Jenkins cli handshake error

Using Jenkins Ask a question
1

I have multiple jenkins Server running but I cannot access the via Jenkins CLI
The jenkins Server is working OK, I downloaded the jenkins CLI jar to my windows host and and executed the executed the command to tun in as shown in jenkins. But I got this error

PS D:\Bender\jenkins-cli> java -jar jenkins-cli.jar -s https://abmrndplje002.pass-consulting.com/ help
io.jenkins.cli.shaded.jakarta.websocket.DeploymentException: Handshake error.
        at io.jenkins.cli.shaded.org.glassfish.tyrus.client.ClientManager$3$1.run(ClientManager.java:658)
        at io.jenkins.cli.shaded.org.glassfish.tyrus.client.ClientManager$3.run(ClientManager.java:696)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at io.jenkins.cli.shaded.org.glassfish.tyrus.client.ClientManager$SameThreadExecutorService.execute(ClientManager.java:849)
        at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:123)
        at io.jenkins.cli.shaded.org.glassfish.tyrus.client.ClientManager.connectToServer(ClientManager.java:493)
        at io.jenkins.cli.shaded.org.glassfish.tyrus.client.ClientManager.connectToServer(ClientManager.java:337)
        at hudson.cli.CLI.webSocketConnection(CLI.java:364)
        at hudson.cli.CLI._main(CLI.java:324)
        at hudson.cli.CLI.main(CLI.java:103)
Caused by: io.jenkins.cli.shaded.org.glassfish.tyrus.core.HandshakeException: Response code was not 101: 400.
        at io.jenkins.cli.shaded.org.glassfish.tyrus.client.TyrusClientEngine.processResponse(TyrusClientEngine.java:301)
        at io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client.ClientFilter.processRead(ClientFilter.java:167)
        at io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client.Filter.onRead(Filter.java:111)
        at io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client.Filter.onRead(Filter.java:113)
        at io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client.SslFilter.handleRead(SslFilter.java:402)
        at io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client.SslFilter.processRead(SslFilter.java:365)
        at io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client.Filter.onRead(Filter.java:111)
        at io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client.Filter.onRead(Filter.java:113)
        at io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client.TransportFilter$4.completed(TransportFilter.java:295)
        at io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client.TransportFilter$4.completed(TransportFilter.java:279)
        at java.base/sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:129)
        at java.base/sun.nio.ch.Invoker$2.run(Invoker.java:221)
        at java.base/sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:113)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
        at java.base/java.lang.Thread.run(Thread.java:833)

The jenkins server is running behind an apache running as reverse proxy


ProxyRequests     Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode


<VirtualHost *:80>
  Redirect permanent / https://abmrndplje002.pass-consulting.com/
</VirtualHost>


<VirtualHost *:443>

    SSLEngine on

    SSLCertificateFile      "/etc/pki/tls/certs/STAR_pass-consulting_com.crt"
    SSLCertificateKeyFile   "/etc/pki/tls/private/STAR_pass-consulting_com.key"
    SSLCertificateChainFile "/etc/pki/tls/certs/STAR_pass-consulting_com.ca-bundle.crt"
    SSLCACertificatePath    "/etc/pki/tls/certs"

    ProxyPass / http://localhost:8080/   nocanon
    ProxyPassReverse /  http://localhost:8080/
    ProxyPassReverse /  http://abmrndplje002.pass-consulting.com/

    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Port "443"

    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite HIGH:!3DES:!aNULL:!MD5:!SEED:!IDEA:!RC4:!EXPORT:!PSK:!SHA

</VirtualHost>

How can I determine what is the problem and how to fix it?

Jenkins setup:

Jenkins: 2.414.1
OS: Linux - 3.10.0-1160.95.1.el7.x86_64
Java: 11.0.20 - Red Hat, Inc. (OpenJDK 64-Bit Server VM)

