I'm setting up a Jenkins server, to run under Tomcat behind Apache. I'm using virtual hosts with SSL using SNI so I can access it at https://jenkins.example.com, and serve something else on, say, http://www.example.com.
I've got it up and running, but when I click "Manage Jenkins", it tells me It appears your reverse proxy setup is broken.
Note that I'm using a self-signed SSL certificate, and jenkins.example.com is not the default virtual hosts.
The relevant apache config looks like this:
<VirtualHost *:80>
ServerName jenkins.example.com
Redirect / https://jenkins.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName jenkins.example.com
SSLEngine on
SSLCertificateFile /etc/ssl/certs/jenkins.example.com.crt
SSLCertificateKeyFile /etc/ssl/private/jenkins.example.com.key
<Location />
AuthType Digest
AuthName "Jenkins"
AuthUserFile "/etc/htpasswords"
Require valid-user
</Location>
ProxyRequests Off
ProxyPreserveHost On
<Proxy http://localhost:8080*>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPassReverse / https://jenkins.example.com
</VirtualHost>
If I do:
curl --user "username:password" --digest -k https://jenkins.example.com/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/test -L
Then I see the output:
<div/>
If I run wget with debug, then I see at that some point wget gets a pointer to http instead of https, not sure why that's happening or if it's related, but it does redirect properly:
---response begin---
HTTP/1.1 302 Moved Temporarily
Date: Tue, 17 Jan 2012 19:47:16 GMT
Server: Apache-Coyote/1.1
Location: http://jenkins.example.com/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/test-for-reverse-proxy-setup
Content-Length: 0
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/plain
I'm running on Ubuntu 11.04, Apache 2.2.17, Tomcat 6.0.28, Jenkins 1.448.
Best Answer
The one issue that I see with your config is that:
Should be:
Seems like the service is sending
http://
instead ofhttps://
location headers (probably because your connection to its listener from Apache is unencrypted on the localhost listener), in which case you'll need to add:So, what's probably occurring currently is the API call is failing because it gets an
http://
address in theLocation:
header of the redirect (which is missed for un-translation in theProxyPassReverse
because it's nothttp
).It sends the request to that location and gets another redirect response, from your
<VirtualHost *:80>
. Their validity checker knows that ain't right and errors, whilecurl
follows one more redirect and gets a valid response.Add the
ProxyPassReverse
forhttp://
above and this should correct the issue, if I'm right.