Jenkins CLI with http protocol does not respond in 2.81

[Riccardo Foschia]

Hi all,

after an upgrade of Jenkins 1.638 to 2.81 CLI I need to switch to http
protocol but it doesn't work (SSH protocol seems to work after the
upgrade).

No matter which CLI command I use, after a few seconds the call returns
but shows no result. E.g.

java -jar jenkins-cli.jar -s http://10.0.3.108 -logger FINE help

called from a Windows command line returns nothing. No errors are
reported. On console I see only the following output:

Okt 04, 2017 1:11:33 PM hudson.cli.CLI _main
FINE: using connection mode HTTP
Okt 04, 2017 1:11:33 PM hudson.cli.CLI plainHttpConnection
FINE: Trying to connect to http://10.0.3.108:8080/ via plain protocol
over HTTP
Okt 04, 2017 1:11:34 PM hudson.cli.FullDuplexHttpStream <init>
FINE: establishing download side
Okt 04, 2017 1:11:39 PM hudson.cli.FullDuplexHttpStream <init>
FINE: established download side
Okt 04, 2017 1:11:39 PM hudson.cli.FullDuplexHttpStream <init>
FINE: establishing upload side
Okt 04, 2017 1:11:39 PM hudson.cli.FullDuplexHttpStream <init>
FINE: established upload side


On Jenkins server (running on Debian) I enabled HTTP access log and I
see the following lines there:

10.0.1.66 - - [04/Okt/2017:13:41:50 +0200] "GET / HTTP/1.1" 200 295675
"-" "Java/1.8.0_141"
10.0.1.66 - - [04/Okt/2017:13:41:58 +0200] "POST /cli HTTP/1.1" 200 6458
"-" "Java/1.8.0_141"
10.0.1.66 - - [04/Okt/2017:13:41:58 +0200] "POST /cli HTTP/1.1" 200 0
"-" "Java/1.8.0_141"

I also tried this with other CLI commands like version or who-am-i and
providing an additional -auth parameter with the right API-Token to the
command line like

java -jar jenkins-cli.jar -s http://10.0.3.108 -auth foschia:
02a781f2a2fe96e8d38dc548ab07912e -logger FINE version

but the result on the command line and the log outputs on client and
server side remain the same.

After reading all available Jenkins documentation and googling around I
really do not know, what to do next.

I would really appreciate any hints.

Thanks in advance,
Riccardo

--

META-LEVEL Software AG
Lyonerring 1
66121 Saarbrücken
Deutschland
Tel: +49 - 681 / 99687-0
Fax: +49 - 681 / 99687-99
Mail: in...@meta-level.de
Web: www.meta-level.de

Rechtsform: Aktiengesellschaft
Sitz: Saarbrücken
HR B Nr. 13 380 Amtsgericht Saarbrücken
USt-IdNr. DE 1 38 166667
Vorstände: Dipl.-Inform. Peter Badt und Dipl.-Inform. Peter Raber
Vorsitzender des Aufsichtsrats: Reinhard Kuhn

[Daniel Beck]

> On 4. Oct 2017, at 13:50, Riccardo Foschia <riccardo...@meta-level.de> wrote:
>
> after an upgrade of Jenkins 1.638 to 2.81 CLI I need to switch to http protocol but it doesn't work (SSH protocol seems to work after the upgrade).
>
> No matter which CLI command I use, after a few seconds the call returns but shows no result. E.g.
>

If Jenkins is running behind a reverse proxy, make sure the settings are correct.

For example for nginx,

proxy_http_version 1.1;
proxy_request_buffering off;

[Riccardo Foschia]

Thanks for your answer, but there is no proxy running.

[Daniel Beck]

> On 4. Oct 2017, at 14:29, Riccardo Foschia <riccardo...@meta-level.de> wrote:
>
> Thanks for your answer, but there is no proxy running.

What security realm are you using?

[Riccardo Foschia]

We are using LDAP and project based matrix authorization (like before
upgrading).

In the old Jenkins version we used before upgrading to 2.81 we needed to
authorize user anonymous with common read and connect permissions. These
user still exists after upgrading to 2.81, see attached screen shot.

[Devin Nusbaum]

Do you see any errors in the logs on the Jenkins server, and is the jenkins-cli.jar you are using from your 2.81 instance? You can download a fresh jar from http://YOUR_HOST/jenkins/jnlpJars/jenkins-cli.jar. (If you aren’t using the /jenkins context path just http://YOUR_HOST/jnlpJars/jenkins-cli.jar).

> --
> You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/47734b97-86aa-3555-e7b0-4fac1cbd26c7%40meta-level.de.
> For more options, visit https://groups.google.com/d/optout.

[Riccardo Foschia]

Am 04.10.2017 um 15:51 schrieb Devin Nusbaum:
> Do you see any errors in the logs on the Jenkins server, and is the jenkins-cli.jar you are using from your 2.81 instance? You can download a fresh jar from http://YOUR_HOST/jenkins/jnlpJars/jenkins-cli.jar. (If you aren’t using the /jenkins context path just http://YOUR_HOST/jnlpJars/jenkins-cli.jar).
>

The jenkins-cli.jar is the one from the 2.81 server instance. I
downloaded it from the link you mentioned. The MANIFEST.MF of this jar
says, it's Jenkins-CLI 2.81.

And I do not see exceptions in /var/lib/jenkins/jenkins.log around the
times I launch the CLI commands.

[Riccardo Foschia]

After some research we found the problem: it was the anti-virus software
because it damaged the HTTP responses. After disabling the HTTP
scanning feature everything worked fine.

Thanks to all for their help!

[ps...@tibco.com]

Thanks a lot your reply helped me a lot 

I had to update nginx to have these settings 

      # Required for new HTTP-based CLI

     proxy_http_version 1.1;

     proxy_request_buffering off;

     # workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651

     add_header 'X-SSH-Endpoint' 'jenkins.domain.tld:50022' always;

I found at : https://wiki.jenkins.io/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy 

On Wednesday, October 4, 2017 at 5:00:26 AM UTC-7, Daniel Beck wrote: