Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Note that the cli seems to be broken with apache reverse proxies with jenkins 2.54

...

But it may also work fine to just use simple forwarding as above (the first HTTPS snippet), and add

No Format

RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"

...

The collection of snippets above simply don't work out of the box (July 2014), here is a full Apache-oriented "sites-enabled" file (ex: "sites-enabled/example") for a dedicated Jenkins host, combining the ideas from snippets #1 and #3. This was formulated on the TurnKeyLinux Jenkins appliance (v 13.0), after having updated Jenkins to "1.572". TODO (if anyone understands how to do so): Define a more selective path for the <Proxy *> tag, instead of *; I currently have the impression that the <Proxy> section is not even needed.

No Format

NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
    ServerAdmin  webmaster@localhost
    Redirect permanent / https://www.example.com/
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/cert.pem
    ServerAdmin  webmaster@localhost
    ProxyRequests     Off
    ProxyPreserveHost On
    AllowEncodedSlashes NoDecode
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    ProxyPass         /  http://localhost:8080/ nocanon
    ProxyPassReverse  /  http://localhost:8080/
    ProxyPassReverse  /  http://www.example.com/
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Port "443"
</VirtualHost>

...

More info welcome. Probably we should move the contents from here

I wanted to have Jenkins running in a different workspace than my normal Tomcat server, but both available via the Apache web server. So, first up, modify Jenkins to use a different web and ajp port than Tomcat:

No Format
HTTP_PORT=9080
AJP_PORT=9009
...
nohup java -jar "$WAR" --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT --prefix=/jenkins >> "$LOG" 2>&1 &

...

2. Enable mod_proxy_ajp in Apache:

No Format

# a2enmod proxy_ajp

3. Include the following snippet in your SSL-enabled VirtualHost:

...

Try https://index.docker.io/u/jglick/jenkins-demo-reverse-proxy/ to see if your plugin works behind an Apache reverse proxy.

Proxying CLI commands using the HTTP(S) transport with Jenkins >= 2.54

Using the plain CLI protocol with the HTTP(S) transport to access Jenkins >= 2.54 through an Apache reverse proxy does not work. (See

Jira
serverJenkins JIRA
serverIddd058dce-0c66-3b77-8b09-71b1d7728747
keyJENKINS-47279
, and update it if you have settings that do work!) As a workaround, you can use the CLI over SSH.