Quantcast

Hudson behind an Apache Reverse Proxy w/ SSL

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Hudson behind an Apache Reverse Proxy w/ SSL

Alesque
I'm currently trying to expose an Hudson instance behind an Apache Reverse Proxy w/ SSL.

The Apache conf:

<VirtualHost *:443>

        ServerName build.domain.tld
        ServerAdmin it@domain.tld

        ProxyPass / http://127.0.0.1:8080/
        ProxyPassReverse / http://127.0.0.1:8080/
        ProxyPreserveHost on

        SSLEngine on
        SSLCertificateFile /etc/ssl/private/wildcard_cert.cert
        SSLCertificateKeyFile /etc/ssl/private/wildcard_key.pem
        SSLOptions StrictRequire
        SSLProtocol all -SSLv2

        ErrorLog /var/log/apache2/error.log
        CustomLog /var/log/apache2/access.log combined

</VirtualHost>               

Hudson is running with Winstone:

/usr/bin/java -Xmx256m -jar /usr/local/hudson/hudson.war

I modified the Hudson URL through the Manage Hudson / Configure System accordingly (e.g. https://build.domain.tld/). When I click Save I get an error :

Response Headers:
-----------------
Date: Thu, 26 Jun 2008 09:06:43 GMT
Server: Winstone Servlet Engine v0.9.10
Location: http://build.domain.tld/
Content-Length: 0
X-Powered-By: Servlet/2.5 (Winstone/0.9.10)
Via: 1.1 build.olympefoundation.org
Content-Type: text/plain
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive

Response Body:
--------------
<html><head><title>Error 400</title></head><body bgcolor="#ffffff">

Status Code: 400

Exception
: This page expects a form submission<br>Stacktrace: <pre>(none)
</pre><br><hr size="1" width="90%">Generated by Winstone Servlet Engine v0.9.10 at Thu Jun 26 11:06
:48 CEST 2008
</body></html>

Exception:
----------
[webapp 2008/06/26 09:23:33] - Error while serving http://build.domain.tldnull java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:103)
        at org.kohsuke.stapler.Function.bindAndinvoke(Function.java:57)
        at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:75)
        at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
        at org.kohsuke.stapler.Stapler.invoke(Stapler.java:440)
        at org.kohsuke.stapler.Stapler.invoke(Stapler.java:361)
        at org.kohsuke.stapler.Stapler.service(Stapler.java:121)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
        at winstone.ServletConfiguration.execute(ServletConfiguration.java:249)
        at winstone.RequestDispatcher.forward(RequestDispatcher.java:335)
        at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378)
        at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:38)
        at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:30)
        at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
        at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
        at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:88)
        at winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
        at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
        at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
        at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
        at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
        at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.Error: This page expects a form submission
        at hudson.StructuredForm.get(StructuredForm.java:28)
        at hudson.model.Hudson.doConfigSubmit(Hudson.java:1466)
        ... 26 more


The Location value references an http location instead of https.

If a go back to the home of Hudson everything seems working until I click on an URL sending a 302 HTTP status with a malformed Location in the response headers.


Any help would be appreciated,

Regards,
Alexandre
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Hudson behind an Apache Reverse Proxy w/ SSL

Kohsuke Kawaguchi
Administrator

I think first we need to differenciate whether this is a browser
JavaScript problem or the apache problem.

Please try the scripting console (http://server/hudson/script) and try
typing something like

    print "abc";

and click run. If this runs successfully, I suspect the issue is a
browser issue and not your apache configuration.

Another useful test is try to hit port 8080 directly via HTTP and see if
that's working.

Let me know those two results and we can narrow down the possibilities.

alesque wrote:

> I'm currently trying to expose an Hudson instance behind an Apache Reverse
> Proxy w/ SSL.
>
> The Apache conf:
>
> <VirtualHost *:443>
>
>         ServerName build.domain.tld
>         ServerAdmin [hidden email]
>
>         ProxyPass / http://127.0.0.1:8080/
>         ProxyPassReverse / http://127.0.0.1:8080/
>         ProxyPreserveHost on
>
>         SSLEngine on
>         SSLCertificateFile /etc/ssl/private/wildcard_cert.cert
>         SSLCertificateKeyFile /etc/ssl/private/wildcard_key.pem
>         SSLOptions StrictRequire
>         SSLProtocol all -SSLv2
>
>         ErrorLog /var/log/apache2/error.log
>         CustomLog /var/log/apache2/access.log combined
>
> </VirtualHost>
>
> Hudson is running with Winstone:
>
> /usr/bin/java -Xmx256m -jar /usr/local/hudson/hudson.war
>
> I modified the Hudson URL through the Manage Hudson / Configure System
> accordingly (e.g. https://build.domain.tld/). When I click Save I get an
> error :
>
> Response Headers:
> -----------------
> Date: Thu, 26 Jun 2008 09:06:43 GMT
> Server: Winstone Servlet Engine v0.9.10
> Location: http://build.domain.tld/
> Content-Length: 0
> X-Powered-By: Servlet/2.5 (Winstone/0.9.10)
> Via: 1.1 build.olympefoundation.org
> Content-Type: text/plain
> Keep-Alive: timeout=5, max=92
> Connection: Keep-Alive
>
> Response Body:
> --------------
> <html><head><title>Error 400</title></head><body
> bgcolor="#ffffff"><h1>Status Code: 400</h1>Exception
> : This page expects a form submission<br>Stacktrace: <pre>(none)
> </pre><br><hr size="1" width="90%">Generated by Winstone Servlet Engine
> v0.9.10 at Thu Jun 26 11:06
> :48 CEST 2008</body></html>
>
> Exception:
> ----------
> [webapp 2008/06/26 09:23:33] - Error while serving
> http://build.domain.tldnull java.lang.reflect.InvocationTargetException
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:597)
>         at
> org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:103)
>         at org.kohsuke.stapler.Function.bindAndinvoke(Function.java:57)
>         at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:75)
>         at
> org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
>         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:440)
>         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:361)
>         at org.kohsuke.stapler.Stapler.service(Stapler.java:121)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
>         at
> winstone.ServletConfiguration.execute(ServletConfiguration.java:249)
>         at winstone.RequestDispatcher.forward(RequestDispatcher.java:335)
>         at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378)
>         at
> hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:38)
>         at
> hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:30)
>         at
> winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
>         at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
>         at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:88)
>         at
> winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
>         at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
>         at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
>         at
> winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
>         at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
>         at java.lang.Thread.run(Thread.java:619)
> Caused by: java.lang.Error: This page expects a form submission
>         at hudson.StructuredForm.get(StructuredForm.java:28)
>         at hudson.model.Hudson.doConfigSubmit(Hudson.java:1466)
>         ... 26 more
>
>
> The Location value references an http location instead of https.
>
> If a go back to the home of Hudson everything seems working until I click on
> an URL sending a 302 HTTP status with a malformed Location in the response
> headers.
>
>
> Any help would be appreciated,
>
> Regards,
> Alexandre

