Simple jenkins + nginx reverse proxy setup with docker containers : broken configuration

1,036 views
Skip to first unread message

Jean-Luc Pinardon

unread,
Jul 22, 2019, 10:30:57 AM7/22/19
to Jenkins Users
Dear all,

I know the subject is not new, but I have not been able to find a solution to my problem. Even after reading Jenkins behind a reverse proxy.

As a docker training exercise, I try to setup a mockup with 2 containers.
  • One with nginx
    nginx is used as a reverse http proxy (the next step wil be https frontend)
  • One with jenkins
    jenkins is supposed to be publicly accessible as www.devportal.org:90/ci, but is internally (i.e. within the docker network) known as jenkins_ci thanks to docker network alias.
    I have added
    ---prefix=/ci

    to the JENKINS_OPTS environment variable.

I have partially succeeds. I mean that I can access it with the given address. But ...

  • When I try to connect as a user (the admin user), I get the login page. But when filling the user / password, I am redirected to http://www.devportal.org/ci/.
    In other words, the domain name and the prefix are OK, but the port number is lost.

  • If I add the port to this address on the location bar, I am correctly connected as the admin user, and the home page is correctly displayed.

  • When I select the manage page, I see a warning message saying that my reverse proxy configuration is broken.

  • Besides, when going to configure system, the page is displayed but it never finishes loading.

  • Also, on the jenkins logs, I see the following eror message :
    Jul 22, 2019 4:13:34 PM hudson.diagnosis.ReverseProxySetupMonitor getTestForReverseProxySetup
    WARNING    : http://www.devportal.org/ci/manage vs. http://www.devportal.org:90/ci/manage

I have checked that the Jenkins URL in the Jenkins location section is correctly configured as www.devportal.org:90/ci.

And my nginx configuration is :
server {
        listen 90;
        listen [::]:90;
        server_name www.devportal.org;
        access_log /var/log/nginx/reverse-access.log;
        error_log /var/log/nginx/reverse-error.log;

        location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
            #rewrite all static files into requests to the root
            #E.g /static/12345678/css/something.css will become /css/something.css
            rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
         }

        location /ci/ {
                proxy_pass              http://jenkins_ci:8080;
                proxy_set_header        Host $host:$server_port;
                proxy_set_header        X-Real-IP $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header        X-Forwarded-Proto $scheme;
                # Fix the "It appears that your reverse proxy set up is broken" error.
                proxy_set_header X-Forwarded-Host $host;
                proxy_read_timeout  90;
                proxy_redirect      http://jenkins_ci:8080 http://www.devportal.org;
                # Required for new HTTP-based CLI
                proxy_http_version 1.1;
                proxy_request_buffering off;
                proxy_set_header Connection ""; # Clear for keepalivea
        }
}



So, for sure, as the port number is lost,  I guess there is something wrong in the nginx configuration (and/ or jenkins ?), but cannot find where.

I would be very thankful if someone could help me.

Best Regards
J-L

Carel Combrink

unread,
Jul 23, 2019, 9:39:59 AM7/23/19
to jenkins...@googlegroups.com
Not that I am any expert, but my location configuration is as follow (I just use '/', not sure if it affects anything compared to /ci/ that you have):

{code}
    location / {
        proxy_pass         http://jenkins_master:8080;

        proxy_set_header   X-Forwarded-Host   $host:$server_port;
        proxy_set_header   X-Forwarded-Server $host;


        proxy_set_header   X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto  $scheme;
        proxy_set_header   X-Real-IP          $remote_addr;
        proxy_max_temp_file_size 0;

        proxy_connect_timeout      150;
        proxy_send_timeout         100;
        proxy_read_timeout         100;

        proxy_buffer_size          8k;
        proxy_buffers              4 32k;
        proxy_busy_buffers_size    64k;
        proxy_temp_file_write_size 64k;
    }
{code}

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/2370e23f-8cf5-43ac-8aff-37864225eb77%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages