tomcat - Jenkins does not redirect to HTTPS -


the problem

i using jenkins on https/ssl (the details of setup below). can navigate https://jenkins.mydomain.com:8088 without problems. links correct https:// in front of them. can navigate through jenkins pages.

except when jenkins tries redirect (e.g after login, after clicking build, etc). whenever jenkins tries redirect page, sends me http:// page (not https://)

what i've tried

  • i have tried setting setting jenkins url in global configuration. works fine everything, except redirects http://, despite url saying https:// enter image description here
  • i have tried following instructions here regarding modifying jenkins.xml port configuration, setup not using jenkins windows service install, don't have jenkins.xml there different place can specify parameters jenkins?
  • i have tried understanding whatever "mod_proxy https" means, don't have virtual hosts configuration. , besides, tomcat installation not 1 handles ssl. issue seems in jenkins's redirect mechanism, ignoring jenkins url protocol part global configuration.

the jenkins setup

  • apache tomcat running windows service
    1. jenkins.war renamed root.war placed in tomcat's webapps folder
    2. executing through bin\tomcat6.exe //rs//instance_name
    3. configured through tomcat's windows "monitor service" tool enter image description here
  • there multiple instances configured way on machine, differentiated different tomcat folders , different tomcat ports under respective conf\server.xml
  • i've inherited setup. don't know why didn't use native install package windows service. there multiple instances of jenkins (through multiple instances of tomcat service) on computer. trying change installation type instances incur unacceptable amount of downtime.
  • jenkins' port 8088, cannot use 443 ssl there multiple instances running , can't have 443 way instances differentiated port.

the ssl setup

  • we have global ssl cert (*.mydomain.com) hosted on load balancer hardware. (i don't have access actual file)
  • there no ssl on actual windows server hosting jenkins.
  • the dns jenkins.mydomain.com resolves virtual ip on load-balancer, forwards traffic actual windows server hosting jenkins.
  • there nothing wrong setup, works fine other sites. this ssl setup works fine our jenkins instance.

i suggest peeking around server.xml , finding connector , adding secure="true" if doing http proxy scheme. redirect ports may involved.

<connector secure="true" port="8088" protocol="http/1.1" uriencoding="utf-8"            connectiontimeout="20000"             />

for reference, run jenkins behind 2 apache proxies, 1 external , 1 internal:

the relevant parts of our external vhost (jenkins.host.com):

    requestheader unset authorization     requestheader set authorization "basic (encrypted password)"     proxypass / ajp://dev.internal:9101/     proxypassreverse / ajp://dev.internal:9101/

the relevant parts of tomcat's server.xml:

<connector port="9001" protocol="http/1.1" uriencoding="utf-8"            connectiontimeout="20000"             />  <connector port="9101" protocol="ajp/1.3" uriencoding="utf-8"/>  <host name="dev.internal" appbase="webapps"         unpackwars="true" autodeploy="true">        <alias>jenkins.host.com</alias>      <!-- singlesignon valve, share authentication between web applications          documentation at: /docs/config/valve.html -->     <!--     <valve classname="org.apache.catalina.authenticator.singlesignon" />     -->      <!-- access log processes example.          documentation at: /docs/config/valve.html          note: pattern used equivalent using pattern="common" -->     <valve classname="org.apache.catalina.valves.accesslogvalve" directory="logs"            prefix="dev.internal_access_log." suffix=".txt" rotatable="false"            pattern="%h %l %u %t &quot;%r&quot; %s %b" />    </host>

-

Comments

Post a Comment

Popular posts from this blog

how to proxy from https to http with lighttpd -

i have internal site (192.168.2.1) accessible http on different server run public web-server using lighttpd. can make internal site accessible outside work follows $http["host"] == "internal.example.com" { ... proxy.server = ( "" => ( "internal" => ( "host" => "192.168.2.1", "port" => 8000 ) ) } this works, use https outside world. question is, how can proxy going https http ? i've tried this: $server["socket"] == ":443" { $http["host"] == "internal.example.com" { ... proxy.server = ( "" => ( "internal" => ( "host" => "http://192.168.2.1", "port" => 8000 ) ) } } but doesn't seem wor...
Read more

android - Automated my builds -

i have multiple app , android project want automated in build , release sequence. have ant script build , create apk of app. want have 1 script or ant file start build sequence app. maybe don't konw search, can't find easy documentation on ant. the point of use jenkins ant (or maven, i'm not sure of difference between them now) automated build sequence when people commit on project. any int appreciated maven dependencies (over ant) don't need pass around jars. recommend maven on ant day. syntax , overall process easier understand, @ end of both build tools. if able to, more recommend upgrading gradle. easy create different build types , create them ./gradlew assemble here project jake wharton can see power of gradle. there release , debug build, can make lot more if like. https://github.com/jakewharton/u2020 here android docs gradle http://tools.android.com/tech-docs/new-build-system/user-guide . if can't find looking here, check out main grad...
Read more

python - Flask migration error -

i've got application build on flask , wanted create new migration today. when run $python manage.py db upgrade i got message raise util.commanderror('only single head supported. ' alembic.util.commanderror: single head supported. script directory has multiple heads (due branching), must resolved manually editing revision files form linear sequence. run alembic branches see divergence(s). so run command $alembic branches no config file 'alembic.ini' found, or file has no '[alembic]' section any clue on about? the error messages coming alembic, use command form alembic <command> , integrating flask coming flask-migrate, need use form python manage.py db branches . to resolve multiple branches, make 1 of branches point down other branch upgrade graph straight line. see alembic's docs on branches: http://alembic.readthedocs.org/en/latest/branches.html
Read more