jenkins - 为什么 Jenkins 说我的反向代理设置已损坏？

Question

我在 Ubuntu 16.04 机器上安装了 Jenkins 2.32.2 并按照 on their wiki 的描述配置了 Apache 代理.

我在 /etc/default/jenkins 中更改了这些行:

HTTP_PORT=8380

JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --prefix=/jenkins"

有了这些，我可以通过 http://myhost:8380/jenkins/ 访问 Jenkins。

对于代理，我创建了文件 /etc/apache2/conf-available/jenkins.conf有了这个内容:

ProxyPass         /jenkins  http://myhost:8380/jenkins nocanon
ProxyPassReverse  /jenkins  http://myhost:8380/jenkins
ProxyRequests     Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode

# Local reverse proxy authorization override
# Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu)
<Proxy http://myhost:8380/jenkins*>
  Order deny,allow
  Allow from all
</Proxy>

然后我启用了配置(使用 sudo a2enconf jenkins )并重新启动了 Apache。现在我可以通过 http://myhost/jenkins 访问 Jenkins .

原则上没问题，但在“管理 Jenkins”页面中，我收到一条消息，说“您的反向代理设置似乎已损坏。”带有指向 a wiki page with possible solutions 的链接.

建议之一是尝试使用此方法进行诊断:

curl -iL -e http://myhost/jenkins/manage http://myhost/jenkins/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/test

这是输出:

HTTP/1.1 403 Forbidden
Date: Thu, 16 Feb 2017 07:01:00 GMT
Server: Jetty(9.2.z-SNAPSHOT)
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
X-Hudson: 1.395
X-Jenkins: 2.32.2
X-Jenkins-Session: 7b3e99ac
X-You-Are-Authenticated-As: anonymous
X-You-Are-In-Group: 
X-Required-Permission: hudson.model.Hudson.Read
X-Permission-Implied-By: hudson.security.Permission.GenericRead
X-Permission-Implied-By: hudson.model.Hudson.Administer
Content-Length: 973
Set-Cookie: JSESSIONID.34f83688=1rkbqf12ykw0w1clnm0l7cc9l6;Path=/jenkins;HttpOnly

<html><head><meta http-equiv='refresh' content='1;url=/jenkins/login?from=%2Fjenkins%2FadministrativeMonitor%2Fhudson.diagnosis.ReverseProxySetupMonitor%2Ftest'/><script>window.location.replace('/jenkins/login?from=%2Fjenkins%2FadministrativeMonitor%2Fhudson.diagnosis.ReverseProxySetupMonitor%2Ftest');</script></head><body style='background-color:white; color:white;'>


Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:

Permission you need to have (but didn't): hudson.model.Hudson.Read
 ... which is implied by: hudson.security.Permission.GenericRead
 ... which is implied by: hudson.model.Hudson.Administer
-->

</body></html>

匿名/403 有问题吗？在 Jenkins 中，我在登录时收到错误消息。

我还在设置中检查了“Jenkins Location/Jenkins URL”，没问题: http://myhost/jenkins/

Answer 1

我有这个问题。
你需要看看/var/log/jenkins/jenkins.log
就我而言，我有

WARNING h.d.ReverseProxySetupMonitor#getTestForReverseProxySetup: http://myhost/manage vs. https:%2F%2Fmyhost%2Fmanage

诀窍是两个 url 应该相同。可以看出，就我而言，有两个问题:
斜杠的编码，已通过添加 进行排序nocanon 末 代理密码 .

ProxyPass / http://localhost:8083/ nocanon

https 变成了 http，这已通过添加以下行进行排序

RequestHeader set X-Forwarded-Proto https