"It appears that your reverse proxy set up is broken."
1,705 views
Skip to first unread message
Dennis Jacobfeuerborn
Mar 20, 2014, 12:05:47 PM3/20/14
to jenkins...@googlegroups.com
Hi,
I just installed a fresh Jenkins behind Apache httpd and while Jenkins is available it tells me "It appears that your reverse proxy set up is broken." but I don't know why.
This is my httpd config:
<VirtualHost *:80>
ServerName jenkins.local
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>
What specifically is wrong with this configuration?
Regards,
Dennis
I just installed a fresh Jenkins behind Apache httpd and while Jenkins is available it tells me "It appears that your reverse proxy set up is broken." but I don't know why.
This is my httpd config:
<VirtualHost *:80>
ServerName jenkins.local
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>
What specifically is wrong with this configuration?
Regards,
Dennis
Arthur...@homedepot.com
Mar 20, 2014, 12:28:24 PM3/20/14
to jenkins...@googlegroups.com
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
jenkinsci-use...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
The information in this Internet Email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this Email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this Email are subject to the terms and conditions expressed in any applicable governing The Home Depot terms of business or client engagement letter. The Home Depot disclaims all responsibility and liability for the accuracy and content of this attachment and for any damages or losses arising from any inaccuracies, errors, viruses, e.g., worms, trojan horses, etc., or other items of a destructive nature, which may be contained in this attachment and shall not be liable for direct, indirect, consequential or special damages in connection with this e-mail message or its attachment.
Les Mikesell
Mar 20, 2014, 2:26:39 PM3/20/14
to jenkinsci-users
On Thu, Mar 20, 2014 at 11:28 AM, <Arthur...@homedepot.com> wrote:
> If you are on Linux, It's much easier to use iptables instead of standing up
> httpd just to proxy.
>
>
>
> iptables -t nat -I PREROUTING --src 0.0.0.0/0 --dst 0.0.0.0/0 -p tcp --dport
> 80 -j REDIRECT --to-ports 8080
>
But both of those approaches force you to not have any other web
> If you are on Linux, It's much easier to use iptables instead of standing up
> httpd just to proxy.
>
>
>
> iptables -t nat -I PREROUTING --src 0.0.0.0/0 --dst 0.0.0.0/0 -p tcp --dport
> 80 -j REDIRECT --to-ports 8080
>
services on port 80 at that IP address. I like to push the URL to
/jenkins to make it co-exist with other proxied and native apache
services. You can do that by adding --prefix=/jenkins
--ajp13Port=8010 to the jenkins start up args (which, with the RPM
packaged version you can configure as JENKINS_ARGS in
/etc/sysconfig/jenkins). And then the Apache config is:
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
ProxyPass /jenkins/ ajp://localhost:8010/jenkins/
Putting a dummy /jenkins directory under your default DocumentRoot
will take care of the redirect if someone omits the trailing / in the
URL.
--
Les Mikesell
lesmi...@gmail.com
Marius Gedminas
Mar 21, 2014, 9:34:02 AM3/21/14
to jenkins...@googlegroups.com
On Thu, Mar 20, 2014 at 09:05:47AM -0700, Dennis Jacobfeuerborn wrote:
> I just installed a fresh Jenkins behind Apache httpd and while Jenkins is
> available it tells me "It appears that your reverse proxy set up is
> broken." but I don't know why.
https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+says+my+reverse+proxy+setup+is+broken
> I just installed a fresh Jenkins behind Apache httpd and while Jenkins is
> available it tells me "It appears that your reverse proxy set up is
> broken." but I don't know why.
> This is my httpd config:
>
> <VirtualHost *:80>
> ServerName jenkins.local
> ProxyRequests Off
> ProxyPreserveHost On
> ProxyPass / http://127.0.0.1:8080/
> ProxyPassReverse / http://127.0.0.1:8080/
> </VirtualHost>
>
> What specifically is wrong with this configuration?
