------------------------------------------------------
00:44:41.256 ERROR: Error during SonarQube Scanner execution
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarQube
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:84)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:71)
at java.security.AccessController.doPrivileged(Native Method)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:71)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:67)
at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:218)
at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:156)
at org.sonarsource.scanner.cli.Main.execute(Main.java:72)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.IllegalStateException: Fail to download libraries from server
at org.sonarsource.scanner.api.internal.Jars.downloadFiles(Jars.java:93)
at org.sonarsource.scanner.api.internal.Jars.download(Jars.java:70)
at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:39)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:75)
... 8 more
Caused by: java.lang.IllegalStateException: Status returned by url [http://sonar.example.com:443/batch/index] is not valid: [400]
at org.sonarsource.scanner.api.internal.ServerConnection.callUrl(ServerConnection.java:115)
at org.sonarsource.scanner.api.internal.ServerConnection.downloadString(ServerConnection.java:98)
at org.sonarsource.scanner.api.internal.Jars.downloadFiles(Jars.java:78)
... 11 more
Is it a bug or just some misconfiguration on my side?
I'm running an nginx reverse proxy before SonarQube server that's listening on both HTTP and HTTPS and forwarding to SonarQube listening on 8081 via HTTP.
I can't get sonar-scanner to work when using https URL in sonar.host.url property. Switching to HTTP makes it work (but I'd like to disable HTTP but switching it to a redirect to HTTPS)
It seems like after following some redirect it tries to connect to the server via HTTP on port 443.
dos@yoga:~/sonar/scanner/sonar-scanner-2.8$ bin/sonar-scanner -Dsonar.host.url=https://sonar.example.com -X
00:44:40.345 INFO: Scanner configuration file: /home/dos/sonar/scanner/sonar-scanner-2.8/conf/sonar-scanner.properties
00:44:40.352 INFO: Project root configuration file: NONE
00:44:40.373 INFO: SonarQube Scanner 2.8
00:44:40.374 INFO: Java 1.8.0_102 Oracle Corporation (64-bit)
00:44:40.374 INFO: Linux 4.8.0-1-ARCH amd64
00:44:40.565 DEBUG: keyStore is :
00:44:40.565 DEBUG: keyStore type is : jks
00:44:40.566 DEBUG: keyStore provider is :
00:44:40.566 DEBUG: init keystore
00:44:40.566 DEBUG: init keymanager of type SunX509
00:44:40.631 INFO: User cache: /home/dos/.sonar/cache
00:44:40.631 DEBUG: Extract sonar-scanner-api-batch in temp...
00:44:40.645 DEBUG: Get bootstrap index...
00:44:40.645 DEBUG: Download: https://sonar.example.com/batch_bootstrap/index
00:44:41.225 ERROR: SonarQube server [https://sonar.example.com] can not be reached
00:44:41.226 INFO: ------------------------------------------------------------------------
00:44:41.226 INFO: EXECUTION FAILURE
00:44:41.226 INFO: ------------------------------------------------------------------------
00:44:41.226 INFO: Total time: 0.907s
00:44:41.254 INFO: Final Memory: 4M/119M
00:44:41.256 INFO: ------------------------------------------------------------------------
00:44:41.256 ERROR: Error during SonarQube Scanner execution
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarQube
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:84)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:71)
at java.security.AccessController.doPrivileged(Native Method)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:71)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:67)
at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:218)
at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:156)
at org.sonarsource.scanner.cli.Main.execute(Main.java:72)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.IllegalStateException: Fail to download libraries from server
at org.sonarsource.scanner.api.internal.Jars.downloadFiles(Jars.java:93)
at org.sonarsource.scanner.api.internal.Jars.download(Jars.java:70)
at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:39)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:75)
... 8 more
Caused by: java.lang.IllegalStateException: Status returned by url [http://sonar.example.com:443/batch/index] is not valid: [400]
at org.sonarsource.scanner.api.internal.ServerConnection.callUrl(ServerConnection.java:115)
at org.sonarsource.scanner.api.internal.ServerConnection.downloadString(ServerConnection.java:98)
at org.sonarsource.scanner.api.internal.Jars.downloadFiles(Jars.java:78)
... 11 more
Is it a bug or just some misconfiguration on my side?
