Hi team,
I’ve upgraded my jenkins to the last version 2.303.3 and after login it redirects me to the localhost:8443/jenkins, until now I didn’t have any problem with this redirect 8443 because I’m using nginx as reverse proxy and no problem until upgraded.
Do you know if there is a problem with this version, being the latest version maybe some security spring bug exists?
Regards
I’ve not heard that sort of report from anyone else. My nginx reverse proxy ran 2.303.3 correctly as far as I recall.
what port do you use for jenkins server ?
My Jenkins is configured to answer requests on port 8080 and my nginx is configured to only answer requests on port 443.
Could you please give an example for your nginx config regarding the jenkins?
Here is the server block in my sites-avaailable/default file:
server {
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name home.markwaite.net;
location / {
try_files $uri $uri/ =404;
}
location /jenkins {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffer_size 8k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
# Jenkins HTTP based CLI requires HTTP 1.1
proxy_http_version 1.1;
# JENKINS-43666 and tests confirm it helps to disable proxy_request_buffering
proxy_request_buffering off;
# JENKINS-45651 notes that X-SSH-Endpoint header is not provided unless auth succeeds
# ssh authentication for CLI will fail unless the X-SSH-Endpoint header is added
add_header 'X-SSH-Endpoint' 'jenkins.domain.tld:50022' always;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/home.markwaite.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/home.markwaite.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
My problem is that behind my proxy server nginx I have other application that is been accessible via 8080 and that’s why I have jenkins port on 8443. Is there a way to make this to work from 8443 → 80 ?
upstream jenkins_backend {
server 192.168.100.5:8443;
}
upstream other_app {
server 192.168.100.23:8080;
}
}
}
listen 443 ssl;
server_name tool.domain.com;
I’m not an nginx expert or even a skilled administrator of nginx. I know that my nginx configuration works and that I’m able to server multiple applications from that nginx server. I would expect Jenkins does not care which port it is assigned, so long as the argument is passed to Jenkins to tell it to use that port.
I don’t recognize the upstream keyword in your configuration. I know that the location keyword works in my installation so that I can have several applications all accessed through the same nginx reverse proxy (as in https://my.example.com/jenkins and https://my.example.com/app and https://my.example.com/app2)
take a look here : - Reverse proxy - Nginx
As far as I understand it, that example configuration in the documentation is using nginx as a reverse proxy for the single application, Jenkins. It is describing how to define an nginx reverse proxy for https://jenkins.example.com/ with no other applications running on that URL. I thought your description was that you want to serve multiple applications from the same root URL, more like https://my.example.com/jenkins.
I’m not able to diagnose nginx configurations. I understood nginx just enough to make it work for my installation. Others will need to assist if more diagnosis of your installation is needed.
Did you set jenkins URL in the jenkins config to the correct (external) URL? The redidirect sounds like that is localhost:8443
Björn
Please take a look here in the printscreen , I’ve followed the link url redirection and seems the “j_spring_security_check” is causing the redirection.
"url": "https://tool.domain.com/jenkins/j_spring_security_check",
"ip": "62.217.xxx.xxx",
"redirect": false,
"redirectType": "",
"statusCode": 302,
"statusLine": "HTTP/1.1 302 Found",
"headers": [
{
"name": "Server",
"value": "nginx/1.16.1"
},
{
"name": "Date",
"value": "Thu, 02 Dec 2021 10:41:59 GMT"
{
"name": "Expires",
"value": "Thu, 01 Jan 1970 00:00:00 GMT"
},
{
"name": "Location",
"value": "https://tool.domain.com:8443/jenkins/"
