Jenkins behind SSL, my case not going through

68 views
Skip to first unread message

Snd Lt

unread,
Jul 20, 2015, 11:01:25 AM7/20/15
to jenkins...@googlegroups.com

I used to use these statements to put Jenkins behind reverse proxy for TLS in previous previous job. But somehow these are't working anymore.


I'm on

# rpm -q httpd
httpd-2.4.6-31.el7.x86_64
# rpm -q mod_ssl
mod_ssl-2.4.6-31.el7.x86_64


I referred to all the Jenkins proxy guides on here and and Jenkisn website, but no luck. They all seem to have variations of what I already have/know down in conf files.


So basically, I installed Jenkins and can access via http://its-address:8080; Now I'm triyng to put it reverse proxy through http:its-address so that I can reverse proxy it to https://its-address

I used to able to get through without using a2enmod.


These are what I used to add on httpd.conf and ssl.conf.


[httpd.conf]

<VirtualHost *:80>
DocumentRoot /var/www/html
ProxyPass / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/
ProxyRequests Off
ProxyPreserveHost On
<Proxy http://localhost:8080/*>
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>


[ssl.conf]

SSLProxyEngine On
ProxyPreserveHost on
ProxyPass / https://localhost:8080/
ProxyPassReverse / https://localhost:8080/


No matter what I do around syntax, I'm suffering from

httpd[2410]: AH00526: Syntax error on line 100 of /etc/httpd/conf/httpd.conf:
httpd[2410]: ProxyPass|ProxyPassMatch needs a path when not defined in a location
or
httpd[2401]: Invalid ProxyPass|ProxyPassMatch parameter. Parameter must be in t...lue'.


Am I putting the correct statements?


Also tried, (at the end of ssl.conf)

<VirtualHost *:80>
    ServerAdmin  webmaster@localhost
    Redirect permanent / https://server.com/
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/ca.crt
    ServerAdmin  webmaster@localhost
    ProxyRequests     Off
    ProxyPreserveHost On
    AllowEncodedSlashes NoDecode
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    ProxyPass          http://localhost:8080/
    ProxyPassReverse    http://localhost:8080/
    ProxyPassReverse    http://server.com/
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Port "443"
</VirtualHost>



Seems like I'm not even putting it behind 80 to be able to forward to 443. 443 is currently configured with CA signed keys and the test page is secured.

httpd[4706]: AH00526: Syntax error on line 241 of  /etc/httpd/conf.d/ssl.conf:

httpd[4706]: /etc/httpd/conf.d/ssl.conf:ProxyPass|ProxyPassMatch needs a path when not defined in a location



[/etc/sysconfig/jenkins]

JENKINS_PORT="8080"
JENKINS_LISTEN_ADDRESS="0.0.0.0"
JENKINS_HTTPS_PORT="8081"
JENKINS_HTTPS_LISTEN_ADDRESS="0.0.0.0"

I'm getting "Service Unavailable The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later" at the webpage.

Help appreciated, thanks.

corneil....@gmail.com

unread,
Jul 20, 2015, 11:15:35 AM7/20/15
to jenkins...@googlegroups.com
The path is missing from your ProxyPass and ProxyPassReverse items.

On 20 July 2015 at 17:01, Snd Lt <send...@gmail.com> wrote:
ProxyPass http://localhost:8080/ ProxyPassReverse http://localhost:8080/ ProxyPassReverse http://server.com/

Snd Lt

unread,
Jul 20, 2015, 11:17:21 AM7/20/15
to jenkins...@googlegroups.com
Thanks. How would you define that otherwise?
I thought I already defined it at localhost:8080? Which is where Jenkins is accessible at?

Corneil du Plessis

unread,
Jul 21, 2015, 4:16:37 AM7/21/15
to jenkins...@googlegroups.com
ProxyPass required a path and a url
The path is applied to incoming request and matches are sent to the url.

ProxyPass /jenkins http://localhost:8080/jenkins

In your case you had

The correct syntax is:

Snd Lt

unread,
Jul 21, 2015, 9:37:21 AM7/21/15
to jenkins...@googlegroups.com
Thanks for your time.
I'm still learning up on Apache and Jenkins.

I've been struggling for days with this. 

Would you mind briefly narrating which should go to httpd.conf and to ssl.conf?
Perhaps I'm putting ProxyPass to wrong places.
Not getting the whole picture.

Corrected the syntax but still doing "Service Unavailable, The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later."

Thanks again.

Snd Lt

unread,
Jul 21, 2015, 11:46:42 PM7/21/15
to Jenkins Users
Nevermind.
SELinux had been blocking the communication. Used "setsebool"
Reply all
Reply to author
Forward
0 new messages