active-directory:2.33
analysis-model-api:11.6.0
ansible:253.v4fe719ffdd8a_
ansicolor:1.0.3
ant:497.v94e7d9fffa_b_9
antisamy-markup-formatter:162.v0e6ec0fcfcf6
apache-httpcomponents-client-4-api:4.5.14-208.v438351942757
authentication-tokens:1.53.v1c90fd9191a_b_
blueocean:1.27.6
blueocean-autofavorite:1.2.5
blueocean-bitbucket-pipeline:1.27.6
blueocean-commons:1.27.6
blueocean-config:1.27.6
blueocean-core-js:1.27.6
blueocean-dashboard:1.27.6
blueocean-display-url:2.4.2
blueocean-events:1.27.6
blueocean-git-pipeline:1.27.6
blueocean-github-pipeline:1.27.6
blueocean-i18n:1.27.6
blueocean-jira:1.27.6
blueocean-jwt:1.27.6
blueocean-personalization:1.27.6
blueocean-pipeline-api-impl:1.27.6
blueocean-pipeline-editor:1.27.6
blueocean-pipeline-scm-api:1.27.6
blueocean-rest:1.27.6
blueocean-rest-impl:1.27.6
blueocean-web:1.27.6
bootstrap5-api:5.3.0-1
bouncycastle-api:2.29
branch-api:2.1122.v09cb_8ea_8a_724
build-timeout:1.31
build-user-vars-plugin:1.9
caffeine-api:3.1.8-133.v17b_1ff2e0599
checks-api:2.0.0
cloudbees-bitbucket-branch-source:832.v43175a_425ea_6
cloudbees-folder:6.848.ve3b_fd7839a_81
command-launcher:107.v773860566e2e
commons-lang3-api:3.13.0-62.v7d18e55f51e2
commons-text-api:1.10.0-68.v0d0b_c439292b_
conditional-buildstep:1.4.3
config-file-provider:953.v0432a_802e4d2
copyartifact:722.v0662a_9b_e22a_c
credentials:1271.v54b_1c2c6388a_
credentials-binding:631.v861c06d062b_4
data-tables-api:1.13.5-1
declarative-pipeline-migration-assistant:1.6.1
declarative-pipeline-migration-assistant-api:1.6.1
display-url-api:2.3.9
docker-commons:439.va_3cb_0a_6a_fb_29
docker-workflow:572.v950f58993843
durable-task:523.va_a_22cf15d5e0
echarts-api:5.4.0-5
email-ext:2.100
embeddable-build-status:412.v09da_db_1dee68
extensible-choice-parameter:1.8.1
external-monitor-job:207.v98a_a_37a_85525
favorite:2.4.3
font-awesome-api:6.4.0-2
forensics-api:2.3.0
generic-webhook-trigger:1.87.0
git:5.2.0
git-client:4.4.0
git-parameter:0.9.19
git-server:99.va_0826a_b_cdfa_d
github:1.37.3
github-api:1.314-431.v78d72a_3fe4c3
github-branch-source:1732.v3f1889a_c475b_
gitlab-api:5.3.0-91.v1f9a_fda_d654f
gitlab-branch-source:671.v67b_7169092ca_
gitlab-plugin:1.7.15
gradle:2.8.2
h2-api:11.1.4.199-12.v9f4244395f7a_
handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953
htmlpublisher:1.32
instance-identity:173.va_37c494ec4e5
ionicons-api:56.v1b_1c8c49374e
jackson2-api:2.15.2-350.v0c2f3f8fc595
jakarta-activation-api:2.0.1-3
jakarta-mail-api:2.0.1-3
javadoc:243.vb_b_503b_b_45537
javax-activation-api:1.2.0-6
javax-mail-api:1.6.2-9
jaxb:2.3.8-1
jdk-tool:73.vddf737284550
jenkins-design-language:1.27.6
jersey2-api:2.40-1
jira:3.10
jjwt-api:0.11.5-77.v646c772fddb_0
jnr-posix-api:3.1.17-1
job-import-plugin:3.6
jquery:1.12.4-1
jquery3-api:3.7.0-1
jsch:0.2.8-65.v052c39de79b_2
junit:1217.v4297208a_a_b_ce
ldap:694.vc02a_69c9787f
lockable-resources:1185.v0c528656ce04
mailer:463.vedf8358e006b_
mapdb-api:1.0.9-28.vf251ce40855d
matrix-auth:3.2
matrix-project:808.v5a_b_5f56d6966
maven-artifact-choicelistprovider:1.14
maven-plugin:3.23
mina-sshd-api-common:2.10.0-69.v28e3e36d18eb_
mina-sshd-api-core:2.10.0-69.v28e3e36d18eb_
monitoring:1.95.0
okhttp-api:4.11.0-157.v6852a_a_fa_ec11
openJDK-native-plugin:1.7
pam-auth:1.10
parameterized-trigger:2.46
pipeline-build-step:505.v5f0844d8d126
pipeline-github-lib:42.v0739460cda_c4
pipeline-graph-analysis:202.va_d268e64deb_3
pipeline-groovy-lib:685.v8ee9ed91d574
pipeline-input-step:477.v339683a_8d55e
pipeline-milestone-step:111.v449306f708b_7
pipeline-model-api:2.2144.v077a_d1928a_40
pipeline-model-definition:2.2144.v077a_d1928a_40
pipeline-model-extensions:2.2144.v077a_d1928a_40
pipeline-multibranch-defaults:2.1
pipeline-rest-api:2.33
pipeline-stage-step:305.ve96d0205c1c6
pipeline-stage-tags-metadata:2.2144.v077a_d1928a_40
pipeline-stage-view:2.33
pipeline-utility-steps:2.16.0
plain-credentials:143.v1b_df8b_d3b_e48
plugin-util-api:3.3.0
prism-api:1.29.0-7
publish-over:0.22
pubsub-light:1.17
repository-connector:2.2.1
resource-disposer:0.23
rest-list-parameter:1.7.0
run-condition:1.7
saml:4.429.v9a_781a_61f1da_
scm-api:676.v886669a_199a_a_
script-security:1275.v23895f409fb_d
select2-api:4.0.13-8
snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4
sonar:2.15
sse-gateway:1.26
ssh-credentials:308.ve4497b_ccd8f4
ssh-slaves:2.916.vd17b_43357ce4
ssh-steps:2.0.65.vd26b_5b_9b_de4d
sshd:3.312.v1c601b_c83b_0e
structs:325.vcb_307d2a_2782
subversion:2.17.3
throttle-concurrents:2.14
timestamper:1.26
token-macro:384.vf35b_f26814ec
trilead-api:2.84.v72119de229b_7
variant:59.vf075fe829ccb
warnings-ng:10.4.0
workflow-aggregator:596.v8c21c963d92d
workflow-api:1267.vd9b_a_ddd9eb_47
workflow-basic-steps:1042.ve7b_140c4a_e0c
workflow-cps:3774.v4a_d648d409ce
workflow-durable-task-step:1289.v4d3e7b_01546b_
workflow-job:1342.v046651d5b_dfe
workflow-multibranch:756.v891d88f2cd46
workflow-scm-step:415.v434365564324
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:848.v5a_383b_d14921
ws-cleanup:0.45