fine, with no errors:
<VirtualHost *:443> (because seriously, HTTPS. It's 2014)
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
# the following converts http links to https in Location: headers, IIRC
ProxyPassReverse / http://jenkins.example.com/
<Proxy http://localhost:8080/>
Order deny,allow
Allow from all
</Proxy>
# prevent the client from setting this header
RequestHeader unset X-Forwarded-User
# black magic to copy REMOTE_USER to X-Forwarded-User
# (I don't think this actually works.)
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule .* - [E=RU:%1]
RequestHeader set X-Forwarded-User %{RU}e
# authentication
<Location />
AuthType Basic
AuthName "example.com"
AuthUserFile /etc/apache2/htpasswd
Require valid-user
</Location>
</VirtualHost>
I get the 'ProxyRequests Off' from Ubuntu's standard
/etc/apache2/mods-enabled/proxy.conf
Marius Gedminas
--
#define QUESTION ((bb) || !(bb)) /* Shakespeare */
Daniel Beck
Mar 21, 2014, 2:48:28 PM3/21/14
to jenkins...@googlegroups.com
On 20.03.2014, at 17:05, Dennis Jacobfeuerborn <djacobf...@gmail.com> wrote:
> I just installed a fresh Jenkins behind Apache httpd and while Jenkins is available it tells me "It appears that your reverse proxy set up is broken." but I don't know why.
Richard Mortimer
Mar 21, 2014, 3:55:33 PM3/21/14
to jenkins...@googlegroups.com
Hi,
On 20/03/2014 16:05, Dennis Jacobfeuerborn wrote:
> Hi,
> I just installed a fresh Jenkins behind Apache httpd and while Jenkins
> is available it tells me "It appears that your reverse proxy set up is
> broken." but I don't know why.
I came across the same problem earlier today. My setup had been working
but I started to get the message. I did a bit of digging and it seems
that the checks for broken proxies were "improved" in 1.552.
Take a look at
https://wiki.jenkins-ci.org/display/JENKINS/Running+Jenkins+behind+Apache
specifically...
AllowEncodedSlashes NoDecode
> </VirtualHost>
I did this and all works fine with a reloaded apache configuration.
Hope this helps.
Best Regards
Richard
P.S. I added a note into
https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+says+my+reverse+proxy+setup+is+broken
to warn people that things changed in 1.552.
>
> What specifically is wrong with this configuration?
>
> Regards,
> Dennis
>
On 20/03/2014 16:05, Dennis Jacobfeuerborn wrote:
> Hi,
> I just installed a fresh Jenkins behind Apache httpd and while Jenkins
> is available it tells me "It appears that your reverse proxy set up is
> broken." but I don't know why.
but I started to get the message. I did a bit of digging and it seems
that the checks for broken proxies were "improved" in 1.552.
Take a look at
https://wiki.jenkins-ci.org/display/JENKINS/Running+Jenkins+behind+Apache
specifically...
>
> This is my httpd config:
>
> <VirtualHost *:80>
> ServerName jenkins.local
> ProxyRequests Off
> ProxyPreserveHost On
> ProxyPass / http://127.0.0.1:8080/
you need nocanon at the end of ProxyPass
> This is my httpd config:
>
> <VirtualHost *:80>
> ServerName jenkins.local
> ProxyRequests Off
> ProxyPreserveHost On
> ProxyPass / http://127.0.0.1:8080/
> ProxyPassReverse / http://127.0.0.1:8080/
and need to add
AllowEncodedSlashes NoDecode
> </VirtualHost>
I did this and all works fine with a reloaded apache configuration.
Hope this helps.
Best Regards
Richard
P.S. I added a note into
https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+says+my+reverse+proxy+setup+is+broken
to warn people that things changed in 1.552.
>
> What specifically is wrong with this configuration?
>
> Regards,
> Dennis
>
> --
> You received this message because you are subscribed to the Google
> Groups "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to jenkinsci-use...@googlegroups.com
> <mailto:jenkinsci-use...@googlegroups.com>.
> You received this message because you are subscribed to the Google
> Groups "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to jenkinsci-use...@googlegroups.com
Niranjan Rao
Mar 21, 2014, 4:20:38 PM3/21/14
to jenkins...@googlegroups.com
Can you try replacing 127.0.0.1 with
actual ip of the box or change it to localhost. I remember a
problem sometimes back where definition of localhost was different
for java and c code. Don't remember the exact details, but
changing it localhost did make it work.
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
Dennis Jacobfeuerborn
Mar 25, 2014, 6:42:16 PM3/25/14
to jenkins...@googlegroups.com
Unfortunately none of this changes anything. I also tried the diagnostic curl command from the help page:
[dennis@nexusm ~]$ curl -iL http://jenkins.local/jenkins/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/test
HTTP/1.1 302 Found
Date: Tue, 25 Mar 2014 22:28:12 GMT
Location: http://jenkins.local/jenkins/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/testForReverseProxySetup/a%2Fb/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8
HTTP/1.1 404 Not Found
Date: Tue, 25 Mar 2014 22:28:12 GMT
Server: Apache
Content-Length: 362
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /jenkins/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/testForReverseProxySetup/a/b/ was not found on this server.</p>
<hr>
<address>Apache Server at jenkins.local Port 80</address>
</body></html>
What's interesting here is that if I call the URL from the location header manually like this:
http://jenkins.local/jenkins/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/testForReverseProxySetup/a%2Fb/
I get a 404 from Apache.
