I installed Jenkins 2.32.2 on an Ubuntu 16.04 machine and configured Apache proxy as described on their wiki.
I changed these lines in /etc/default/jenkins:
HTTP_PORT=8380
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --prefix=/jenkins"
With these, I can access Jenkins at http://myhost:8380/jenkins/
For the proxy, I created the file /etc/apache2/conf-available/jenkins.conf with this content:
ProxyPass /jenkins http://myhost:8380/jenkins nocanon
ProxyPassReverse /jenkins http://myhost:8380/jenkins
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
# Local reverse proxy authorization override
# Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu)
<Proxy http://myhost:8380/jenkins*>
Order deny,allow
Allow from all
</Proxy>
Then I enabled the configuration (with sudo a2enconf jenkins) and restarted Apache. Now I can access Jenkins at http://myhost/jenkins.
In principle it's OK, but in the "Manage Jenkins" page I get a message saying "It appears that your reverse proxy set up is broken." with a link to a wiki page with possible solutions.
One of the suggestions was to try this for diagnosis:
curl -iL -e http://myhost/jenkins/manage http://myhost/jenkins/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/test
This is the output:
HTTP/1.1 403 Forbidden
Date: Thu, 16 Feb 2017 07:01:00 GMT
Server: Jetty(9.2.z-SNAPSHOT)
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
X-Hudson: 1.395
X-Jenkins: 2.32.2
X-Jenkins-Session: 7b3e99ac
X-You-Are-Authenticated-As: anonymous
X-You-Are-In-Group:
X-Required-Permission: hudson.model.Hudson.Read
X-Permission-Implied-By: hudson.security.Permission.GenericRead
X-Permission-Implied-By: hudson.model.Hudson.Administer
Content-Length: 973
Set-Cookie: JSESSIONID.34f83688=1rkbqf12ykw0w1clnm0l7cc9l6;Path=/jenkins;HttpOnly
<html><head><meta http-equiv='refresh' content='1;url=/jenkins/login?from=%2Fjenkins%2FadministrativeMonitor%2Fhudson.diagnosis.ReverseProxySetupMonitor%2Ftest'/><script>window.location.replace('/jenkins/login?from=%2Fjenkins%2FadministrativeMonitor%2Fhudson.diagnosis.ReverseProxySetupMonitor%2Ftest');</script></head><body style='background-color:white; color:white;'>
Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Read
... which is implied by: hudson.security.Permission.GenericRead
... which is implied by: hudson.model.Hudson.Administer
-->
</body></html>
Is that anonymous/403 a problem? In Jenkins, I get the error while being logged in.
I also checked "Jenkins Location / Jenkins URL" in settings, and it's OK: http://myhost/jenkins/
I had this problem.
You need to look at /var/log/jenkins/jenkins.log
In my case I had
WARNING h.d.ReverseProxySetupMonitor#getTestForReverseProxySetup: http://myhost/manage vs. https:%2F%2Fmyhost%2Fmanage
The trick is that both url should be the same. As can be seen, in my case, there was 2 problems:
the encoding of the slash, this has been sorted by adding nocanon at the end of ProxyPass.
ProxyPass / http://localhost:8083/ nocanon
the https became http, this has been sorted by adding the following line
RequestHeader set X-Forwarded-Proto https
Related
My Jenkins - 2.263.1(LTS) deployed through tomcat and i have installed Prometheus metrics plugin - 2.0.8 and restarted the service.
My jenkins base URL - http://jenkins-server:8080/jenkins
But my prometheus end-point - http://jenkins-server:8080/jenkins/prometheus not showing any metrics data.
I have added below in my prometheus.yml
- job_name: 'jenkins'
metrics_path: '/jenkins/prometheus'
scheme: http
static_configs:
- targets: ['jenkins-server:8080']
Currently LDAP authentication and Project-based Matrix Authorization configured. Also i have tried with domain credential password and token in my prometheus.yml but still it doesn't show the plugin generated data in my end-point. Just shows the blank page on my browsers(IE and Chrome).
basic_auth:
username: domain-user-id
password: 98qw37asdkdsjfeiq1dedsewe
Curl response
$ curl -v jenkins-server:8080/jenkins/prometheus
* Trying 206.25.26.27...
* TCP_NODELAY set
* Connected to jenkins-server (206.25.26.27) port 8080 (#0)
> GET /jenkins/prometheus HTTP/1.1
> Host: jenkins-server:8080
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 302
< Cache-Control: private
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< X-Content-Type-Options: nosniff
< Location: /jenkins/prometheus/
< Content-Length: 0
< Date: Wed, 17 Feb 2021 11:42:00 GMT
<
* Connection #0 to host jenkins-server left intact
$ curl -X GET jenkins-server:8080/jenkins/prometheus/
$ curl -X GET http://jenkins-server:8080/jenkins/prometheus/
Empty response for above commands. Please share some pointers to resolve this issue. thanks in advance.
