I'm setting up Jenkins with Tomcat on AWS behind an ELB. I want ELB to terminate SSL connections and make a non-SSL connections to the backend jenkins on 8080.
My connection looks like --
Incoming 443 to ELB -> non-SSL incoming to jenkins on EC2 on 8080
Outgoing 443 to ELB <- non-SSL traffic from jenkins outgoing to ELB
Ive got the first one working where I can access jenkins via https://. However, jenkins says -- "It appears that your reverse proxy set up is broken" and has a link to https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+says+my+reverse+proxy+setup+is+broken
I'm not too familiar with tomcat configuration and I think it needs a proxy configuration. I tried adding proxyPort="443" to my server.xml for the connector port="8080" .. line and that didn't work.
How do you ensure that ELB acts as a SSL to non-SSL proxy and jenkins http responses from tomcat are sent as https:// by the ELB
After further effort to solve this, I figured out a way to get what I wanted done. Instead of me deploying a war from jenkins manually, I installed jenkins from their RHEL distribution repo and everything seems to be working well.
My setup is:
Internet -> (443) ELB (443) ---> (8080) EC2 Jenkins
ELB has no stickiness enabled and is terminating SSL connections. Connection to Jenkins backend is over HTTP.
Hopefully this will help anyone who wants to run Jenkins directly behind an ELB without a webserver inbetween to proxy.
If you are deploying Jenkins via the WAR file, you can setup the ELB to forward HTTPS connections over port 8080.
In the ELB Listeners, setup a new listener with protocol as HTTPS, and in the port change 443 to 8080. Select instance protocol as HTTP and port as 8080. Now when you go to https://jenkins.server.com:8080, it should serve you the Jenkins running from the WAR.