But when I call it like this (%2F => /):
http://jenkins.local/jenkins/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/testForReverseProxySetup/a/b/
I get a 404 from Tomcat with the message: "expected a/b but got a"
When I set "AllowEncodedSlashes on" then I get the 404 from tomcat with the message for both URLs.
Regards,
Dennis
[dennis@nexusm ~]$ curl -iL http://jenkins.local/jenkins/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/test
HTTP/1.1 302 Found
Date: Tue, 25 Mar 2014 22:28:12 GMT
Location: http://jenkins.local/jenkins/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/testForReverseProxySetup/a%2Fb/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8
HTTP/1.1 404 Not Found
Date: Tue, 25 Mar 2014 22:28:12 GMT
Server: Apache
Content-Length: 362
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /jenkins/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/testForReverseProxySetup/a/b/ was not found on this server.</p>
<hr>
<address>Apache Server at jenkins.local Port 80</address>
</body></html>
What's interesting here is that if I call the URL from the location header manually like this:
http://jenkins.local/jenkins/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/testForReverseProxySetup/a%2Fb/
I get a 404 from Apache.
But when I call it like this (%2F => /):
http://jenkins.local/jenkins/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/testForReverseProxySetup/a/b/
I get a 404 from Tomcat with the message: "expected a/b but got a"
When I set "AllowEncodedSlashes on" then I get the 404 from tomcat with the message for both URLs.
Regards,
Dennis
Dennis Jacobfeuerborn
Mar 25, 2014, 6:46:41 PM3/25/14
to jenkins...@googlegroups.com
Never mind. It looks like this is actually a bug in Jenkins:
https://issues.jenkins-ci.org/browse/JENKINS-21989
https://issues.jenkins-ci.org/browse/JENKINS-21989
Regards,
Dennis
On Thursday, March 20, 2014 5:05:47 PM UTC+1, Dennis Jacobfeuerborn wrote:
Marius Gedminas
Mar 26, 2014, 3:19:57 AM3/26/14
to jenkins...@googlegroups.com
On Tue, Mar 25, 2014 at 03:46:41PM -0700, Dennis Jacobfeuerborn wrote:
> Never mind. It looks like this is actually a bug in Jenkins:
>
> https://issues.jenkins-ci.org/browse/JENKINS-21989
That's not a bug. If I set up Apache properly[1], I get a 200 Ok from
> Never mind. It looks like this is actually a bug in Jenkins:
>
> https://issues.jenkins-ci.org/browse/JENKINS-21989
the curl test.
[1] https://issues.jenkins-ci.org/browse/JENKINS-21989?focusedCommentId=197468&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-197468
> On Thursday, March 20, 2014 5:05:47 PM UTC+1, Dennis Jacobfeuerborn wrote:
> > I just installed a fresh Jenkins behind Apache httpd and while Jenkins is
> > available it tells me "It appears that your reverse proxy set up is
> > broken." but I don't know why.
> >
> > This is my httpd config:
> >
> > <VirtualHost *:80>
> > ServerName jenkins.local
> > ProxyRequests Off
> > ProxyPreserveHost On
> > ProxyPass / http://127.0.0.1:8080/
> > ProxyPassReverse / http://127.0.0.1:8080/
> > </VirtualHost>
> >
> > What specifically is wrong with this configuration?
to the 'ProxyPass /' line:
<VirtualHost *:80>
ServerName jenkins.local
ProxyRequests Off
ProxyPreserveHost On
ProxyPassReverse / http://127.0.0.1:8080/
AllowEncodedSlashes NoDecode
</VirtualHost>
(I didn't know about this curl test and these requirements before this
thread, and so my configuration I pasted upthread didn't show them. I'm
somewhat curious why my Jenkins never complained about improper proxy
setup. Maybe I just dismissed that warning.)
Marius Gedminas
--
<niemeyer> I'm wondering why we have defineChecker() defined twice with exactly
the same implementation under zope.security.checker...
<niemeyer> Is it some kind of high-availability system? :-)
-- #zope3-dev
Reply all
Reply to author
Forward
0 new messages