未找到 Sonarqube 服务器 (Jenkins)

Question

I have already integrated Jenkins and Sonarqube. However, when I run the pipeline, it says that the Sonarqube server can't be found. I am running Sonarqube behind an nginx reverse proxy. Port 9000 of Sonarqube container is open and is being redirected to Port 8445. It also says in the error that the self-signed certs can't be recognized. Is there any solution to this? It's my first time running Sonarqube behind an nginx reverse proxy.

06:26:55.849 INFO: Scanner configuration file: /var/jenkins_home/sonar_scanner/conf/sonar-scanner.properties
06:26:55.852 INFO: Project root configuration file: NONE
06:26:55.884 INFO: SonarScanner 4.7.0.2747
06:26:55.884 INFO: Java 11.0.14.1 Eclipse Adoptium (64-bit)
06:26:55.884 INFO: Linux 4.18.0-348.12.2.el8_5.x86_64 amd64
06:26:56.044 DEBUG: keyStore is :
06:26:56.044 DEBUG: keyStore type is : pkcs12
06:26:56.044 DEBUG: keyStore provider is :
06:26:56.045 DEBUG: init keystore
06:26:56.045 DEBUG: init keymanager of type SunX509
06:26:56.187 DEBUG: Create: /var/jenkins_home/.sonar/cache
06:26:56.188 INFO: User cache: /var/jenkins_home/.sonar/cache
06:26:56.188 DEBUG: Create: /var/jenkins_home/.sonar/cache/_tmp
06:26:56.190 DEBUG: Extract sonar-scanner-api-batch in temp...
06:26:56.194 DEBUG: Get bootstrap index...
06:26:56.194 DEBUG: Download: https://10.240.130.73:8445/batch/index
06:26:56.333 ERROR: SonarQube server [https://10.240.130.73:8445] can not be reached
06:26:56.333 INFO: ------------------------------------------------------------------------
06:26:56.333 INFO: EXECUTION FAILURE
06:26:56.333 INFO: ------------------------------------------------------------------------
06:26:56.334 INFO: Total time: 0.508s
06:26:56.345 INFO: Final Memory: 4M/48M
06:26:56.346 INFO: ------------------------------------------------------------------------
06:26:56.346 ERROR: Error during SonarScanner execution
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarScanner analysis
    at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:85)
    at java.base/java.security.AccessController.doPrivileged(Native Method)
    at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:74)
    at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:70)
    at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:185)
    at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:123)
    at org.sonarsource.scanner.cli.Main.execute(Main.java:73)
    at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.IllegalStateException: Fail to get bootstrap index from server
    at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:42)
    at org.sonarsource.scanner.api.internal.JarDownloader.getScannerEngineFiles(JarDownloader.java:58)
    at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:53)
    at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:76)
    ... 7 more
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
    at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
    at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
    at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source)
    at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
    at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
    at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
    at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
    at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connectTls(RealConnection.java:336)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.establishProtocol(RealConnection.java:300)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connect(RealConnection.java:185)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:224)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:108)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ExchangeFinder.find(ExchangeFinder.java:88)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.Transmitter.newExchange(Transmitter.java:169)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:41)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:88)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.getResponseWithInterceptorChain(RealCall.java:221)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.execute(RealCall.java:81)
    at org.sonarsource.scanner.api.internal.ServerConnection.callUrl(ServerConnection.java:115)
    at org.sonarsource.scanner.api.internal.ServerConnection.downloadString(ServerConnection.java:99)
    at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:39)
    ... 10 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
    at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
    at java.base/sun.security.validator.Validator.validate(Unknown Source)
    at java.base/sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    ... 45 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
    at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
    ... 51 more

Answer 1

I believe you need to add a self-signed certificate to sonarqube.

In case you use sonarqube with docker, you could use the following Dockerfile to run sonarqube with a self-signed certificate. Just add the values for HOST and PORT to your needs. Furthermore I would recommend to rename the alias myhost to something useful.

FROM sonarqube:community

USER root

# add host and port for sonarqube
ARG HOST
ARG PORT

RUN apk update && \
    apk add \
        openssl

# add self-signed certificate for https://<host>:<port>
RUN openssl s_client -connect ${HOST}:${PORT} </dev/null 2>/dev/null|openssl x509 -outform PEM > myhost.pem

# delete certificate (if exists)
RUN keytool -delete \
    -keystore /usr/lib/jvm/default-jvm/jre/lib/security/cacerts \
    -storepass changeit \
    -alias myhost \
    -noprompt

# add certificate
RUN keytool -importcert \
    -keystore /usr/lib/jvm/default-jvm/jre/lib/security/cacerts \
    -storepass changeit \
    -alias myhost \
    -file myhost.pem \
    -noprompt

Then re-start the container with docker or docker-compose .