--
Kohsuke Kawaguchi
Sun Microsystems                   [hidden email]

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Hudson behind an Apache Reverse Proxy w/ SSL

Alesque
Hi,

When Winstone runs in HTTP mode, Hudson is not aware that the Apache Reverse Proxy handles connection through https. So Hudson sends redirects with http:// scheme instead of https://.

I set SSL up in Winstone and now everything works like a charm.

Regards,
Alexandre

kohsuke wrote
I think first we need to differenciate whether this is a browser
JavaScript problem or the apache problem.

Please try the scripting console (http://server/hudson/script) and try
typing something like

    print "abc";

and click run. If this runs successfully, I suspect the issue is a
browser issue and not your apache configuration.

Another useful test is try to hit port 8080 directly via HTTP and see if
that's working.

Let me know those two results and we can narrow down the possibilities.

alesque wrote:
> I'm currently trying to expose an Hudson instance behind an Apache Reverse
> Proxy w/ SSL.
>
> The Apache conf:
>
> <VirtualHost *:443>
>
>         ServerName build.domain.tld
>         ServerAdmin it@domain.tld
>
>         ProxyPass / http://127.0.0.1:8080/
>         ProxyPassReverse / http://127.0.0.1:8080/
>         ProxyPreserveHost on
>
>         SSLEngine on
>         SSLCertificateFile /etc/ssl/private/wildcard_cert.cert
>         SSLCertificateKeyFile /etc/ssl/private/wildcard_key.pem
>         SSLOptions StrictRequire
>         SSLProtocol all -SSLv2
>
>         ErrorLog /var/log/apache2/error.log
>         CustomLog /var/log/apache2/access.log combined
>
> </VirtualHost>               
>
> Hudson is running with Winstone:
>
> /usr/bin/java -Xmx256m -jar /usr/local/hudson/hudson.war
>
> I modified the Hudson URL through the Manage Hudson / Configure System
> accordingly (e.g. https://build.domain.tld/). When I click Save I get an
> error :
>
> Response Headers:
> -----------------
> Date: Thu, 26 Jun 2008 09:06:43 GMT
> Server: Winstone Servlet Engine v0.9.10
> Location: http://build.domain.tld/
> Content-Length: 0
> X-Powered-By: Servlet/2.5 (Winstone/0.9.10)
> Via: 1.1 build.olympefoundation.org
> Content-Type: text/plain
> Keep-Alive: timeout=5, max=92
> Connection: Keep-Alive
>
> Response Body:
> --------------
> <html><head><title>Error 400</title></head><body
> bgcolor="#ffffff">

Status Code: 400

Exception
> : This page expects a form submission<br>Stacktrace: <pre>(none)
> </pre><br><hr size="1" width="90%">Generated by Winstone Servlet Engine
> v0.9.10 at Thu Jun 26 11:06
> :48 CEST 2008</body></html>
>
> Exception:
> ----------
> [webapp 2008/06/26 09:23:33] - Error while serving
> http://build.domain.tldnull java.lang.reflect.InvocationTargetException
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:597)
>         at
> org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:103)
>         at org.kohsuke.stapler.Function.bindAndinvoke(Function.java:57)
>         at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:75)
>         at
> org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
>         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:440)
>         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:361)
>         at org.kohsuke.stapler.Stapler.service(Stapler.java:121)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
>         at
> winstone.ServletConfiguration.execute(ServletConfiguration.java:249)
>         at winstone.RequestDispatcher.forward(RequestDispatcher.java:335)
>         at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378)
>         at
> hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:38)
>         at
> hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:30)
>         at
> winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
>         at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
>         at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:88)
>         at
> winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
>         at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
>         at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
>         at
> winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
>         at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
>         at java.lang.Thread.run(Thread.java:619)
> Caused by: java.lang.Error: This page expects a form submission
>         at hudson.StructuredForm.get(StructuredForm.java:28)
>         at hudson.model.Hudson.doConfigSubmit(Hudson.java:1466)
>         ... 26 more
>
>
> The Location value references an http location instead of https.
>
> If a go back to the home of Hudson everything seems working until I click on
> an URL sending a 302 HTTP status with a malformed Location in the response
> headers.
>
>
> Any help would be appreciated,
>
> Regards,
> Alexandre


--
Kohsuke Kawaguchi
Sun Microsystems                   kohsuke.kawaguchi@sun.com

 
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Hudson behind an Apache Reverse Proxy w/ SSL

Kohsuke Kawaguchi
Administrator
Out of curiosity and for others in the same situation, how did you
configure Winstone to do this?