2

I checked the apache access log and found the following entries

10.9.0.64 - - [04/Sep/2023:11:49:52 +0200] "GET /cli/ws HTTP/1.1" 400 519 "-" "-"
10.9.0.64 - - [04/Sep/2023:11:50:16 +0200] "GET /cli/ws HTTP/1.1" 400 519 "-" "-"

and wehen I tried to access this via curl I got
the error Error 400 only WS connections accepted here


[grafra1969@jenkins-rnd etc]$ curl -v https://abmrndplje002.pass-consulting.com/cli/ws
* About to connect() to abmrndplje002.pass-consulting.com port 443 (#0)
*   Trying 10.0.5.8...
* Connected to abmrndplje002.pass-consulting.com (10.0.5.8) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=*.pass-consulting.com
*       start date: Oct 05 00:00:00 2022 GMT
*       expire date: Nov 05 23:59:59 2023 GMT
*       common name: *.pass-consulting.com
*       issuer: CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB
> GET /cli/ws HTTP/1.1
> User-Agent: curl/7.29.0
> Host: abmrndplje002.pass-consulting.com
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< Date: Mon, 04 Sep 2023 09:53:22 GMT
< Server: Jetty(10.0.15)
< X-Content-Type-Options: nosniff
< Cache-Control: must-revalidate,no-cache,no-store
< Content-Type: text/html;charset=iso-8859-1
< Content-Length: 519
< Connection: close
<
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 400 only WS connections accepted here</title>
</head>
<body><h2>HTTP ERROR 400 only WS connections accepted here</h2>
<table>
<tr><th>URI:</th><td>/cli/ws</td></tr>
<tr><th>STATUS:</th><td>400</td></tr>
<tr><th>MESSAGE:</th><td>only WS connections accepted here</td></tr>
<tr><th>SERVLET:</th><td>Stapler</td></tr>
</table>
<hr/><a href="https://eclipse.org/jetty">Powered by Jetty:// 10.0.15</a><hr/>

</body>
</html>
* Closing connection 0