Ok the network so far is
end user (https)-> cloudfront (http)-> haproxy (http)-> jenkins
My jenkins install mostly works but I see the error about proxy not being set up correctly, and I experience https://issues.jenkins-ci.org/browse/JENKINS-14313
I've read the following, but encountered some confusing issues.
- https://wiki.jenkins.io/display/JENKINS/Running+Jenkins+behind+HAProxy
- https://gist.github.com/xelwarto/ac4f8b43e4194355082c
This is what I've come up with so far
defaults
mode http
retries 3
timeout connect 120s
timeout client 60s
timeout server 60s
resolvers docker
nameserver dns "127.0.0.11:53"
frontend web
bind *:8080
default_backend jenkins
backend jenkins
cookie SERVERID insert indirect nocache
server jenkins jenkins:8080 check cookie s1 resolvers docker resolve-prefer ipv4
acl h_cfp_exists req.hdr(CloudFront-Forwarded-Proto) -m found
acl response-is-redirect res.hdr(Location) -m found
http-request set-header X-Forwarded-Proto https if h_cfp_exists
Here's the headers(headers have had their domain and secure strings mangled, slashes and names preserved) received by jenkins
POST /j_acegi_security_check HTTP/1.1
Host: jenkins.default.mydomain.tld
X-Amz-Cf-Id: _UoBjzMmiJvkMZOnRbt6Ai2rBZ4hm1jAz_5IGAi3OwI9TxQ5tCW5Bg==
Content-Length: 339
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 OPR/49.0.2725.64
Via: 2.0 9a063989aee4dbd9381a2cf612c17c08.cloudfront.net (CloudFront)
Cookie: JSESSIONID.0262fa7d=node01f8yc6mw0a5p6gv09wvy275j610.node0; JSESSIONID.9f7e10bd=node01i3tan71bopiv2ufhmos5dccq83.node0; JSESSIONID.d3f1b83b=node0nqkbin0vx70f12cdr9kmgatyk6.node0
X-Forwarded-For: 2605:6000:1025:bd:31c7:df4d:6bd6:8b9c
CloudFront-Is-Mobile-Viewer: false
CloudFront-Is-Tablet-Viewer: false
CloudFront-Is-SmartTV-Viewer: false
CloudFront-Is-Desktop-Viewer: true
CloudFront-Viewer-Country: US
Accept-Language: en-US,en;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://jenkins.default.mydomain.tld/
CloudFront-Forwarded-Proto: https
Accept-Encoding: gzip, deflate, br
cache-control: max-age=0
origin: https://jenkins.default.mydomain.tld
upgrade-insecure-requests: 1
content-type: application/x-www-form-urlencoded
X-Forwarded-Proto: https
and the response as received by the browser
content-length:0
date:Wed, 10 Jan 2018 15:45:21 GMT
expires:Thu, 01 Jan 1970 00:00:00 GMT
location:https://jenkins.default.mydomain.tld/
server:Jetty(9.4.z-SNAPSHOT)
set-cookie:JSESSIONID.d3f1b83b=node01o.node0;Path=/;Secure;HttpOnly
set-cookie:ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE=Y2N1c2hpbmc6MTUxNjgwODcyMTQ5OTpmMmIzNDVkYjE2ODdhRlMGJmNWYz;Path=/;Expires=Wed, 24-Jan-2018 15:45:21 GMT;Max-Age=1209600;Secure;HttpOnly
status:302
via:1.1 6d16d2818.cloudfront.net (CloudFront)
x-amz-cf-id:WZMDdUGVK4fRg6E04gN2sr9RIgKDqeK0-kAANBbeu7eB3uFv9cAkQw==
x-cache:Miss from cloudfront
x-content-type-options:nosniff
I then see a subsequent GET /login HTTP/1.1 but I don't understand why it'd be doing that. Also possibly of interest, there is no default view set in configure globals, in fact the configuration for that seems to be absent. accessed over http, via haproxy everything is fine well the warning still shows, seems I can fix that by setting the jenkins uri to use http://IP:port.
how do I fix my haproxy setup such that jenkins login will not show the login form where the dashboard should be? can anyone explain the transformations that need to be done in a proxy technology agnostic way and why (.e.g. examples seem to show 127.0.0.1:8080, but htat's obviously not going to work for me, however since Location is returning https, I'm not sure why I'd need to do anything like that)?
0 Answers