2008/7/1 alesque <[hidden email]>:

>
> Hi,
>
> When Winstone runs in HTTP mode, Hudson is not aware that the Apache Reverse
> Proxy handles connection through https. So Hudson sends redirects with
> http:// scheme instead of https://.
>
> I set SSL up in Winstone and now everything works like a charm.
>
> Regards,
> Alexandre
>
>
> kohsuke wrote:
>>
>>
>> I think first we need to differenciate whether this is a browser
>> JavaScript problem or the apache problem.
>>
>> Please try the scripting console (http://server/hudson/script) and try
>> typing something like
>>
>>     print "abc";
>>
>> and click run. If this runs successfully, I suspect the issue is a
>> browser issue and not your apache configuration.
>>
>> Another useful test is try to hit port 8080 directly via HTTP and see if
>> that's working.
>>
>> Let me know those two results and we can narrow down the possibilities.
>>
>> alesque wrote:
>>> I'm currently trying to expose an Hudson instance behind an Apache
>>> Reverse
>>> Proxy w/ SSL.
>>>
>>> The Apache conf:
>>>
>>> <VirtualHost *:443>
>>>
>>>         ServerName build.domain.tld
>>>         ServerAdmin [hidden email]
>>>
>>>         ProxyPass / http://127.0.0.1:8080/
>>>         ProxyPassReverse / http://127.0.0.1:8080/
>>>         ProxyPreserveHost on
>>>
>>>         SSLEngine on
>>>         SSLCertificateFile /etc/ssl/private/wildcard_cert.cert
>>>         SSLCertificateKeyFile /etc/ssl/private/wildcard_key.pem
>>>         SSLOptions StrictRequire
>>>         SSLProtocol all -SSLv2
>>>
>>>         ErrorLog /var/log/apache2/error.log
>>>         CustomLog /var/log/apache2/access.log combined
>>>
>>> </VirtualHost>
>>>
>>> Hudson is running with Winstone:
>>>
>>> /usr/bin/java -Xmx256m -jar /usr/local/hudson/hudson.war
>>>
>>> I modified the Hudson URL through the Manage Hudson / Configure System
>>> accordingly (e.g. https://build.domain.tld/). When I click Save I get an
>>> error :
>>>
>>> Response Headers:
>>> -----------------
>>> Date: Thu, 26 Jun 2008 09:06:43 GMT
>>> Server: Winstone Servlet Engine v0.9.10
>>> Location: http://build.domain.tld/
>>> Content-Length: 0
>>> X-Powered-By: Servlet/2.5 (Winstone/0.9.10)
>>> Via: 1.1 build.olympefoundation.org
>>> Content-Type: text/plain
>>> Keep-Alive: timeout=5, max=92
>>> Connection: Keep-Alive
>>>
>>> Response Body:
>>> --------------
>>> <html><head><title>Error 400</title></head><body
>>> bgcolor="#ffffff"><h1>Status Code: 400</h1>Exception
>>> : This page expects a form submission<br>Stacktrace: <pre>(none)
>>> </pre><br><hr size="1" width="90%">Generated by Winstone Servlet Engine
>>> v0.9.10 at Thu Jun 26 11:06
>>> :48 CEST 2008</body></html>
>>>
>>> Exception:
>>> ----------
>>> [webapp 2008/06/26 09:23:33] - Error while serving
>>> http://build.domain.tldnull java.lang.reflect.InvocationTargetException
>>>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>         at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>         at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>         at java.lang.reflect.Method.invoke(Method.java:597)
>>>         at
>>> org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:103)
>>>         at org.kohsuke.stapler.Function.bindAndinvoke(Function.java:57)
>>>         at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:75)
>>>         at
>>> org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
>>>         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:440)
>>>         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:361)
>>>         at org.kohsuke.stapler.Stapler.service(Stapler.java:121)
>>>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
>>>         at
>>> winstone.ServletConfiguration.execute(ServletConfiguration.java:249)
>>>         at winstone.RequestDispatcher.forward(RequestDispatcher.java:335)
>>>         at
>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378)
>>>         at
>>> hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:38)
>>>         at
>>> hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:30)
>>>         at
>>> winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
>>>         at
>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
>>>         at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:88)
>>>         at
>>> winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
>>>         at
>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
>>>         at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
>>>         at
>>> winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
>>>         at
>>> winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
>>>         at java.lang.Thread.run(Thread.java:619)
>>> Caused by: java.lang.Error: This page expects a form submission
>>>         at hudson.StructuredForm.get(StructuredForm.java:28)
>>>         at hudson.model.Hudson.doConfigSubmit(Hudson.java:1466)
>>>         ... 26 more
>>>
>>>
>>> The Location value references an http location instead of https.
>>>
>>> If a go back to the home of Hudson everything seems working until I click
>>> on
>>> an URL sending a 302 HTTP status with a malformed Location in the
>>> response
>>> headers.
>>>
>>>
>>> Any help would be appreciated,
>>>
>>> Regards,
>>> Alexandre
>>
>>
>> --
>> Kohsuke Kawaguchi
>> Sun Microsystems                   [hidden email]
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/Hudson-behind-an-Apache-Reverse-Proxy-w--SSL-tp18132618p18210874.html
> Sent from the Hudson users mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>



--
Kohsuke Kawaguchi

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Hudson behind an Apache Reverse Proxy w/ SSL

Alesque
I presume that Hudson is installed from Debian package you provide.

Edit the file /etc/default/hudson and adapt the HUDSON_ARGS accordingly:

HUDSON_ARGS="--httpsPort=8443 --httpsKeyStore=/path/to/keystore.jks --httpsKeyStorePassword=[password]"

Restart Hudson.

/etc/init.d/hudson restart

kohsuke wrote
Out of curiosity and for others in the same situation, how did you
configure Winstone to do this?

