Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Configure Rundeck to run in SSL using Apache reverse Proxy

67 views
Skip to first unread message

Simone Bianchelli

unread,
Dec 16, 2024, 9:33:15 AM12/16/24
to rundeck-discuss
Im running Rundeck and Apache on same Windows 2019 server VM, i would like to access Rundeck in https instead http.

I configured this virtual host on Apache and restarted Apache service (i checked errors.log and it's all ok):

<VirtualHost *:443>
    ServerName portalecm.europe.adnet

    # SSL Configuration
    SSLEngine on
    SSLCertificateFile "conf/ssl.crt/europe_adnet.crt"
    SSLCertificateKeyFile "conf/ssl.key/europe_adnet.key"

    # Proxy Configuration
    ProxyPreserveHost On
    ProxyPass / http://161.27.160.71:4440/
    ProxyPassReverse / http://161.27.160.71:4440/

    # Security Headers (Optional but Recommended)
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "DENY"
    Header always set X-XSS-Protection "1; mode=block"

</VirtualHost>

And on rundeck-config.properties:

server.address=161.27.160.71
server.port=4440
grails.serverURL=https://portalecm.europe.adnet:4440

But if i browse https://portalecm.europe.adnet:4440 it doesn't work.

Any help appreciated.
Thanks.

rac...@rundeck.com

unread,
Dec 16, 2024, 12:12:46 PM12/16/24
to rundeck-discuss

Hi,

Your Apache config is pointing to the 443 TCP port but you’re requesting 4440 in your browser. Also, make sure to set the real Web server exit URL in the grails.serverURL parameter (rundeck-config.properties file), in that case, must be something like https://myURL:443.

Could you double-check this?

Regards.

Simone Bianchelli

unread,
Dec 17, 2024, 6:24:06 AM12/17/24
to rundeck-discuss
Hi, i modified the configuration in Apache as:

<VirtualHost *:4440>

    ServerName portalecm.europe.adnet

    # SSL Configuration
    SSLEngine on
    SSLCertificateFile "conf/ssl.crt/europe_adnet.crt"
    SSLCertificateKeyFile "conf/ssl.key/europe_adnet.key"
   SSLCertificateChainFile "${SRVROOT}/conf/ENG_Privacy_CA.cer"

    # Proxy Configuration
    ProxyPreserveHost On
    ProxyPass / http://161.27.160.71:4440/
    ProxyPassReverse / http://161.27.160.71:4440/

    ErrorLog "C:/xampp/apache/logs/error_Rundeck.log"
    TransferLog "C:/xampp/apache/logs/access_Rundeck.log"

</VirtualHost>

And on rundeck-config.properties i have put:

server.address=161.27.160.71
server.port=4440
grails.serverURL=http://portalecm.europe.adnet:4440

I read that if using Apache as reverse proxy for HTTPS Rundeck must not be configured for HTTPS so don't use the https in the grails.serverURL.

If i run from cmd:

openssl s_client -connect portalecm.europe.adnet:4440

I get:
Connecting to 161.27.160.71
CONNECTED(000001F4)
DC1B0000:error:0A0000C6:SSL routines:tls_get_more_records:packet length too long:ssl\record\methods\tls_common.c:655:
DC1B0000:error:0A000139:SSL routines::record layer failure:ssl\record\rec_layer_s3.c:692:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 337 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

Best.

Simone Bianchelli

unread,
Dec 17, 2024, 8:32:27 AM12/17/24
to rundeck-discuss
Finally i made it working!

In Apache httpd-ssl.conf added:

Listen 4443

In Apache httpd-vhosts.conf used this configuration:

<VirtualHost *:4443>

    ServerName portalecm.europe.adnet

    # SSL Configuration
    SSLEngine on
    SSLCertificateFile "conf/ssl.crt/europe_adnet.crt"
    SSLCertificateKeyFile "conf/ssl.key/europe_adnet.key"

# reverse proxy configProxyRequests Off

# Local reverse proxy authorization override
<Proxy http://161.27.160.71:4440>
Order deny,allow
Allow from all
</Proxy>


    ErrorLog "C:/xampp/apache/logs/error_Rundeck.log"
    TransferLog "C:/xampp/apache/logs/access_Rundeck.log"

</VirtualHost>

In rundeck-config.properties:

server.address=161.27.160.71
server.port=4440
grails.serverURL=https://portalecm.europe.adnet:4443

Restarted both Apache and Rundeck.

rac...@rundeck.com

unread,
Dec 17, 2024, 4:23:48 PM12/17/24
to rundeck-discuss
Awesome, thanks for sharing your Apache config.

Cheers!
Reply all
Reply to author
Forward
0 new messages