How to connect with slave behind firewall to jenkins master behind apache reverse proxy through ssh
6,394 views
Skip to first unread message
Samy Ateia
Aug 15, 2014, 9:20:17 AM8/15/14
to jenkins...@googlegroups.com
Hi all,
I have a jenkins master server running on a remote machine behind an apache webserver. I limited access to the jenkins master server to the localhost ip.
We connect to the jenkins server through a ssh socks proxy.
I now need to run an jenkins ios slave (for building ios apps). This slave is sitting on a local network behind a firewall and router that i cannot configure.
I wonder if there is a possibility to configure the slave so it would connect to the master server via a ssh tunnel?
If i setup up a ssh tunnel like this:
I can reach the master server with wget:
but if i trie to run:
it fails because it tries to reach the master through the original url and it also puts some strange url arguments in there:
I even changed all the urls in slave-agent.jnlp manually, then it starts the window but fails saying the server rejected the connection.
Is what I'm trying to do even possible? (innitiating the connection from the slave and tunneling all the slave master communication through ssh?)
best regards,
samy
I have a jenkins master server running on a remote machine behind an apache webserver. I limited access to the jenkins master server to the localhost ip.
We connect to the jenkins server through a ssh socks proxy.
I now need to run an jenkins ios slave (for building ios apps). This slave is sitting on a local network behind a firewall and router that i cannot configure.
I wonder if there is a possibility to configure the slave so it would connect to the master server via a ssh tunnel?
If i setup up a ssh tunnel like this:
ssh -p 33322 -L localhost:8888:somedomain.com:80 somedomain.comI can reach the master server with wget:
wget http://localhost:8888/jenkins/computer/iostestslave/slave-agent.jnlp
but if i trie to run:
it fails because it tries to reach the master through the original url and it also puts some strange url arguments in there:
<argument>http://localhost:8888:8888/jenkins/</argument>I even changed all the urls in slave-agent.jnlp manually, then it starts the window but fails saying the server rejected the connection.
Is what I'm trying to do even possible? (innitiating the connection from the slave and tunneling all the slave master communication through ssh?)
best regards,
samy
Samy Ateia
Aug 21, 2014, 12:34:18 PM8/21/14
to jenkins...@googlegroups.com
If anyone has similar problems:
the easiest solution i found is to use sshuttle: https://github.com/apenwarr/sshuttle/
Its basically a one line command to route all traffic and ports through a ssh tunnel. (from the description: "Transparent proxy server that works as a poor man's VPN")
This enables me to connect slaves from any network via jnlp without opening Jenkins to the world or having to setup a full-fledged vpn.
best regards,
samy
the easiest solution i found is to use sshuttle: https://github.com/apenwarr/sshuttle/
Its basically a one line command to route all traffic and ports through a ssh tunnel. (from the description: "Transparent proxy server that works as a poor man's VPN")
This enables me to connect slaves from any network via jnlp without opening Jenkins to the world or having to setup a full-fledged vpn.
best regards,
samy
Reply all
Reply to author
Forward
0 new messages