On Mon, Apr 28, 2014 at 05:56:00PM -0700, Scott Hendrickson wrote: > I guess I prematurely marked this as [SOLVED]. Thank you for the > feedback! I incorporated it and did some more testing of the > configuration. Here's what I'm experiencing: > > (1) "ProxyPreserveHost On" seems to make the output filters > unnecessary, as you guessed. > However, if I remove the Header edit Location then I get the reverse > proxy is broken warning > I still got the warning even if I set Jenkins Location on the > Configure System page to https://my.domain/jenkins.
Oh, you're using HTTPS? In that case you need *two* ProxyPassReverse directives: ProxyPassReverse /jenkins http://localhost:8080/jenkins ProxyPassReverse /jenkins http://my.domain/jenkins See https://wiki.jenkins-ci.org/display/JENKINS/Running+Jenkins+behind+Apache#RunningJenkinsbehindApache-modproxywithHTTPS > (2) Once I turned on Jenkins security, Apache (not Jenkins) began > demanding a username/password No idea there, sorry. > (3) I left the "weird" authentication stuff in the configuration. At > the top of my (Apache) configuration I have the following: > <Directory /> > Order Allow,Deny > Deny from all > Require all denied > </Directory> > <Location /> > Order Allow,Deny > Deny from all > Require all denied > </Location> > The intent is to make the server deny everything to everyone by > default unless I specifically allow it. When I tried removing either > "Order ... Deny ..." or "Require all ..." from the Jenkins > configuration it didn't work. Why would you remove deprecated directives from one vhost but not globally? See https://httpd.apache.org/docs/trunk/upgrading.html#access > Below is the updated configuration. > # The following directive is not inherited by virtual hosts and *must* > additionally be copied to each virtual host declaration > AllowEncodedSlashes NoDecode > > # Jenkins must be configured with prefix "/jenkins" and port 8080 > <Proxy http://localhost:8080/jenkins*> > Order deny,allow > Allow from all > </Proxy> > <Location /jenkins> > ProxyPass http://localhost:8080/jenkins nocanon > ProxyPassReverse http://localhost:8080/jenkins > ProxyPreserveHost On > Header edit Location ^http://([^/]+)/jenkins https://$1/jenkins > > # Authorization header inappropriately included for some > reason when proxying > # This causes Jenkins to repeatedly ask for login credentials > RequestHeader unset Authorization > > Order deny,allow > Allow from all > Require all granted > </Location> Marius Gedminas -- In English, is it grammatically correct to use "Apple" and "relatively-inexpensive" in the same sentence? -- James Nicoll
signature.asc
Description: Digital signature
