Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Jenkins does not redirect to HTTPS

Tags:

ssl

jenkins

tomcat

hudson

The problem

I am using Jenkins over HTTPS/SSL (the details of setup below). I can navigate to https://jenkins.mydomain.com:8088 without any problems. All links are correct with https:// in front of them. I can properly navigate through almost all Jenkins pages.

Except when Jenkins tries to redirect (e.g after login, after clicking Build, etc). Whenever Jenkins tries to redirect to any page, it sends me to http:// page (not httpS://)

What I've tried

  • I have tried setting setting Jenkins URL in global configuration. It works fine for everything, except that it always redirects to http://, despite the URL saying httpS:// enter image description here
  • I have tried following instructions here regarding modifying jenkins.xml with port configuration, however as my setup is not using Jenkins Windows service install, I simply don't have jenkins.xml Is there a different place I can specify the parameters to Jenkins?
  • I have tried understanding whatever "mod_proxy with HTTPS" means, but I don't have any virtual hosts configuration. And besides, my Tomcat installation is not the one that handles SSL. The issue seems to be only in Jenkins's redirect mechanism, which is ignoring Jenkins URL protocol part from Global Configuration.

The Jenkins setup

  • Apache Tomcat running as Windows service
    1. Jenkins.war renamed to ROOT.war is placed in Tomcat's webapps folder
    2. Executing through bin\tomcat6.exe //RS//Instance_Name
    3. Configured through Tomcat's Windows "Monitor Service" tool enter image description here
  • There are multiple instances configured this way on this machine, differentiated by different Tomcat folders and different Tomcat ports under respective conf\server.xml
  • I've inherited this setup. Don't know why they didn't use the native install package with Windows service. There are multiple instances of Jenkins (through multiple instances of Tomcat service) on this computer. Trying to change the installation type for all those instances will incur unacceptable amount of downtime.
  • Jenkins' port 8088, cannot use 443 for SSL as there are multiple instances running and they can't all have 443 as the only way Instances are differentiated is by port.

The SSL setup

  • We have a global SSL cert (*.mydomain.com) that is hosted on a load balancer hardware. (I don't have access to actual file)
  • There is no SSL on actual Windows server hosting Jenkins.
  • The DNS for jenkins.mydomain.com resolves to a virtual IP on the load-balancer, which then forwards to traffic to actual Windows server hosting Jenkins.
  • There is nothing wrong with this setup, it works fine for all other sites. This SSL setup also works fine for our Jenkins instance.
like image 646
Slav Avatar asked May 16 '14 19:05

Slav

1 Answers

I suggest peeking around the server.xml and finding the Connector and adding secure="true" if you are doing an HTTP proxy scheme. Redirect ports may also be involved.

<Connector secure="true" port="8088" protocol="HTTP/1.1" URIEncoding="UTF-8"
           connectionTimeout="20000"
            />

For reference, We run Jenkins behind 2 Apache proxies, one external and one internal:

The relevant parts of our external vhost (jenkins.host.com):

    RequestHeader unset Authorization
    RequestHeader set Authorization "Basic (encrypted password)"
    ProxyPass / ajp://dev.internal:9101/
    ProxyPassReverse / ajp://dev.internal:9101/

The relevant parts of tomcat's server.xml:

<Connector port="9001" protocol="HTTP/1.1" URIEncoding="UTF-8"
           connectionTimeout="20000"
            />

<Connector port="9101" protocol="AJP/1.3" URIEncoding="UTF-8"/>

<Host name="dev.internal" appBase="webapps"
        unpackWARs="true" autoDeploy="true">
       <Alias>jenkins.host.com</Alias>

    <!-- SingleSignOn valve, share authentication between web applications
         Documentation at: /docs/config/valve.html -->
    <!--
    <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
    -->

    <!-- Access log processes all example.
         Documentation at: /docs/config/valve.html
         Note: The pattern used is equivalent to using pattern="common" -->
    <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
           prefix="dev.internal_access_log." suffix=".txt" rotatable="false"
           pattern="%h %l %u %t &quot;%r&quot; %s %b" />

  </Host>
like image 104
Electrawn Avatar answered Nov 18 '22 08:11

Electrawn
Sign in to Comment

Related questions

"Update resources" option missing in IntelliJ IDEA
Disable scanManifest of Jar Scan in tomcat embed in spring boot
Tomcat consuming high CPU
How to set SameSite Cookie in Tomcat's Cookie Processor?
From Eclipse, how can I run my Maven project in Tomcat?
Setting up JPDA for Tomcat7 in ubuntu-server
MySQLNonTransientConnectionException: Client does not support authentication protocol requested by server; consider upgrading MySQL client [duplicate]
Diffie-Hellman public key error with Tomcat 7
org.apache.catalina.startup.Bootstrap on dock in Mac
which java version does tomcat use
starting tomcat on port 80 on CentOS release 5.5 (Final)
My Tomcat is not running it just open and close when I click on tomcat7.exe [closed]
How can I deploy an Angular 2 application on tomcat server (Windows Server 2012)
Tomcat binary distribution zip as maven artifact
Error while compiling apache APR make file not found
Excluding Tomcat dependencies from Spring Boot in Gradle
How to add a native library in Tomcat?
How to access Tomcat from another computer?
tomcat installation exception
Error in publishing the configuration in Eclipse

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!