2008/7/1 alesque <agarino@hotmail.com>:
>
> Hi,
>
> When Winstone runs in HTTP mode, Hudson is not aware that the Apache Reverse
> Proxy handles connection through https. So Hudson sends redirects with
> http:// scheme instead of https://.
>
> I set SSL up in Winstone and now everything works like a charm.
>
> Regards,
> Alexandre
>
>
> kohsuke wrote:
>>
>>
>> I think first we need to differenciate whether this is a browser
>> JavaScript problem or the apache problem.
>>
>> Please try the scripting console (http://server/hudson/script) and try
>> typing something like
>>
>>     print "abc";
>>
>> and click run. If this runs successfully, I suspect the issue is a
>> browser issue and not your apache configuration.
>>
>> Another useful test is try to hit port 8080 directly via HTTP and see if
>> that's working.
>>
>> Let me know those two results and we can narrow down the possibilities.
>>
>> alesque wrote:
>>> I'm currently trying to expose an Hudson instance behind an Apache
>>> Reverse
>>> Proxy w/ SSL.
>>>
>>> The Apache conf:
>>>
>>> <VirtualHost *:443>
>>>
>>>         ServerName build.domain.tld
>>>         ServerAdmin it@domain.tld
>>>
>>>         ProxyPass / http://127.0.0.1:8080/
>>>         ProxyPassReverse / http://127.0.0.1:8080/
>>>         ProxyPreserveHost on
>>>
>>>         SSLEngine on
>>>         SSLCertificateFile /etc/ssl/private/wildcard_cert.cert
>>>         SSLCertificateKeyFile /etc/ssl/private/wildcard_key.pem
>>>         SSLOptions StrictRequire
>>>         SSLProtocol all -SSLv2
>>>
>>>         ErrorLog /var/log/apache2/error.log
>>>         CustomLog /var/log/apache2/access.log combined
>>>
>>> </VirtualHost>
>>>
>>> Hudson is running with Winstone:
>>>
>>> /usr/bin/java -Xmx256m -jar /usr/local/hudson/hudson.war
>>>
>>> I modified the Hudson URL through the Manage Hudson / Configure System
>>> accordingly (e.g. https://build.domain.tld/). When I click Save I get an
>>> error :
>>>
>>> Response Headers:
>>> -----------------
>>> Date: Thu, 26 Jun 2008 09:06:43 GMT
>>> Server: Winstone Servlet Engine v0.9.10
>>> Location: http://build.domain.tld/
>>> Content-Length: 0
>>> X-Powered-By: Servlet/2.5 (Winstone/0.9.10)
>>> Via: 1.1 build.olympefoundation.org
>>> Content-Type: text/plain
>>> Keep-Alive: timeout=5, max=92
>>> Connection: Keep-Alive
>>>
>>> Response Body:
>>> --------------
>>> <html><head><title>Error 400</title></head><body
>>> bgcolor="#ffffff">

Status Code: 400

Exception
>>> : This page expects a form submission<br>Stacktrace: <pre>(none)
>>> </pre><br><hr size="1" width="90%">Generated by Winstone Servlet Engine
>>> v0.9.10 at Thu Jun 26 11:06
>>> :48 CEST 2008</body></html>
>>>
>>> Exception:
>>> ----------
>>> [webapp 2008/06/26 09:23:33] - Error while serving
>>> http://build.domain.tldnull java.lang.reflect.InvocationTargetException
>>>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>         at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>         at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>         at java.lang.reflect.Method.invoke(Method.java:597)
>>>         at
>>> org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:103)
>>>         at org.kohsuke.stapler.Function.bindAndinvoke(Function.java:57)
>>>         at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:75)
>>>         at
>>> org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
>>>         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:440)
>>>         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:361)
>>>         at org.kohsuke.stapler.Stapler.service(Stapler.java:121)
>>>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
>>>         at
>>> winstone.ServletConfiguration.execute(ServletConfiguration.java:249)
>>>         at winstone.RequestDispatcher.forward(RequestDispatcher.java:335)
>>>         at
>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378)
>>>         at
>>> hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:38)
>>>         at
>>> hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:30)
>>>         at
>>> winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
>>>         at
>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
>>>         at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:88)
>>>         at
>>> winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
>>>         at
>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
>>>         at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
>>>         at
>>> winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
>>>         at
>>> winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
>>>         at java.lang.Thread.run(Thread.java:619)
>>> Caused by: java.lang.Error: This page expects a form submission
>>>         at hudson.StructuredForm.get(StructuredForm.java:28)
>>>         at hudson.model.Hudson.doConfigSubmit(Hudson.java:1466)
>>>         ... 26 more
>>>
>>>
>>> The Location value references an http location instead of https.
>>>
>>> If a go back to the home of Hudson everything seems working until I click
>>> on
>>> an URL sending a 302 HTTP status with a malformed Location in the
>>> response
>>> headers.
>>>
>>>
>>> Any help would be appreciated,
>>>
>>> Regards,
>>> Alexandre
>>
>>
>> --
>> Kohsuke Kawaguchi
>> Sun Microsystems                   kohsuke.kawaguchi@sun.com
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/Hudson-behind-an-Apache-Reverse-Proxy-w--SSL-tp18132618p18210874.html
> Sent from the Hudson users mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@hudson.dev.java.net
> For additional commands, e-mail: users-help@hudson.dev.java.net
>
>



--
Kohsuke Kawaguchi

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@hudson.dev.java.net
For additional commands, e-mail: users-help@hudson.dev.java.net
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Hudson behind an Apache Reverse Proxy w/ SSL

Kohsuke Kawaguchi
Administrator
alesque wrote:

> I presume that Hudson is installed from Debian package you provide.
>
> Edit the file /etc/default/hudson and adapt the HUDSON_ARGS accordingly:
>
> HUDSON_ARGS="--httpsPort=8443 --httpsKeyStore=/path/to/keystore.jks
> --httpsKeyStorePassword=[password]"
>
> Restart Hudson.
>
> /etc/init.d/hudson restart
Hmm, so I guess you don't terminate HTTPS at Apache in this set up,
then. HTTPS is terminated by Winstone in this case. Is that right?

If so, your reverse http proxy forwards to https://127.0.0.1:8443/ 
instead of http://127.0.0.1:8080/ ?

