英文:
Jenkins + Apache with mod_proxy
问题
我有一个运行中的AWS EC2实例,只有端口22和443作为入站安全规则。
Jenkins配置
在文件-->> /etc/default/jenkins
HTTP_PORT=8080
NAME=jenkins
JENKINS_ARGS=" --webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1 --prefix=/jenkins"
Apache配置
ServerAdmin email@domain
ServerName subdomain.domain.dev
ServerAlias www.subdomain.domain.dev
DocumentRoot /var/www/subdomain.domain.dev
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPass /jenkins http://127.0.0.1:8080/jenkins nocanon
ProxyPassReverse /jenkins http://127.0.0.1:8080/jenkins
ProxyPassReverse /jenkins http://subdomain.domain.dev/jenkins
ProxyPassReverse /jenkins https://subdomain.domain.dev/jenkins
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
<Proxy http://127.0.0.1:8080/jenkins*>
Order deny,allow
Allow from all
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/subdomain.domain.dev/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/subdomain.domain.dev/privkey.pem
ports.conf
Listen 80
Listen 443
Listen 443
使用以上配置,当我尝试访问https://subdomain.domain.dev/jenkins时,出现403错误,然后重定向到https://subdomain.domain.dev/login?from=%2Fjenkins,其中出现404错误。
Apache访问日志
162.158.227.119 - - [20/May/2023:17:09:38 +0000] "GET /jenkins HTTP/1.1" 403 5890 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"
162.158.227.119 - - [20/May/2023:17:09:39 +0000] "GET /login?from=%2Fjenkins HTTP/1.1" 404 525 "https://subdomain.domain.dev/jenkins" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"
在/var/log/apache2/error.log中没有错误记录。
运行sudo apache2ctl -t -D DUMP_VHOSTS给出以下输出
VirtualHost配置:
*:443 subdomain.domain.dev (/etc/apache2/sites-enabled/subdomain.domain.dev-le-ssl.conf:2)
我使用Cloudflare的Full Strict SSL/TLS,并使用letsencrypt生成SSL证书。
OpenSSL版本OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
英文:
I have an AWS EC2 instance running, with only port 22 and 443 as inbound security rules.
Jenkins Configuration
in file -->> /etc/default/jenkins
HTTP_PORT=8080
NAME=jenkins
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1 --prefix=/jenkins"
Apache Configuration
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin email@domain
ServerName subdomain.domain.dev
ServerAlias www.subdomain.domain.dev
DocumentRoot /var/www/subdomain.domain.dev
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPass /jenkins http://127.0.0.1:8080/jenkins nocanon
ProxyPassReverse /jenkins http://127.0.0.1:8080/jenkins
ProxyPassReverse /jenkins http://subdomain.domain.dev/jenkins
ProxyPassReverse /jenkins https://subdomain.domain.dev/jenkins
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
<Proxy http://127.0.0.1:8080/jenkins*>
Order deny,allow
Allow from all
</Proxy>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/subdomain.domain.dev/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/subdomain.domain.dev/privkey.pem
</VirtualHost>
</IfModule>
ports.conf
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
With the above configurations, when I try to go to https://subdomain.domain.dev/jenkins it gives a 403 and then redirects to https://subdomain.domain.dev/login?from=%2Fjenkins where it gives a 404 error.
Apache Access Logs
162.158.227.119 - - [20/May/2023:17:09:38 +0000] "GET /jenkins HTTP/1.1" 403 5890 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"
162.158.227.119 - - [20/May/2023:17:09:39 +0000] "GET /login?from=%2Fjenkins HTTP/1.1" 404 525 "https://subdomain.domain.dev/jenkins" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"
There are no errors being logged in /var/log/apache2/error.log
Running sudo apache2ctl -t -D DUMP_VHOSTS gives the following output
VirtualHost configuration:
*:443 subdomain.domain.dev (/etc/apache2/sites-enabled/subdomain.domain.dev-le-ssl.conf:2)
Also, I am using Cloudflare with Full Strict SSL/TLS and used letsencrypt to generate the SSL Certificate.
OpenSSL Version OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
Adding screenshot of the redirect from the browser
Resources
答案1
得分: 0
我首先停止了apache,然后执行了sudo apt remove --purge jenkins。之后,重新安装了Jenkins并更新了/etc/default/jenkins文件的正确前缀和httpListenAddress,它是127.0.0.1。然后,在重新启动实例后,我成功地启动了Jenkins。至今为止,我已经运行和配置了Jenkins将近一天,没有发现任何问题。无论如何,我并不确定我是否真正解决了任何问题。如果有人知道这个问题的根本原因,请告诉我。
英文:
So, I was able to get this working, though I am not sure if this was the actual solution or just a coincidence.
I first stopped apache, then did a sudo apt remove --purge jenkins.
After that, reinstalled Jenkins and updated the /etc/default/jenkins file with the correct prefix and the httpListenAddress which was 127.0.0.1.
Then after a reboot of the instance itself, I was able to get Jenkins up and running. Have been running and configuring Jenkins for almost a day now, no issues found thus far.
In any case, I am not satisfied that I have actually solved anything. If anyone knows the root cause of this, please let me know.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论