Jenkins reverse proxy (Apache) with SSL

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Jenkins reverse proxy (Apache) with SSL

Ashish Yadav

I am running Jenkins on Centos 7 behind a reverse proxy with ssl certs.  I want Apache to handle the ssl certs. User -> HTTPS -> Apache -> HTTP -> Jenkins application. Here is what my configuration looks like.

 

RewriteEngine On

RewriteCond %{HTTPS} !on

RewriteRule /.* https://<hostname>$0 [R=301,L]

 

<VirtualHost *: 443>

    ErrorLog logs/ssl_error_log

    TransferLog logs/ssl_access_log

    LogLevel warn

    SSLCertificateFile /etc/pki/tls/certs/localhost.crt

    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

    SSLCertificateChainFile /etc/pki/tls/certs/localhost.crt

 

    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

    RequestHeader set X-Forwarded-Proto https

    RequestHeader set X-Forwarded-Port "443"

 

    ProxyRequests Off

    ProxyPass / http://localhost:8080/ nocanon

    ProxyPassReverse / http://localhost:8080/

    AllowEncodedSlashes NoDecode

</VirtualHost>

 

 

I can get the following to work:

  1. http://hostname:8080
  2. https://hostname

 

However, the redirect from http://hostname:8080 to https://hostname is not working. I stay at http://hostname:8080

The firewall port (443) is open and the server is listening.

 

What am I missing? J I tried every combination on <a href="https://wiki.jenkins.io/display/JENKINS/Running&#43;Jenkins&#43;behind&#43;Apache">https://wiki.jenkins.io/display/JENKINS/Running+Jenkins+behind+Apache but I can’t get the last http to https redirect to work.

 

Also, after I go straight to the https site and manually remove the ‘s’ in ‘https’, it doesn’t redirect as expected back to https. I get an empty response (no-referrer-when-downgrade).

 

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/3F84EB6D-171E-4498-9249-24EA9FD93049%40firemon.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Jenkins reverse proxy (Apache) with SSL

Ashish Yadav

Any ideas? J

 

 

From: <[hidden email]> on behalf of Ashish Yadav <[hidden email]>
Reply-To: "[hidden email]" <[hidden email]>
Date: Thursday, January 25, 2018 at 7:34 PM
To: "[hidden email]" <[hidden email]>
Subject: Jenkins reverse proxy (Apache) with SSL

 

I am running Jenkins on Centos 7 behind a reverse proxy with ssl certs.  I want Apache to handle the ssl certs. User -> HTTPS -> Apache -> HTTP -> Jenkins application. Here is what my configuration looks like.

 

RewriteEngine On

RewriteCond %{HTTPS} !on

RewriteRule /.* https://<hostname>$0 [R=301,L]

 

<VirtualHost *: 443>

    ErrorLog logs/ssl_error_log

    TransferLog logs/ssl_access_log

    LogLevel warn

    SSLCertificateFile /etc/pki/tls/certs/localhost.crt

    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

    SSLCertificateChainFile /etc/pki/tls/certs/localhost.crt

 

    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

    RequestHeader set X-Forwarded-Proto https

    RequestHeader set X-Forwarded-Port "443"

 

    ProxyRequests Off

    ProxyPass / http://localhost:8080/ nocanon

    ProxyPassReverse / http://localhost:8080/

    AllowEncodedSlashes NoDecode

</VirtualHost>

 

 

I can get the following to work:

  1. http://hostname:8080
  2. http://hostname -reditrect to -> http://hostname:8080
  3. https://hostname

 

However, the redirect from http://hostname:8080 to https://hostname is not working. I stay at http://hostname:8080

The firewall port (443) is open and the server is listening.

 

What am I missing? J I tried every combination on <a href="https://wiki.jenkins.io/display/JENKINS/Running&#43;Jenkins&#43;behind&#43;Apache">https://wiki.jenkins.io/display/JENKINS/Running+Jenkins+behind+Apache but I can’t get the last http to https redirect to work.

 

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/3F84EB6D-171E-4498-9249-24EA9FD93049%40firemon.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/1DB04601-50D3-4415-99D7-6F1E8E45D0AC%40firemon.com.
For more options, visit https://groups.google.com/d/optout.