Jenkins in AWS not responding to LB (nor port 8080)

[Arnau Bria]

Dear all,

my name is Arnau and I'm new to Jenkins.

We are trying to install  a Jenkins server using cloudformation templates from widdix people (https://templates.cloudonaut.io/en/stable/jenkins/). We deplyoed it initially using both public/private networks and the jenkins server was installed properly. We're now deploying it using our own VPC and using Internal networks only and we're facing some issues,

After some debugging we can say that the AWS network settings are working and the Load Balancer can talk to the Jenkins EC2 instance to port 8080. In logs we see lines like:

[08/Mar/2019:08:41:55 +0000] "GET /login HTTP/1.1" 200 829 "-" "ELB-HealthChecker/2.0"

(we also deployed an apache listening inport 8080 and the LB did respond as expected).

But, and here comes the problem, when we put the LB URL in the browser we get a ERR_EMPTY_RESPONSE from Jenkins:

Taking a look at the access logs we see lines like:

[08/Mar/2019:08:52:07 +0000] "GET / HTTP/1.1" 403 677 "-"

so we're reaching the Jenkins Master but it is not responding (well, there's a 403 response).

When we restart the service we do see the Jenkins message:

Please wait while Jenkins is getting ready to work ...

Your browser will reload automatically when Jenkins is ready.

And we could even configure it using a ssh tunnel to the port 8080.

So,at this point we're quite lost and we don't understand why jenkins does not respond when we contacting it from from anyplace different to the master itself.

Could someone give us some help?

System infomation:

Amazon AMI.

- jenkins-2.150.3-1.1.noarch

/etc/sysconfig/jenkins

JENKINS_HOME="/var/lib/jenkins"

JENKINS_JAVA_CMD=""

JENKINS_USER="jenkins"

JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true"

JENKINS_PORT="8080"

JENKINS_LISTEN_ADDRESS="0.0.0.0"

JENKINS_HTTPS_PORT=""

JENKINS_HTTPS_KEYSTORE=""

JENKINS_HTTPS_KEYSTORE_PASSWORD=""

JENKINS_HTTPS_LISTEN_ADDRESS=""

JENKINS_DEBUG_LEVEL="500"

JENKINS_ENABLE_ACCESS_LOG="yes"

JENKINS_HANDLER_MAX="100"

JENKINS_HANDLER_IDLE="20"

JENKINS_ARGS=" --httpListenAddress=0.0.0.0"

config.xml

<?xml version='1.1' encoding='UTF-8'?>

<hudson>

  <disabledAdministrativeMonitors/>

  <version>2.150.3</version>

  <installStateName>NEW</installStateName>

  <numExecutors>0</numExecutors>

  <mode>NORMAL</mode>

  <useSecurity>true</useSecurity>

  <authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">

    <denyAnonymousReadAccess>true</denyAnonymousReadAccess>

  </authorizationStrategy>

  <securityRealm class="hudson.security.HudsonPrivateSecurityRealm">

    <disableSignup>true</disableSignup>

    <enableCaptcha>false</enableCaptcha>

  </securityRealm>

  <disableRememberMe>false</disableRememberMe>

  <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>

  <workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULL_NAME}</workspaceDir>

  <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>

  <jdks/>

  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>

  <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>

  <clouds/>

  <scmCheckoutRetryCount>0</scmCheckoutRetryCount>

  <views>

    <hudson.model.AllView>

      <owner class="hudson" reference="../../.."/>

      <name>all</name>

      <filterExecutors>false</filterExecutors>

      <filterQueue>false</filterQueue>

      <properties class="hudson.model.View$PropertyList"/>

    </hudson.model.AllView>

  </views>

  <primaryView>all</primaryView>

  <slaveAgentPort>49817</slaveAgentPort>

  <label>master</label>

  <crumbIssuer class="hudson.security.csrf.DefaultCrumbIssuer">

    <excludeClientIPFromCrumb>false</excludeClientIPFromCrumb>

  </crumbIssuer>

  <nodeProperties/>

  <globalNodeProperties/>

</hudson>

TIA,

Arnau