#poshak, Generated access key and tired on my browser with https://jenkins_ipaddres:portnumber/jenkins/metrics/accesskey Now i can able to view the below.
Is these data is enough for promethues?
Try to generate Access Keys in the metrics section and access the url https://jenkins_ipaddres:portnumber/metrics/accesskey you would now be able to view the metrics.
Path to generate the Access Keys:
Jenkins > Manage Jenkins > Configure Systems > Metrics >> Add >> Generate >> Save
Thanks
It was an Jenkins Prometheus plugin issue. After upgrading it to 2.0.9 issue solved.
Nginx 1.10.1 Rails 5.0.1. The asset pipeline is making both the zipped and native versions of the css and js files, but only the uncompressed is served to the browser. I can see both versions in public/assets and I can use curl to retrieve the zipped version by appending '.gz' to the css/js asset url delivered to me.
I am using a CDN (AWS CloudFront) but have tested without the CDN and anyway it should still point me to the zipped version, right?
nginx has --with-http_gzip_static_module. Using this answer as a guide, my nginx config (edited) has:
http {
server {
listen 80;
server_name idoimaging.com www.idoimaging.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name idoimaging.com www.idoimaging.com;
root /var/www/idoimaging/current/public;
location ~ ^/(assets)/ {
gzip_static on;
}
}
}
I've also tried /assets/ as the regex in location. In my production.rb:
# Have also tried setting this to false
config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
config.middleware.insert_before(Rack::Sendfile, Rack::Deflater)
config.assets.compress = true
config.assets.js_compressor = Uglifier.new(mangle: false)
I'm testing with Chrome with cache disabled, also for speed with curl https://idoimaging.com | grep assets which I believe should have the same behaviour as the browser?
I don't know why nginx will not serve the gzip'ed js/css asset files when they are present.
EDIT: I've also seen this guide that takes another approach: Use Rails as the static asset server instead of nginx. Would this be a better approach?
Given that Rails is producing the gzipped assets, we can be confident that the issue resides solely with nginx. So let's focus there!
I believe Nginx is faster at serving static assets than Rails is, so I'd stay away from using it as a static asset server in any event.
Now looking at the URL you provided (https://idoimaging.com), your server appears to be providing gzipped files. So the issue is just with your testing approach (assuming this is the correct URL, and you have not changed the server configuration since this post).
Your curl command doesn't include the Accept-Encoding: gzip header, which tells the server your client is capable of handling gzipped files. Without it, Nginx will serve the uncompressed versions. You can see the difference in commands and outputs in this gist. The difference is in the Content-Length and Content-Encoding response headers.
If you're seeing something different, let me know!
Edit 1
That's odd, CloudFront appears to have cached redirects for both your CSS and your JS.
richardseviora:Richards-MacBook-Pro#~> curl "https://cdn.idoimaging.com/assets/application-0cd41e63d35c1e5a7ab76ded23fbaf2ef1d1b786144134a80a1dfa9c765cff0d.css" -I -H "accept-encoding: gzip"
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Server: nginx/1.10.1
Date: Thu, 23 Feb 2017 03:30:49 GMT
Location: https://idoimaging.com/assets/application-0cd41e63d35c1e5a7ab76ded23fbaf2ef1d1b786144134a80a1dfa9c765cff0d.css
Age: 942
X-Cache: Hit from cloudfront
Via: 1.1 d8b73f8fefd106d5c95f11977e132c46.cloudfront.net (CloudFront)
X-Amz-Cf-Id: ao8PwibmSj1JhmfbmuNfC2gYi9x-RTcCrJDAqLWAUIyOjP_3qYTGQA==
# It should look like this instead.
richardseviora:Richards-MacBook-Pro#~> curl -I -H "accept-encoding: gzip" "http://cdn.sweatrecord.com/assets/application-b932da0ddcf53d3650da5135b083224e863b349c784f3d1e3ca992b36ce3e31d.css"
HTTP/1.1 200 OK
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Encoding: gzip
Date: Thu, 23 Feb 2017 03:50:13 GMT
Last-Modified: Mon, 30 Jan 2017 16:29:44 GMT
Server: Apache
Vary: Accept-Encoding,Origin
X-Cache: Miss from cloudfront
Via: 1.1 8b5947aba7280333032d4dcdd80b3489.cloudfront.net (CloudFront)
X-Amz-Cf-Id: FN9FyKl0RCpNTTqBwb0WyQhbDd-rEyyQ05eCtaFCD8YaH_FtjG7Q8Q==
This is Nginx issue, but I'm not sure where exactly because CloudFront will cache 301s.
I've website at http://revoniaga.com which is run RoR but the font won't load where it said "blocked from loading by Cross-Origin Resource Sharing policy". It cause by Amazon CloudFront. I've try everything but still same result.