>
>
> kohsuke wrote:
>>
>> Out of curiosity and for others in the same situation, how did you
>> configure Winstone to do this?
>>
>> 2008/7/1 alesque <[hidden email]>:
>>>
>>> Hi,
>>>
>>> When Winstone runs in HTTP mode, Hudson is not aware that the Apache
>>> Reverse
>>> Proxy handles connection through https. So Hudson sends redirects with
>>> http:// scheme instead of https://.
>>>
>>> I set SSL up in Winstone and now everything works like a charm.
>>>
>>> Regards,
>>> Alexandre
>>>
>>>
>>> kohsuke wrote:
>>>>
>>>>
>>>> I think first we need to differenciate whether this is a browser
>>>> JavaScript problem or the apache problem.
>>>>
>>>> Please try the scripting console (http://server/hudson/script) and try
>>>> typing something like
>>>>
>>>>     print "abc";
>>>>
>>>> and click run. If this runs successfully, I suspect the issue is a
>>>> browser issue and not your apache configuration.
>>>>
>>>> Another useful test is try to hit port 8080 directly via HTTP and see if
>>>> that's working.
>>>>
>>>> Let me know those two results and we can narrow down the possibilities.
>>>>
>>>> alesque wrote:
>>>>> I'm currently trying to expose an Hudson instance behind an Apache
>>>>> Reverse
>>>>> Proxy w/ SSL.
>>>>>
>>>>> The Apache conf:
>>>>>
>>>>> <VirtualHost *:443>
>>>>>
>>>>>         ServerName build.domain.tld
>>>>>         ServerAdmin [hidden email]
>>>>>
>>>>>         ProxyPass / http://127.0.0.1:8080/
>>>>>         ProxyPassReverse / http://127.0.0.1:8080/
>>>>>         ProxyPreserveHost on
>>>>>
>>>>>         SSLEngine on
>>>>>         SSLCertificateFile /etc/ssl/private/wildcard_cert.cert
>>>>>         SSLCertificateKeyFile /etc/ssl/private/wildcard_key.pem
>>>>>         SSLOptions StrictRequire
>>>>>         SSLProtocol all -SSLv2
>>>>>
>>>>>         ErrorLog /var/log/apache2/error.log
>>>>>         CustomLog /var/log/apache2/access.log combined
>>>>>
>>>>> </VirtualHost>
>>>>>
>>>>> Hudson is running with Winstone:
>>>>>
>>>>> /usr/bin/java -Xmx256m -jar /usr/local/hudson/hudson.war
>>>>>
>>>>> I modified the Hudson URL through the Manage Hudson / Configure System
>>>>> accordingly (e.g. https://build.domain.tld/). When I click Save I get
>>>>> an
>>>>> error :
>>>>>
>>>>> Response Headers:
>>>>> -----------------
>>>>> Date: Thu, 26 Jun 2008 09:06:43 GMT
>>>>> Server: Winstone Servlet Engine v0.9.10
>>>>> Location: http://build.domain.tld/
>>>>> Content-Length: 0
>>>>> X-Powered-By: Servlet/2.5 (Winstone/0.9.10)
>>>>> Via: 1.1 build.olympefoundation.org
>>>>> Content-Type: text/plain
>>>>> Keep-Alive: timeout=5, max=92
>>>>> Connection: Keep-Alive
>>>>>
>>>>> Response Body:
>>>>> --------------
>>>>> <html><head><title>Error 400</title></head><body
>>>>> bgcolor="#ffffff"><h1>Status Code: 400</h1>Exception
>>>>> : This page expects a form submission<br>Stacktrace: <pre>(none)
>>>>> </pre><br><hr size="1" width="90%">Generated by Winstone Servlet Engine
>>>>> v0.9.10 at Thu Jun 26 11:06
>>>>> :48 CEST 2008</body></html>
>>>>>
>>>>> Exception:
>>>>> ----------
>>>>> [webapp 2008/06/26 09:23:33] - Error while serving
>>>>> http://build.domain.tldnull java.lang.reflect.InvocationTargetException
>>>>>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>         at
>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>         at
>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>         at java.lang.reflect.Method.invoke(Method.java:597)
>>>>>         at
>>>>> org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:103)
>>>>>         at org.kohsuke.stapler.Function.bindAndinvoke(Function.java:57)
>>>>>         at
>>>>> org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:75)
>>>>>         at
>>>>> org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
>>>>>         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:440)
>>>>>         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:361)
>>>>>         at org.kohsuke.stapler.Stapler.service(Stapler.java:121)
>>>>>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
>>>>>         at
>>>>> winstone.ServletConfiguration.execute(ServletConfiguration.java:249)
>>>>>         at
>>>>> winstone.RequestDispatcher.forward(RequestDispatcher.java:335)
>>>>>         at
>>>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378)
>>>>>         at
>>>>> hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:38)
>>>>>         at
>>>>> hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:30)
>>>>>         at
>>>>> winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
>>>>>         at
>>>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
>>>>>         at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:88)
>>>>>         at
>>>>> winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
>>>>>         at
>>>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
>>>>>         at
>>>>> winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
>>>>>         at
>>>>> winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
>>>>>         at
>>>>> winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
>>>>>         at java.lang.Thread.run(Thread.java:619)
>>>>> Caused by: java.lang.Error: This page expects a form submission
>>>>>         at hudson.StructuredForm.get(StructuredForm.java:28)
>>>>>         at hudson.model.Hudson.doConfigSubmit(Hudson.java:1466)
>>>>>         ... 26 more
>>>>>
>>>>>
>>>>> The Location value references an http location instead of https.
>>>>>
>>>>> If a go back to the home of Hudson everything seems working until I
>>>>> click
>>>>> on
>>>>> an URL sending a 302 HTTP status with a malformed Location in the
>>>>> response
>>>>> headers.
>>>>>
>>>>>
>>>>> Any help would be appreciated,
>>>>>
>>>>> Regards,
>>>>> Alexandre
>>>>
>>>>
>>>> --
>>>> Kohsuke Kawaguchi
>>>> Sun Microsystems                   [hidden email]
>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Hudson-behind-an-Apache-Reverse-Proxy-w--SSL-tp18132618p18210874.html
>>> Sent from the Hudson users mailing list archive at Nabble.com.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [hidden email]
>>> For additional commands, e-mail: [hidden email]
>>>
>>>
>>
>>
>>
>> --
>> Kohsuke Kawaguchi
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>>
>

--
Kohsuke Kawaguchi
Sun Microsystems                   [hidden email]

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Hudson behind an Apache Reverse Proxy w/ SSL

Alesque
Indeed I changed the reverse proxy conf in Apache to:

<VirtualHost *:443>

        ServerName build.domain.tld
        ServerAdmin it@domain.tld

        SSLProxyEngine On
        ProxyPreserveHost on
        ProxyPass / https://127.0.0.1:8443/
        ProxyPassReverse / https://127.0.0.1:8443/

        SSLEngine on
        SSLCertificateFile /path/to/wildcard_cert.cert
        SSLCertificateKeyFile /path/to/wildcard_key.pem
        SSLOptions StrictRequire
        SSLProtocol all -SSLv2

        [...]

