I want to know that if I send a request to a Jenkins instance should I always receive X-Instance-Identity header in the response?
Is there any specific case that this header is missed
I think that you can safely rely on the presence of that header for all Jenkins controllers that are doing useful work.
The message in the online help says:
Every Jenkins instance has a pair of public and private keys used to uniquely identify that Jenkins instance. The public key is published in the
X-Instance-Identityheader for web requests against the Jenkins UI. You can also find the key and the fingerprint of the key on this page.
The only case that I can imagine where that might not be available is if the instance-identity plugin is not installed. A Jenkins controller without the instance identity plugin probably has no other plugins installed, since over 1400 plugins have an implied dependency on that plugin. If any one of those 1400 plugins is installed, then the instance identity plugin will also be installed.
1 Like
Thank you so much @MarkEWaite for the response. On the right side of Instance Identity page, it is mentioned that this plugin just installed on %59.8 of instances. What happened to the %40.2 that do not have this plugin. Does it mean %40 of instances do not do useful work and do not have the header?
I’ve investigated further and confirmed that I was wrong in my assertion. I don’t think that you can assume that every Jenkins controller will reply with the X-Instance-Identity HTTP header. I have a configured Jenkins controller with a very useful set of plugins installed (SCM, Pipeline, etc.) that does not return the X-instance-identity header, yet works very well for my use case. My use case is behind an nginx reverse proxy. I suspect that my nginx may not be configured to return the X-Instance-Identity header.
The ci.jenkins.io installation returns an X-Instance-Identity HTTP header.
I suspect that the 40% of controllers that do not have the instance identity plugin installed are mostly older Jenkins versions that had instance identity built into Jenkins as a module. The instance identity capability of Jenkins was initially included as a module that was bundled inside Jenkins core, without using a plugin. When it was bundled inside core, it was always available.
The instance identity capability was moved from a module bundled inside Jenkins core to the instance identity plugin in Jenkins 2.357 weekly and in Jenkins 2.361.1 LTS. Prior to those versions, instance identity is always available.
I confirmed that Jenkins 2.414.1 will not provide the X-Instance-Identity header if I only install the structs plugin, the script security plugin, and the credentials plugin. There are some other plugins (mostly API plugins) that also do not cause the instance identity plugin to be installed.
Ultimately, if you want to work with as many Jenkins controllers as possible, I think you’ll need to assume that the X-Instance-Identity HTTP header is not always available.