NGINX reverse proxy rewrite SAML callback

JosephS
February 25, 2021
220 views
3 votes
3 Answers

SonarQube on windows, running on http://localhost/9000.

I’m setting up NGINX to use as a reverse proxy and serve on https://localip.com.

I’m getting the following EE when trying to connect to SonarQube

You’re not authorized to access this page. Please contact the administrator. Reason: The response was received at http://localhost:9000/oauth2/callback/saml instead of https://localip.com/oauth2/callback/saml

I’m guessing I need to instruct NGINX to rewrite the callback, how do I do it?

Answers

- DubravkoPenezic
- February 25, 2021 at 11:47 am
- 0 votes
0
I have same issue, but i run Apache server , and my proxy configuration is as follow:
```
  ## Proxy rules
  ProxyRequests Off
  ProxyPreserveHost On
  ProxyPass / http://127.0.0.1:9000/
  ProxyPassReverse / http://127.0.0.1:9000/
  RequestHeader set X-Forwarded-Proto "https"
  RequestHeader set X-Forwarded-Port "443"
```
what solve issue is adding :
```
  RequestHeader set X-Forwarded-Proto "https"
  RequestHeader set X-Forwarded-Port "443"
```
Login or Signup to reply.

- JoshuaMcKinnon
- July 22, 2021 at 7:10 am
- 0 votes
0
You don’t show a sample config, but I recently hit the same issue as you when setting up SonarQube 9 behind an nginx reverse proxy w/ SAML.

You’re not authorized to access this page. Please contact the administrator. Reason: The response was received at http://localhost:9000/oauth2/callback/saml instead of https://localip.com/oauth2/callback/saml

The most likely fix for this is to add these 2 lines to your server proxypass section in your nginx proxy config:
```
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
```
Sonarsource had a post about this for IIS reverse proxies, where they indicate 2 important things:
1. That HTTP_X_FORWARDED_PROTO is set to https
2. That host headers are preserved
The lines in my above code snippet handle the NGINX equivalents for #1 and #2 in that order.

Their Operating the Server page also gives this sample config:
```
# the server directive is Nginx's virtual host directive
server { 
 # port to listen on. Can also be set to an IP:PORT 
 listen 443 ssl;
 ssl_certificate ${path_to_your_certificate_file}
 ssl_certificate_key ${path_to_your_certificate_key_file}
 location / {
   proxy_pass ${address_of_your_sonarqube_instance_behind_proxy}
   proxy_set_header Host $host;
   proxy_set_header X-Forwarded-For $remote_addr;
   proxy_set_header X-Forwarded-Proto https;
 }
}
```
Based on your error message, the proxy_pass line will most likely something like proxy_pass http://localhost:9000. That’s how I set mine up as well.
Login or Signup to reply.

- KarlCasas
- January 11, 2023 at 6:13 am
- 0 votes
0
Just go to https://{sonarqube_domain}/admin/settings and make sure Server base URL is set to https://{sonarqube_domain}

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.