I have HAProxy configured to terminate SSL connections for a Jenkins CI server, proxying to the Jenkins CI server backend over plain ol' HTTP. I can successfully perform [thus far] all of the operations I need to in the Jenkins CI server web interface, including manage the instance.
However, I get the Jenkins "reverse proxy setup is broken" warning. This is caused by stricter proxy configuration checking since Jenkins version 1.572, which uses a URL in the form of:
https://host-name/jenkins/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/testForReverseProxySetup/a%2Fb/
to test the reverse proxy configuration. The typical cause for the warning called out is the decoding of the %2F
into a forward slash by the reverse proxy, which causes a 404.
There seems to be well documented configuration solutions for Apache and nginx reverse proxy configurations to eliminate this warning. What I have not been able to find is something similar to Apache's "AllowEncodedSlashes On" option, or nginx's "proxy_pass" configuration, or even an example of setting up Jenkins behind HAProxy (which I'm using instead of Apache or nginx because we already have HAProxy in place for other applications).
- Operating system: CentOS 6.6
- HAProxy version: 1.5.2-2
- Jenkins version: 1.610
Best Answer
This was not, as it turned out, an issue with the URL encoding / decoding. It was simply operator error on my part - when terminating SSL at any proxy you must ensure that the X-Proxy-Proto header is set to https so that all URLs generated by Jenkins in this manner get use a scheme of https. I missed the line in the documentation on the troubleshooting page. Simple adding:
To the backend definition removed the warning.