I am running sonarqube on https by using nginx reverse proxy.
This is my nginx reverse proxy config.
server{
server_name sonarqube.mydomain.co.in;
access_log /var/log/nginx/sonar.access.log;
error_log /var/log/nginx/sonar.error.log;
proxy_buffers 16 64k;
proxy_buffer_size 128k;
location / {
proxy_pass http://127.0.0.1:9000;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Proto https;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sonarqube.mydomain.co.in/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sonarqube.mydomain.co.in/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server{
if ($host = sonarqube.mydomain.co.in) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name sonarqube.mydomain.co.in;
return 404; # managed by Certbot
}
I have added sonarqube from the gallery in Azure AD. After that I selected SAML in my AZURE SSO.In my reply url I have configured https://sonarqube.mydomain.co.in/oauth2/callback/saml and in my signin url https://sonarqube.mydomain.co.in. I have configured the relative fields from azure AD to my sonarqube plugin.
Now when I try to login through SAML in my sonarqube I get this error
You're not authorized to access this page. Please contact the administrator.
Reason: The response was received at http://sonarqube.mydomain.co.in/oauth2/callback/saml instead of https://sonarqube.mydomain.co.in/oauth2/callback/saml
Is this because of my nginx reverse proxy config? How can I fix this?
Any help would be appreciated
2
Answers
• According to the sonarqube documentation for configuring reverse proxy, it should be configured to set the value ‘X_FORWARDED_PROTO: https’ in each http request header. Without this property, redirection initiated by the SonarQube server will fall back on HTTP. In your code, you have incorrectly specified to redirect the requests from HTTP to HTTPS. You have not specified any location under ‘location’ parameter to return to under the ‘server’ class. The correct script format should be as below: –
Also, please remove the ‘proxy_redirect off’ parameter passed in your code which holds back the redirection requests through the nginx proxy and remove the ‘proxy_set_header X-Forwarded-Proto http’ parameter also. And instead of ‘proxy_set_header X-Forwarded-Proto https’, you can pass a variable like ‘$redirect’ and define the variable as below to ensure all requests reach on HTTPS port: –
Reverse proxy configuration isn’t needed.
Server base URL
needs to be configured properly.https://stackoverflow.com/a/75078571/4069872