Cannot generate SBOM when using external_url and reverse proxy

[hydezhao]

If you are reporting a problem, please make sure the following information are provided:

Expected behavior and actual behavior:
Actual:
I've installed Harbor and configured with external_url and a reverse proxy, and i've installed Harbor Trivy adapter on another machine. The vulnerability scan is working while the SBOM generation is failing with following errors:

2024-08-21T06:59:38Z [ERROR] [/pkg/scan/sbom/sbom.go:106]: error when create accessory from image Get "https://harbor.mycompany.com/v2/": dial tcp x.x.x.x:443: i/o timeout
2024-08-21T06:59:38Z [ERROR] [/pkg/scan/job.go:307]: handler failed at PostScan, report 72ed0d4f-e6e1-4e3e-8630-bb6f600ddba3, error Get "https://harbor.mycompany.com/v2/": dial tcp x.x.x.x:443: i/o timeout
What did you expect to happen:

Expected:
SBOM can be generated without error.

Steps to reproduce the problem:
Please provide the steps to reproduce this problem.

Versions:
Harbor version: 2.11.1
Harbor Scanner Adapter for Trivy version: 2.11.1
Harbor installation process (Installer script, Helm chart, etc.): installer

• harbor version: 2.11.1
• docker engine version: 27.1.1

Additional context:

• Harbor config files: You can get them by packaging harbor.yml and files in the same directory, including subdirectory.
• Log files: You can get them by package the /var/log/harbor/ .

[hydezhao]

I found out that my iptables was blocking harbor-jobservice from calling harbor via its external_url https://harbor.mycompany.com, when i change the iptables config to authorize this flux, SBOM well generated.

While I think it should always be fixed, jobservice should use the internal url to call core service.

[Solfood]

Ran into this as well. Looks like it was fixed in #20565.

Updating to 2.11.1 fixed for me.