使用mod_proxy的Jenkins + Apache

t40tm48m  于 2023-05-23  发布在  Apache
关注(0)|答案(1)|浏览(132)

我有一个正在运行的AWS EC2示例,只有端口22和443作为入站安全规则。

Jenkins配置

in file -->> /etc/default/jenkins
HTTP_PORT=8080
NAME=jenkins
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1 --prefix=/jenkins"

Apache配置

<IfModule mod_ssl.c>
    <VirtualHost *:443>

            ServerAdmin email@domain
            ServerName subdomain.domain.dev
            ServerAlias www.subdomain.domain.dev

            DocumentRoot /var/www/subdomain.domain.dev

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined

            ProxyPass         /jenkins  http://127.0.0.1:8080/jenkins nocanon
            ProxyPassReverse  /jenkins  http://127.0.0.1:8080/jenkins
            ProxyPassReverse /jenkins http://subdomain.domain.dev/jenkins
            ProxyPassReverse /jenkins https://subdomain.domain.dev/jenkins
            ProxyRequests     Off
            ProxyPreserveHost On
            AllowEncodedSlashes NoDecode

            RequestHeader set X-Forwarded-Proto "https"
            RequestHeader set X-Forwarded-Port "443"

            <Proxy http://127.0.0.1:8080/jenkins*>
                    Order deny,allow
                    Allow from all
            </Proxy>

            Include /etc/letsencrypt/options-ssl-apache.conf        
            SSLCertificateFile /etc/letsencrypt/live/subdomain.domain.dev/fullchain.pem
            SSLCertificateKeyFile /etc/letsencrypt/live/subdomain.domain.dev/privkey.pem

    </VirtualHost>
 </IfModule>

ports.conf

Listen 80

<IfModule ssl_module>
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

使用上述配置,当我尝试转到https://subdomain.domain.dev/jenkins时,它给出了403,然后重定向到https://subdomain.domain.dev/login?from=%2Fjenkins,在那里它给出了404错误。
Apache访问日志

162.158.227.119 - - [20/May/2023:17:09:38 +0000] "GET /jenkins HTTP/1.1" 403 5890 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"
162.158.227.119 - - [20/May/2023:17:09:39 +0000] "GET /login?from=%2Fjenkins HTTP/1.1" 404 525 "https://subdomain.domain.dev/jenkins" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"

/var/log/apache2/error.log中未记录错误
运行sudo apache2ctl -t -D DUMP_VHOSTS将得到以下输出

VirtualHost configuration:
*:443                  subdomain.domain.dev (/etc/apache2/sites-enabled/subdomain.domain.dev-le-ssl.conf:2)

此外,我使用Cloudflare和Full Strict SSL/TLS,并使用letsencrypt来生成SSL证书。
OpenSSL版本OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
添加从浏览器x1c 0d1x重定向的屏幕截图

资源

  1. Jenkins Official Reverse Proxy Configuration Apache
  2. How to Setup Jenkins with SSL with Apache Reverse Proxy on Ubuntu 18.04
  3. Install and Configure Apache as Reverse Proxy for Jenkins
  4. Apache reverse proxy config with SSL for Jenkins and Sonar
93ze6v8z

93ze6v8z1#

所以,我能够让这个工作,虽然我不确定这是实际的解决方案或只是一个巧合。
我首先停止了apache,然后做了一个sudo apt remove --purge jenkins
之后,重新安装Jenkins并使用正确的前缀和 httpListenAddress(即 127.0.0.1)更新/etc/default/jenkins文件。
然后在重新启动示例本身之后,我能够让Jenkins启动并运行。已经运行和配置Jenkins将近一天了,到目前为止没有发现任何问题。
无论如何,我不满意我实际上解决了任何问题。如果有人知道这件事的根本原因,请告诉我。

相关问题