</VirtualHost>

kohsuke wrote
alesque wrote:
> I presume that Hudson is installed from Debian package you provide.
>
> Edit the file /etc/default/hudson and adapt the HUDSON_ARGS accordingly:
>
> HUDSON_ARGS="--httpsPort=8443 --httpsKeyStore=/path/to/keystore.jks
> --httpsKeyStorePassword=[password]"
>
> Restart Hudson.
>
> /etc/init.d/hudson restart

Hmm, so I guess you don't terminate HTTPS at Apache in this set up,
then. HTTPS is terminated by Winstone in this case. Is that right?

If so, your reverse http proxy forwards to https://127.0.0.1:8443/ 
instead of http://127.0.0.1:8080/ ?

>
>
> kohsuke wrote:
>>
>> Out of curiosity and for others in the same situation, how did you
>> configure Winstone to do this?
>>
>> 2008/7/1 alesque <agarino@hotmail.com>:
>>>
>>> Hi,
>>>
>>> When Winstone runs in HTTP mode, Hudson is not aware that the Apache
>>> Reverse
>>> Proxy handles connection through https. So Hudson sends redirects with
>>> http:// scheme instead of https://.
>>>
>>> I set SSL up in Winstone and now everything works like a charm.
>>>
>>> Regards,
>>> Alexandre
>>>
>>>
>>> kohsuke wrote:
>>>>
>>>>
>>>> I think first we need to differenciate whether this is a browser
>>>> JavaScript problem or the apache problem.
>>>>
>>>> Please try the scripting console (http://server/hudson/script) and try
>>>> typing something like
>>>>
>>>>     print "abc";
>>>>
>>>> and click run. If this runs successfully, I suspect the issue is a
>>>> browser issue and not your apache configuration.
>>>>
>>>> Another useful test is try to hit port 8080 directly via HTTP and see if
>>>> that's working.
>>>>
>>>> Let me know those two results and we can narrow down the possibilities.
>>>>
>>>> alesque wrote:
>>>>> I'm currently trying to expose an Hudson instance behind an Apache
>>>>> Reverse
>>>>> Proxy w/ SSL.
>>>>>
>>>>> The Apache conf:
>>>>>
>>>>> <VirtualHost *:443>
>>>>>
>>>>>         ServerName build.domain.tld
>>>>>         ServerAdmin it@domain.tld
>>>>>
>>>>>         ProxyPass / http://127.0.0.1:8080/
>>>>>         ProxyPassReverse / http://127.0.0.1:8080/
>>>>>         ProxyPreserveHost on
>>>>>
>>>>>         SSLEngine on
>>>>>         SSLCertificateFile /etc/ssl/private/wildcard_cert.cert
>>>>>         SSLCertificateKeyFile /etc/ssl/private/wildcard_key.pem
>>>>>         SSLOptions StrictRequire
>>>>>         SSLProtocol all -SSLv2
>>>>>
>>>>>         ErrorLog /var/log/apache2/error.log
>>>>>         CustomLog /var/log/apache2/access.log combined
>>>>>
>>>>> </VirtualHost>
>>>>>
>>>>> Hudson is running with Winstone:
>>>>>
>>>>> /usr/bin/java -Xmx256m -jar /usr/local/hudson/hudson.war
>>>>>
>>>>> I modified the Hudson URL through the Manage Hudson / Configure System
>>>>> accordingly (e.g. https://build.domain.tld/). When I click Save I get
>>>>> an
>>>>> error :
>>>>>
>>>>> Response Headers:
>>>>> -----------------
>>>>> Date: Thu, 26 Jun 2008 09:06:43 GMT
>>>>> Server: Winstone Servlet Engine v0.9.10
>>>>> Location: http://build.domain.tld/
>>>>> Content-Length: 0
>>>>> X-Powered-By: Servlet/2.5 (Winstone/0.9.10)
>>>>> Via: 1.1 build.olympefoundation.org
>>>>> Content-Type: text/plain
>>>>> Keep-Alive: timeout=5, max=92
>>>>> Connection: Keep-Alive
>>>>>
>>>>> Response Body:
>>>>> --------------
>>>>> <html><head><title>Error 400</title></head><body
>>>>> bgcolor="#ffffff">

