I'm setting up a Jenkins server, to run under Tomcat behind Apache. I'm using virtual hosts with SSL using SNI so I can access it at https://jenkins.example.com, and serve something else on, say, http://www.example.com.
I've got it up and running, but when I click "Manage Jenkins", it tells me It appears your reverse proxy setup is broken.
Note that I'm using a self-signed SSL certificate, and jenkins.example.com is not the default virtual hosts.
The relevant apache config looks like this:
<VirtualHost *:80>
ServerName jenkins.example.com
Redirect / https://jenkins.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName jenkins.example.com
SSLEngine on
SSLCertificateFile /etc/ssl/certs/jenkins.example.com.crt
SSLCertificateKeyFile /etc/ssl/private/jenkins.example.com.key
<Location />
AuthType Digest
AuthName "Jenkins"
AuthUserFile "/etc/htpasswords"
Require valid-user
</Location>
ProxyRequests Off
ProxyPreserveHost On
<Proxy http://localhost:8080*>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPassReverse / https://jenkins.example.com
</VirtualHost>
If I do:
curl --user "username:password" --digest -k https://jenkins.example.com/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/test -L
Then I see the output:
<div/>
If I run wget with debug, then I see at that some point wget gets a pointer to http instead of https, not sure why that's happening or if it's related, but it does redirect properly:
---response begin---
HTTP/1.1 302 Moved Temporarily
Date: Tue, 17 Jan 2012 19:47:16 GMT
Server: Apache-Coyote/1.1
Location: http://jenkins.example.com/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/test-for-reverse-proxy-setup
Content-Length: 0
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/plain
I'm running on Ubuntu 11.04, Apache 2.2.17, Tomcat 6.0.28, Jenkins 1.448.
The one issue that I see with your config is that:
Should be:
Seems like the service is sending
http://instead ofhttps://location headers (probably because your connection to its listener from Apache is unencrypted on the localhost listener), in which case you'll need to add:So, what's probably occurring currently is the API call is failing because it gets an
http://address in theLocation:header of the redirect (which is missed for un-translation in theProxyPassReversebecause it's nothttp).It sends the request to that location and gets another redirect response, from your
<VirtualHost *:80>. Their validity checker knows that ain't right and errors, whilecurlfollows one more redirect and gets a valid response.Add the
ProxyPassReverseforhttp://above and this should correct the issue, if I'm right.If you use Apache as reverse proxy, it needs to be at least 2.2.18 and set the option
AllowEncodedSlashes NoDecode(earlier versions only have values On and Off, both of which are wrong); as well asnocanonin theProxyPassdirective.Both need to be set within the VirtualHost, as AllowEncodedSlashes isn't inherited.
via https://stackoverflow.com/a/33179008/923560:
Make sure the Jenkins URL configured in the System Configuration matches the URL you're using to access Jenkins.
To reach the System Configuration:
Ensure that port value matches with the port value set in the
<arguments>section of the jenkins.xml file located in the Jenkins folder on your machine.