Jenkins + Apache with mod_proxy

huangapple go评论84阅读模式
英文:

Jenkins + Apache with mod_proxy

问题

我有一个运行中的AWS EC2实例,只有端口22和443作为入站安全规则。

Jenkins配置

在文件-->> /etc/default/jenkins
HTTP_PORT=8080
NAME=jenkins
JENKINS_ARGS=" --webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1 --prefix=/jenkins"

Apache配置


ServerAdmin email@domain
ServerName subdomain.domain.dev
ServerAlias www.subdomain.domain.dev

DocumentRoot /var/www/subdomain.domain.dev

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

ProxyPass /jenkins http://127.0.0.1:8080/jenkins nocanon
ProxyPassReverse /jenkins http://127.0.0.1:8080/jenkins
ProxyPassReverse /jenkins http://subdomain.domain.dev/jenkins
ProxyPassReverse /jenkins https://subdomain.domain.dev/jenkins
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode

RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"

<Proxy http://127.0.0.1:8080/jenkins*>
Order deny,allow
Allow from all

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/subdomain.domain.dev/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/subdomain.domain.dev/privkey.pem


ports.conf

Listen 80


Listen 443


Listen 443

使用以上配置,当我尝试访问https://subdomain.domain.dev/jenkins时,出现403错误,然后重定向到https://subdomain.domain.dev/login?from=%2Fjenkins,其中出现404错误。

Apache访问日志

162.158.227.119 - - [20/May/2023:17:09:38 +0000] "GET /jenkins HTTP/1.1" 403 5890 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"
162.158.227.119 - - [20/May/2023:17:09:39 +0000] "GET /login?from=%2Fjenkins HTTP/1.1" 404 525 "https://subdomain.domain.dev/jenkins" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"

/var/log/apache2/error.log中没有错误记录。

运行sudo apache2ctl -t -D DUMP_VHOSTS给出以下输出

VirtualHost配置:
*:443 subdomain.domain.dev (/etc/apache2/sites-enabled/subdomain.domain.dev-le-ssl.conf:2)

我使用Cloudflare的Full Strict SSL/TLS,并使用letsencrypt生成SSL证书。

OpenSSL版本OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

英文:

I have an AWS EC2 instance running, with only port 22 and 443 as inbound security rules.

Jenkins Configuration

in file --&gt;&gt; /etc/default/jenkins
HTTP_PORT=8080
NAME=jenkins
JENKINS_ARGS=&quot;--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1 --prefix=/jenkins&quot;

Apache Configuration

&lt;IfModule mod_ssl.c&gt;
    &lt;VirtualHost *:443&gt;

            ServerAdmin email@domain
            ServerName subdomain.domain.dev
            ServerAlias www.subdomain.domain.dev

            DocumentRoot /var/www/subdomain.domain.dev

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined

            ProxyPass         /jenkins  http://127.0.0.1:8080/jenkins nocanon
            ProxyPassReverse  /jenkins  http://127.0.0.1:8080/jenkins
            ProxyPassReverse /jenkins http://subdomain.domain.dev/jenkins
            ProxyPassReverse /jenkins https://subdomain.domain.dev/jenkins
            ProxyRequests     Off
            ProxyPreserveHost On
            AllowEncodedSlashes NoDecode

            RequestHeader set X-Forwarded-Proto &quot;https&quot;
            RequestHeader set X-Forwarded-Port &quot;443&quot;

            &lt;Proxy http://127.0.0.1:8080/jenkins*&gt;
                    Order deny,allow
                    Allow from all
            &lt;/Proxy&gt;


            Include /etc/letsencrypt/options-ssl-apache.conf        
            SSLCertificateFile /etc/letsencrypt/live/subdomain.domain.dev/fullchain.pem
            SSLCertificateKeyFile /etc/letsencrypt/live/subdomain.domain.dev/privkey.pem

    &lt;/VirtualHost&gt;
 &lt;/IfModule&gt;

ports.conf

Listen 80

&lt;IfModule ssl_module&gt;
    Listen 443
&lt;/IfModule&gt;

&lt;IfModule mod_gnutls.c&gt;
    Listen 443
&lt;/IfModule&gt;

With the above configurations, when I try to go to https://subdomain.domain.dev/jenkins it gives a 403 and then redirects to https://subdomain.domain.dev/login?from=%2Fjenkins where it gives a 404 error.

Apache Access Logs

162.158.227.119 - - [20/May/2023:17:09:38 +0000] &quot;GET /jenkins HTTP/1.1&quot; 403 5890 &quot;-&quot; &quot;Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36&quot;
162.158.227.119 - - [20/May/2023:17:09:39 +0000] &quot;GET /login?from=%2Fjenkins HTTP/1.1&quot; 404 525 &quot;https://subdomain.domain.dev/jenkins&quot; &quot;Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36&quot;

There are no errors being logged in /var/log/apache2/error.log

Running sudo apache2ctl -t -D DUMP_VHOSTS gives the following output

VirtualHost configuration:
*:443                  subdomain.domain.dev (/etc/apache2/sites-enabled/subdomain.domain.dev-le-ssl.conf:2)

Also, I am using Cloudflare with Full Strict SSL/TLS and used letsencrypt to generate the SSL Certificate.

OpenSSL Version OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

Adding screenshot of the redirect from the browser
Jenkins + Apache with mod_proxy

Resources

  1. Jenkins Official Reverse Proxy Configuration Apache
  2. How to Setup Jenkins with SSL with Apache Reverse Proxy on Ubuntu 18.04
  3. Install and Configure Apache as Reverse Proxy for Jenkins
  4. Apache reverse proxy config with SSL for Jenkins and Sonar

答案1

得分: 0

我首先停止了apache,然后执行了sudo apt remove --purge jenkins。之后,重新安装了Jenkins并更新了/etc/default/jenkins文件的正确前缀和httpListenAddress,它是127.0.0.1。然后,在重新启动实例后,我成功地启动了Jenkins。至今为止,我已经运行和配置了Jenkins将近一天,没有发现任何问题。无论如何,我并不确定我是否真正解决了任何问题。如果有人知道这个问题的根本原因,请告诉我。

英文:

So, I was able to get this working, though I am not sure if this was the actual solution or just a coincidence.
I first stopped apache, then did a sudo apt remove --purge jenkins.
After that, reinstalled Jenkins and updated the /etc/default/jenkins file with the correct prefix and the httpListenAddress which was 127.0.0.1.
Then after a reboot of the instance itself, I was able to get Jenkins up and running. Have been running and configuring Jenkins for almost a day now, no issues found thus far.
In any case, I am not satisfied that I have actually solved anything. If anyone knows the root cause of this, please let me know.

huangapple
  • 本文由 发表于 2023年5月21日 01:33:59
  • 转载请务必保留本文链接:https://go.coder-hub.com/76296538.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定