Status Code: 400

Exception
>>>>> : This page expects a form submission<br>Stacktrace: <pre>(none)
>>>>> </pre><br><hr size="1" width="90%">Generated by Winstone Servlet Engine
>>>>> v0.9.10 at Thu Jun 26 11:06
>>>>> :48 CEST 2008</body></html>
>>>>>
>>>>> Exception:
>>>>> ----------
>>>>> [webapp 2008/06/26 09:23:33] - Error while serving
>>>>> http://build.domain.tldnull java.lang.reflect.InvocationTargetException
>>>>>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>         at
>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>         at
>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>         at java.lang.reflect.Method.invoke(Method.java:597)
>>>>>         at
>>>>> org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:103)
>>>>>         at org.kohsuke.stapler.Function.bindAndinvoke(Function.java:57)
>>>>>         at
>>>>> org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:75)
>>>>>         at
>>>>> org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
>>>>>         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:440)
>>>>>         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:361)
>>>>>         at org.kohsuke.stapler.Stapler.service(Stapler.java:121)
>>>>>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
>>>>>         at
>>>>> winstone.ServletConfiguration.execute(ServletConfiguration.java:249)
>>>>>         at
>>>>> winstone.RequestDispatcher.forward(RequestDispatcher.java:335)
>>>>>         at
>>>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378)
>>>>>         at
>>>>> hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:38)
>>>>>         at
>>>>> hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:30)
>>>>>         at
>>>>> winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
>>>>>         at
>>>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
>>>>>         at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:88)
>>>>>         at
>>>>> winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
>>>>>         at
>>>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
>>>>>         at
>>>>> winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
>>>>>         at
>>>>> winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
>>>>>         at
>>>>> winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
>>>>>         at java.lang.Thread.run(Thread.java:619)
>>>>> Caused by: java.lang.Error: This page expects a form submission
>>>>>         at hudson.StructuredForm.get(StructuredForm.java:28)
>>>>>         at hudson.model.Hudson.doConfigSubmit(Hudson.java:1466)
>>>>>         ... 26 more
>>>>>
>>>>>
>>>>> The Location value references an http location instead of https.
>>>>>
>>>>> If a go back to the home of Hudson everything seems working until I
>>>>> click
>>>>> on
>>>>> an URL sending a 302 HTTP status with a malformed Location in the
>>>>> response
>>>>> headers.
>>>>>
>>>>>
>>>>> Any help would be appreciated,
>>>>>
>>>>> Regards,
>>>>> Alexandre
>>>>
>>>>
>>>> --
>>>> Kohsuke Kawaguchi
>>>> Sun Microsystems                   kohsuke.kawaguchi@sun.com
>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Hudson-behind-an-Apache-Reverse-Proxy-w--SSL-tp18132618p18210874.html
>>> Sent from the Hudson users mailing list archive at Nabble.com.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@hudson.dev.java.net
>>> For additional commands, e-mail: users-help@hudson.dev.java.net
>>>
>>>
>>
>>
>>
>> --
>> Kohsuke Kawaguchi
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@hudson.dev.java.net
>> For additional commands, e-mail: users-help@hudson.dev.java.net
>>
>>
>>
>


--
Kohsuke Kawaguchi
Sun Microsystems                   kohsuke.kawaguchi@sun.com

 
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Hudson behind an Apache Reverse Proxy w/ SSL

Kohsuke Kawaguchi
Administrator

I updated
http://hudson.gotdns.com/wiki/display/HUDSON/Running+Hudson+behind+Apache 
to point back to this e-mail thread.

alesque wrote:

