Blue Ocean Alpha Plugin - HTTP error of HTTPS

[Dan QAmbox]

Hi there.

I just installed the alpha version of the Blue Ocean plugin. I see the blue "Try Blue Ocean" button at the top of the page. However, when I try to get to the page I get an error in the console:

Mixed Content: The page at 'https://a.b.com/blue/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://a.b.com/blue/js-extensions/'. This request has been blocked; the content must be served over HTTPS.

Is this something I can fix locally or can someone patch it? I know its a alpha,but was hoping to at least get it to load up so I can test it out.

Thanks in Advance.

[Daniel Beck]

What URL is configured in Manage Jenkins » Configure Jenkins » Jenkins Location? Should be HTTPS if you access Jenkins that way.

> --
> You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/e0dcb993-e775-4997-9090-0afb1b237829%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Dan QAmbox]

I went in and updated that to be HTTPS. I saved it but still getting the same error in the console when trying to go to the blue ocean url. 

Any other ideas? 

Thanks for the help.

Sincerely,

[James Dumay]

Does bouncing your Jenkins server help? Strangely we use https on blueocean.io right now and we are not seeing any issues.

[Michael Neale]

This is odd, others use https and haven't seen this... the blue ocean url has https in it? 

On Wednesday, July 27, 2016 at 6:24:55 AM UTC+10, Dan QAmbox wrote:

[Dan QAmbox]

I restarted the server after updating the url in the configs to use https. Still getting the same error. Is still thinks that the url is http. Is there another place I need to set the https in the configs?

Sincerely

[Dan QAmbox]

Wonder is this may be related: https://issues.jenkins-ci.org/browse/JENKINS-14223

[Dan QAmbox]

This is the issue it seems, but have no idea where to look to set the src locally in the files to src=//. 

[Dan QAmbox]

Sorry forgot link: http://stackoverflow.com/questions/18251128/why-am-i-suddenly-getting-a-blocked-loading-mixed-active-content-issue-in-fire

[Michael Neale]

It's hard to say, it could be a quirk of proxy settings. The resources don't specify any absolute paths that I can tell. 

if you use chrome, can you see what resources are trying to load that way, and what is triggering them? inspecting the JS will help a bit. 

note that 'X-Forwarded-Proto'  should be present in the request, which Jenkins willi honour. I think it is the same issue as you point out in that link. 

Reverse proxies can be tricky - any more information you can provide about your setup will help. nginx has been in use by many and it doesn't have this issue (it does set that header). 

[Dominic Scheirlinck]

Here's what's going on according to my testing:

- /blue/js-extensions/ is the only affected resource
- The page attempts to load https://example.com/blue/js-extensions  (NB: no trailing slash)
- This results in a 302, redirecting to Location: http://example.com/blue/js-extensions/ (NB: trailing slash, but no HTTPS)
- If I'm visiting this location directly, HSTS will send me (307) to https://example.com/blue/js-extensions/ (finally, the working URL), but HSTS doesn't seem to be applied to <script src> by UAs (or at least not consistently).

Why https://example.com/blue/js-extensions redirects to http://example.com/blue/js-extensions/ and changes the protocol, I'm not sure. There doesn't seem to be anything in my nginx config about trailing slashes specifically. I am using `proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`.

Like the other respondents, I've been using HTTPS Jenkins for years, have the correct protocol in the 'Jenkins Location' setting, and all the other assets on /blue/ (e.g. blueorigin.js or blueorigin.css) are being loaded over HTTPS correctly.

Regards,

Dom

On Thursday, 28 July 2016 10:45:36 UTC+12, Michael Neale wrote:

[Michael Neale]

Are you able to share the relevant parts of your nginx config? 

I that redirect seems to be the problem (it should not redirect to non https, that seems a bug). I assume you are using example.com instead of your actual url just by way of example? 

[Dominic Scheirlinck]

Hi Michael,

The relevant part is the proxy_redirect directive (I had mine at 'off').

Jenkins generates a redirect, and nginx (if acting as a reverse proxy) has to rewrite the location to the correct one (Jenkins, running behind the reverse proxy, is relatively correct in redirecting to HTTP I believe). Something like this directive should fix the problem:
  proxy_redirect http:// https://;

This is mentioned by the wiki:
  https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy

 

I guess the only real strange thing is that I managed to go this long without something else breaking it!

Dom

[Michael Neale]

Oh good catch. 

I am still curious why it would redirect to http - in *theory* the header is available so it can know the forwarded protocol...

but good to hear this is resolved. 

[Dan QAmbox]

This is the EXACT behavior I am seeing. I have tried to update my NGNIX proxy but no matter what I change, its still not working. Can you provide what your ngnix configs look like so I can see where I might be off. Also note our jenkins box does not use jenkins in the DNS name. Doubt that should matter but thought I would mention it, 

Thank you for the assistance.

Sincerely,

[Dan QAmbox]

Hi there.

I tried this but it does not work. I also upgraded to the latest alpha release but that didn't fix the issue either. Would it be possible to for you share you NGNIX config so I can check it against mine to see why its not working.

Thank you in advance.

[Dan QAmbox]

Finally figured it out. Was looking in the wrong place. The file you need to update is under /etc/ngnix/site-enabled/jenkins.conf.

As stated by Dominic above replace:

 proxy_redirect off;

with

 proxy_redirect http:// https://;

then 

sudo service jenkins restart

sudo service ngnix  restart

and you are good to go.

Thanks for the help.