First, I put my font assets under /app/assets/font
then in my css (vendor/assets/stylesheets/font-awesome.css), I use something like this:
#font-face {
font-family: 'FontAwesome';
src: url('/assets/fontawesome-webfont.eot?v=4.3.0');
//and so on for other font format
}
At my /etc/nginx/sites-available/revoniaga_production, I put
location ~* \.(eot|otf|svg|ttf|woff|woff2)$ {
add_header Access-Control-Allow-Origin *;
}
Then when I curl:
curl -I https://d3bkb7gt2ds4m6.cloudfront.net/assets/fontawesome-webfont.woff2
It said
HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
Server: nginx/1.6.2
Date: Wed, 18 Mar 2015 09:34:29 GMT
Age: 242
X-Cache: Error from cloudfront
Via: 1.1 404e3b476748051f3f9bc690b72173b4.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 3yUNjkFQHC83FlbEwVMBSddpQND_4GbXauyeTtDyKawS6GzftUwXRA==
I'm also restarting my server "service nginx restart" but still nothing happen
Here is my CloudFront which is the default setting
Everything work fine in my dev env
I couldn't figure why this happening. Please help
Thanks in advance
Problem solved by clean install the server, upgrade ruby to 2.2.1 plus.. looks like the issue come from the server itself. my setting before was fine..
I'm attempting to get Gerrit running behind an Apache 2.2.15 proxy and running into a redirect loop when I try to connect. Am I missing something?
[2013-11-26 07:44:04,701] INFO com.google.gerrit.sshd.SshDaemon : Started Gerrit SSHD on *:29418
[2013-11-26 07:44:04,706] INFO org.eclipse.jetty.server.Server : jetty-8.1.7.v20120910
/tmp/gerrit_1340818739918966007_app/gerrit_war/}
[2013-11-26 07:44:06,211] INFO org.eclipse.jetty.server.AbstractConnector : Started SelectChannelConnector#127.0.0.1:8081
[2013-11-26 07:44:06,213] INFO com.google.gerrit.pgm.Daemon : Gerrit Code Review 2.8-rc2 ready
Apache Config:
Listen 8083
<VirtualHost *:8083>
ServerName host.domain.com
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Location "/gerrit/login/">
AuthType shibboleth
ShibRequestSetting requireSession 1
Require valid-user
</Location>
RequestHeader set REMOTE_USER %{REMOTE_USER}s
ProxyPass /gerrit/ http://localhost:8081/gerrit/
</VirtualHost>
gerrit config:
[gerrit]
canonicalWebUrl = http://host.domain.com:8083/gerrit/
[auth]
type = HTTP
httpHeader = REMOTE_USER
[httpd]
listenUrl = proxy-http://127.0.0.1:8081/gerrit/
There are two things I notice in your setup
You try to have the Location on the gerrit/login/. This is not going to work as Gerrit will require the authentication details to be present.
You are missing the AllowEncodedSlashes On and nocanon statement. But I am not sure if this is only applicable to Apache 2.4 that I am using
This is part of my configuration:
AllowEncodedSlashes On
ReWriteEngine On
ProxyPass /gerrit http://localhost:8081/gerrit nocanon
Your gerrit.config looks ok.
I own the domain, "peterlee.com.cn", and I added an A Record in my domain control panel:
RR Destination IP TTL
rs.peterlee.com.cn 10.50.10.75 1 hour
I have an RoR (Ruby on Rails) project running on 10.50.10.75:9051, which means the user can visit my RoR application by http://10.50.10.75:9051
I want to let the user visit it by http://rs.peterlee.com.cn, so I added the following VirtualHost File/Site:
<VirtualHost *:80>
ServerName rs.peterlee.com.cn
DocumentRoot /usr/website/myapp/current/public
PassengerEnabled off
ProxyPass / http://127.0.0.1:9051/
ProxyPassReverse / http://127.0.0.1:9051/
RackEnv production
RailsEnv production
<IfModule mod_rewrite.c>
RewriteEngine On
# Redirect all requests to the maintenance page if present
RewriteCond %{REQUEST_URI} !\.(css|gif|jpg|png)$
RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f
RewriteCond %{SCRIPT_FILENAME} !maintenance.html
RewriteRule ^.*$ /system/maintenance.html [L]
</IfModule>
</VirtualHost>
After enabling the site and restarting the Apache2, I tried http://rs.peterlee.com.cn, it gives me the 500 Internal Server Error:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, [no address given] and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache/2.2.22 (Ubuntu) Server at rs.peterlee.com.cn Port 80
Thanks.
Peter
I found the following warning in /var/log/apache2/error.log:
[Thu Jul 19 10:22:20 2012] [warn] proxy: No protocol handler was valid for the URL /. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Thu Jul 19 10:22:20 2012] [warn] proxy: No protocol handler was valid for the URL /favicon.ico. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
So I enable the following modules:
sudo a2enmod proxy proxy_balancer proxy_http
After restarting Apache2, it worked!
Thanks anyway.
BTW: I start the service using Passenger:
passenger start -a 127.0.0.1 -p 9051 -e production -d