> Indeed I changed the reverse proxy conf in Apache to:
>
> <VirtualHost *:443>
>
>         ServerName build.domain.tld
>         ServerAdmin [hidden email]
>
>         SSLProxyEngine On
>         ProxyPreserveHost on
>         ProxyPass / https://127.0.0.1:8443/
>         ProxyPassReverse / https://127.0.0.1:8443/
>
>         SSLEngine on
>         SSLCertificateFile /path/to/wildcard_cert.cert
>         SSLCertificateKeyFile /path/to/wildcard_key.pem
>         SSLOptions StrictRequire
>         SSLProtocol all -SSLv2
>
>         [...]
>
> </VirtualHost>
>
>
> kohsuke wrote:
>>
>> alesque wrote:
>>> I presume that Hudson is installed from Debian package you provide.
>>>
>>> Edit the file /etc/default/hudson and adapt the HUDSON_ARGS accordingly:
>>>
>>> HUDSON_ARGS="--httpsPort=8443 --httpsKeyStore=/path/to/keystore.jks
>>> --httpsKeyStorePassword=[password]"
>>>
>>> Restart Hudson.
>>>
>>> /etc/init.d/hudson restart
>>
>> Hmm, so I guess you don't terminate HTTPS at Apache in this set up,
>> then. HTTPS is terminated by Winstone in this case. Is that right?
>>
>> If so, your reverse http proxy forwards to https://127.0.0.1:8443/ 
>> instead of http://127.0.0.1:8080/ ?
>>
>>>
>>>
>>> kohsuke wrote:
>>>>
>>>> Out of curiosity and for others in the same situation, how did you
>>>> configure Winstone to do this?
>>>>
>>>> 2008/7/1 alesque <[hidden email]>:
>>>>>
>>>>> Hi,
>>>>>
>>>>> When Winstone runs in HTTP mode, Hudson is not aware that the Apache
>>>>> Reverse
>>>>> Proxy handles connection through https. So Hudson sends redirects with
>>>>> http:// scheme instead of https://.
>>>>>
>>>>> I set SSL up in Winstone and now everything works like a charm.
>>>>>
>>>>> Regards,
>>>>> Alexandre
>>>>>
>>>>>
>>>>> kohsuke wrote:
>>>>>>
>>>>>>
>>>>>> I think first we need to differenciate whether this is a browser
>>>>>> JavaScript problem or the apache problem.
>>>>>>
>>>>>> Please try the scripting console (http://server/hudson/script) and try
>>>>>> typing something like
>>>>>>
>>>>>>     print "abc";
>>>>>>
>>>>>> and click run. If this runs successfully, I suspect the issue is a
>>>>>> browser issue and not your apache configuration.
>>>>>>
>>>>>> Another useful test is try to hit port 8080 directly via HTTP and see
>>>>>> if
>>>>>> that's working.
>>>>>>
>>>>>> Let me know those two results and we can narrow down the
>>>>>> possibilities.
>>>>>>
>>>>>> alesque wrote:
>>>>>>> I'm currently trying to expose an Hudson instance behind an Apache
>>>>>>> Reverse
>>>>>>> Proxy w/ SSL.
>>>>>>>
>>>>>>> The Apache conf:
>>>>>>>
>>>>>>> <VirtualHost *:443>
>>>>>>>
>>>>>>>         ServerName build.domain.tld
>>>>>>>         ServerAdmin [hidden email]
>>>>>>>
>>>>>>>         ProxyPass / http://127.0.0.1:8080/
>>>>>>>         ProxyPassReverse / http://127.0.0.1:8080/
>>>>>>>         ProxyPreserveHost on
>>>>>>>
>>>>>>>         SSLEngine on
>>>>>>>         SSLCertificateFile /etc/ssl/private/wildcard_cert.cert
>>>>>>>         SSLCertificateKeyFile /etc/ssl/private/wildcard_key.pem
>>>>>>>         SSLOptions StrictRequire
>>>>>>>         SSLProtocol all -SSLv2
>>>>>>>
>>>>>>>         ErrorLog /var/log/apache2/error.log
>>>>>>>         CustomLog /var/log/apache2/access.log combined
>>>>>>>
>>>>>>> </VirtualHost>
>>>>>>>
>>>>>>> Hudson is running with Winstone:
>>>>>>>
>>>>>>> /usr/bin/java -Xmx256m -jar /usr/local/hudson/hudson.war
>>>>>>>
>>>>>>> I modified the Hudson URL through the Manage Hudson / Configure
>>>>>>> System
>>>>>>> accordingly (e.g. https://build.domain.tld/). When I click Save I get
>>>>>>> an
>>>>>>> error :
>>>>>>>
>>>>>>> Response Headers:
>>>>>>> -----------------
>>>>>>> Date: Thu, 26 Jun 2008 09:06:43 GMT
>>>>>>> Server: Winstone Servlet Engine v0.9.10
>>>>>>> Location: http://build.domain.tld/
>>>>>>> Content-Length: 0
>>>>>>> X-Powered-By: Servlet/2.5 (Winstone/0.9.10)
>>>>>>> Via: 1.1 build.olympefoundation.org
>>>>>>> Content-Type: text/plain
>>>>>>> Keep-Alive: timeout=5, max=92
>>>>>>> Connection: Keep-Alive
>>>>>>>
>>>>>>> Response Body:
>>>>>>> --------------
>>>>>>> <html><head><title>Error 400</title></head><body
>>>>>>> bgcolor="#ffffff"><h1>Status Code: 400</h1>Exception
>>>>>>> : This page expects a form submission<br>Stacktrace: <pre>(none)
>>>>>>> </pre><br><hr size="1" width="90%">Generated by Winstone Servlet
>>>>>>> Engine
>>>>>>> v0.9.10 at Thu Jun 26 11:06
>>>>>>> :48 CEST 2008</body></html>
>>>>>>>
>>>>>>> Exception:
>>>>>>> ----------
>>>>>>> [webapp 2008/06/26 09:23:33] - Error while serving
>>>>>>> http://build.domain.tldnull
>>>>>>> java.lang.reflect.InvocationTargetException
>>>>>>>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>>>>> Method)
>>>>>>>         at
>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>>>         at
>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>>>         at java.lang.reflect.Method.invoke(Method.java:597)
>>>>>>>         at
>>>>>>> org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:103)
>>>>>>>         at
>>>>>>> org.kohsuke.stapler.Function.bindAndinvoke(Function.java:57)
>>>>>>>         at
>>>>>>> org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:75)
>>>>>>>         at
>>>>>>> org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
>>>>>>>         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:440)
>>>>>>>         at org.kohsuke.stapler.Stapler.invoke(Stapler.java:361)
>>>>>>>         at org.kohsuke.stapler.Stapler.service(Stapler.java:121)
>>>>>>>         at
>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
>>>>>>>         at
>>>>>>> winstone.ServletConfiguration.execute(ServletConfiguration.java:249)
>>>>>>>         at
>>>>>>> winstone.RequestDispatcher.forward(RequestDispatcher.java:335)
>>>>>>>         at
>>>>>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378)
>>>>>>>         at
>>>>>>> hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:38)
>>>>>>>         at
>>>>>>> hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:30)
>>>>>>>         at
>>>>>>> winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
>>>>>>>         at
>>>>>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
>>>>>>>         at
>>>>>>> hudson.security.HudsonFilter.doFilter(HudsonFilter.java:88)
>>>>>>>         at
>>>>>>> winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
>>>>>>>         at
>>>>>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
>>>>>>>         at
>>>>>>> winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
>>>>>>>         at
>>>>>>> winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
>>>>>>>         at
>>>>>>> winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
>>>>>>>         at java.lang.Thread.run(Thread.java:619)
>>>>>>> Caused by: java.lang.Error: This page expects a form submission
>>>>>>>         at hudson.StructuredForm.get(StructuredForm.java:28)
>>>>>>>         at hudson.model.Hudson.doConfigSubmit(Hudson.java:1466)
>>>>>>>         ... 26 more
>>>>>>>
>>>>>>>
>>>>>>> The Location value references an http location instead of https.
>>>>>>>
>>>>>>> If a go back to the home of Hudson everything seems working until I
>>>>>>> click
>>>>>>> on
>>>>>>> an URL sending a 302 HTTP status with a malformed Location in the
>>>>>>> response
>>>>>>> headers.
>>>>>>>
>>>>>>>
>>>>>>> Any help would be appreciated,
>>>>>>>
>>>>>>> Regards,
>>>>>>> Alexandre
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Kohsuke Kawaguchi
>>>>>> Sun Microsystems                   [hidden email]
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://www.nabble.com/Hudson-behind-an-Apache-Reverse-Proxy-w--SSL-tp18132618p18210874.html
>>>>> Sent from the Hudson users mailing list archive at Nabble.com.
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: [hidden email]
>>>>> For additional commands, e-mail: [hidden email]
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Kohsuke Kawaguchi
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: [hidden email]
>>>> For additional commands, e-mail: [hidden email]
>>>>
>>>>
>>>>
>>>
>>
>>
>> --
>> Kohsuke Kawaguchi
>> Sun Microsystems                   [hidden email]
>>
>>  
>>
>

--
Kohsuke Kawaguchi
Sun Microsystems                   [hidden email]

smime.p7s (4K) Download Attachment
Loading...