Can Jenkins redirect HTTP requests to HTTPS?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Can Jenkins redirect HTTP requests to HTTPS?

Owen B. Mehegan
I'm running Jenkins 1.596.1 on Linux, using the built-in Jetty server. I have it serving HTTP and HTTPS successfully, and now I'm trying to figure out a way to redirect all HTTP requests to HTTPS. I've searched for Jetty-specific ways to do this, but the answers I've found don't really mesh with the Jenkins configuration, as far as I can see. Can anyone suggest a way to do this?

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/7434f4b3-7f49-4eb8-abe2-e05027f97f55%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Can Jenkins redirect HTTP requests to HTTPS?

Owen B. Mehegan
I guess the native Jenkins server is Winstone, not Jetty, and it doesn't look like there's a way to do this there. It's sounding like I will need an nginx redirect.

On Friday, March 6, 2015 at 3:46:35 PM UTC-8, Owen B. Mehegan wrote:
I'm running Jenkins 1.596.1 on Linux, using the built-in Jetty server. I have it serving HTTP and HTTPS successfully, and now I'm trying to figure out a way to redirect all HTTP requests to HTTPS. I've searched for Jetty-specific ways to do this, but the answers I've found don't really mesh with the Jenkins configuration, as far as I can see. Can anyone suggest a way to do this?

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/b049d866-ba37-4a79-a742-f738b25cf9a1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Can Jenkins redirect HTTP requests to HTTPS?

Tim Black
Owen, did your assertion turn out to be true? Is a reverse proxy required to perform this redirection of jenkins requests from http (80,8080) to https (port 8443)? 

I'm currently using iptables to forward 443 to 8443 to allow my users to not require a port in the URL, however, this does still require "https://" in the URL. So, like you (probably) I'd like to redirect http ports to jenkins default ssl/https port 8443. But I'm not sure if a simple port forward from 80/8080 to 8443 would work, or if it would break the ssl negotiation that needs to happen. 

So far, my attempts to add these rules have not succeeded in redirecting http requests on port 80 to https requests on port 443. 

I'm sure I'm missing something important here. In case someone is listening here is what my nat iptable looks like:

jenkins@jenkins-testing:~$ sudo iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 13 packets, 1810 bytes)
 pkts bytes target     prot opt in     out     source               destination
    7   364 REDIRECT   tcp  --  ens192 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 /* Ansible-generated. */ redir ports 8443
    0     0 REDIRECT   tcp  --  ens192 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080 /* Ansible-generated. */ redir ports 8443
    2   104 REDIRECT   tcp  --  ens192 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 /* Ansible-generated. */ redir ports 8443
    1    60 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 20 packets, 1582 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 151 packets, 10870 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0

Chain OUTPUT (policy ACCEPT 151 packets, 10870 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0

On Friday, March 6, 2015 at 5:20:51 PM UTC-8 Owen B. Mehegan wrote:
I guess the native Jenkins server is Winstone, not Jetty, and it doesn't look like there's a way to do this there. It's sounding like I will need an nginx redirect.


On Friday, March 6, 2015 at 3:46:35 PM UTC-8, Owen B. Mehegan wrote:
I'm running Jenkins 1.596.1 on Linux, using the built-in Jetty server. I have it serving HTTP and HTTPS successfully, and now I'm trying to figure out a way to redirect all HTTP requests to HTTPS. I've searched for Jetty-specific ways to do this, but the answers I've found don't really mesh with the Jenkins configuration, as far as I can see. Can anyone suggest a way to do this?

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/bb39050b-c605-4b83-b09e-621079902c78n%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: Can Jenkins redirect HTTP requests to HTTPS?

slide
You can do it on a much more recent version of Jenkins, see this PR https://github.com/jenkinsci/winstone/pull/98, it adds the --httpsRedirectHttp parameter.

Regards,

Alex

On Fri, Oct 23, 2020 at 12:49 PM Tim Black <[hidden email]> wrote:
Owen, did your assertion turn out to be true? Is a reverse proxy required to perform this redirection of jenkins requests from http (80,8080) to https (port 8443)? 

I'm currently using iptables to forward 443 to 8443 to allow my users to not require a port in the URL, however, this does still require "https://" in the URL. So, like you (probably) I'd like to redirect http ports to jenkins default ssl/https port 8443. But I'm not sure if a simple port forward from 80/8080 to 8443 would work, or if it would break the ssl negotiation that needs to happen. 

So far, my attempts to add these rules have not succeeded in redirecting http requests on port 80 to https requests on port 443. 

I'm sure I'm missing something important here. In case someone is listening here is what my nat iptable looks like:

jenkins@jenkins-testing:~$ sudo iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 13 packets, 1810 bytes)
 pkts bytes target     prot opt in     out     source               destination
    7   364 REDIRECT   tcp  --  ens192 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 /* Ansible-generated. */ redir ports 8443
    0     0 REDIRECT   tcp  --  ens192 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080 /* Ansible-generated. */ redir ports 8443
    2   104 REDIRECT   tcp  --  ens192 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 /* Ansible-generated. */ redir ports 8443
    1    60 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 20 packets, 1582 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 151 packets, 10870 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0

Chain OUTPUT (policy ACCEPT 151 packets, 10870 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0

On Friday, March 6, 2015 at 5:20:51 PM UTC-8 Owen B. Mehegan wrote:
I guess the native Jenkins server is Winstone, not Jetty, and it doesn't look like there's a way to do this there. It's sounding like I will need an nginx redirect.


On Friday, March 6, 2015 at 3:46:35 PM UTC-8, Owen B. Mehegan wrote:
I'm running Jenkins 1.596.1 on Linux, using the built-in Jetty server. I have it serving HTTP and HTTPS successfully, and now I'm trying to figure out a way to redirect all HTTP requests to HTTPS. I've searched for Jetty-specific ways to do this, but the answers I've found don't really mesh with the Jenkins configuration, as far as I can see. Can anyone suggest a way to do this?

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/bb39050b-c605-4b83-b09e-621079902c78n%40googlegroups.com.


--

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAPiUgVexveqSZGM%2BnDV4E7gr-9xvVY-_EkKgVJAFFp7wk%3Df0eA%40mail.gmail.com.