nirmal...@gmail.com
Dec 19, 2016, 8:09:28 AM12/19/16
to SonarQube, seba...@gmail.com
On Saturday, 8 October 2016 04:23:24 UTC+5:30, Sebastian Krzyszkowiak wrote:
Hello,
I'm running an nginx reverse proxy before SonarQube server that's listening on both HTTP and HTTPS and forwarding to SonarQube listening on 8081 via HTTP.
I am running ReverProxy on IIS on Windows server but getting same error. I am running SonarQube Server 5.6 LTS
I can't get sonar-scanner to work when using https URL in sonar.host.url property. Switching to HTTP makes it work (but I'd like to disable HTTP but switching it to a redirect to HTTPS)
+1
I am facing same issue.
I am facing same issue.
Let me know if you have found any work around or fixed the issue.
Thanks,
Nirmal Pathak.
Deyan Stoykov
Dec 19, 2016, 11:45:06 AM12/19/16
to SonarQube, seba...@gmail.com
I'm also experiencing this with the recently released 6.2 version.
sonar.core.serverBaseURL is set to the https URL. X-Forwarded-Proto is set as well.
Mike Barry
Dec 21, 2016, 11:34:02 AM12/21/16
to SonarQube, seba...@gmail.com, nirmal...@gmail.com
This is odd. I use the same configuration. I use ARR to add a permanent redirect from http to https, but my scanner points directly at the https endpoint. I've got no issues.
Nirmal Pathak
Dec 21, 2016, 11:43:02 AM12/21/16
to Mike Barry, SonarQube, seba...@gmail.com
On Dec 21, 2016 10:04 PM, "Mike Barry" <mi...@barry.io> wrote:
This is odd. I use the same configuration. I use ARR to add a permanent redirect from http to https, but my scanner points directly at the https endpoint. I've got no issues.
I am using self signed cert for https. Are you having self signed cert as well?
Neither nginx nor IIS https config work for me with sonar-sacnner.
Mike Barry
Dec 21, 2016, 11:49:48 AM12/21/16
to SonarQube, mi...@barry.io, seba...@gmail.com, nirmal...@gmail.com
No, but I used a cert issued by an internal certificate authority which I added to the java keystore.
Nirmal Pathak
Dec 21, 2016, 11:52:01 AM12/21/16
to Mike Barry, SonarQube, seba...@gmail.com
On Dec 21, 2016 10:19 PM, "Mike Barry" <mi...@barry.io> wrote:
No, but I used a cert issued by an internal certificate authority which I added to the java keystore.
This sounds promising.
Can you let us know how to add certificate to java keystore?
Mike Barry
Dec 21, 2016, 12:28:11 PM12/21/16
to SonarQube, mi...@barry.io, seba...@gmail.com, nirmal...@gmail.com
It's not sonar specific. Just google, add certificate to java keystore.
That said if you had a certificate issue I would have expected the initial connection to fail with a trust violation, which it does not.
nirmal...@gmail.com
Dec 26, 2016, 12:13:05 AM12/26/16
to SonarQube, mi...@barry.io, seba...@gmail.com, nirmal...@gmail.com
On Wednesday, 21 December 2016 22:58:11 UTC+5:30, Mike Barry wrote:
It's not sonar specific. Just google, add certificate to java keystore.
Adding self-signed certificate to Java Keystore also didn't work for me.
Deyan Stoykov
Jan 18, 2017, 3:57:33 AM1/18/17
to SonarQube, seba...@gmail.com
On Saturday, 8 October 2016 01:53:24 UTC+3, Sebastian Krzyszkowiak wrote:
For me the problem was solved by replacing:
proxy_set_header Host $host:$server_port;
with:
proxy_set_header Host $host;
in nginx configuration. This makes no difference as long as nginx is running on standard HTTP/HTTPS ports.
Reply all
Reply to author
Forward
0 new messages