All geek questions in one place

Jenkins Behind Apache Server / Unable to Log in to Jenkins

I am running Apache Server 2.2 to process Jenkins and SonaType Nexus information (both installed as a Windows service). While SonatypeNexus works great, Jenkins doesn't. To be more specific: I cannot enter Jenkins. For your notification only: we use LDAP to log in, but this cannot be the reason for the logon failure, since the login from the local host is working.

If I try to login to Jenkins from localhost:8071 , it works fine.

When I log in from another system through the network (using https://myServer.com:8095/ ), I can view and configure Jenkins, but I cannot log in. Whenever I try, I get "redirected" to the Jenkins page that I was on before clicking the "Login" button.
Security settings are set like this: "everyone can do something" → it also cannot be.

Hint 0: As you have already noticed, we use https for any external request allocated to the server. But inside the server, Apache uses only http to process information -> can this lead to problems?

Hint 1: I only get redirected using the correct login options. Using the wrong leads me to "Invalid login information. Please try again." page

Tip 2: Sonatype Nexus runs on the same Apache server and works great.

Potential reason: guess why I can log in through localhost, but not through the network should be our Apache 2.2 server, which does not correctly process information. Using localhost, I can bypass Apache (-> it works), but through the Apache network it is used (-> it does not work).

Any ideas how to fix this, or at least the reason?

Here are some apache server settings (httpd-ssl.conf) that may be useful:

 <VirtualHost *:8095> ServerName myServer.com ServerAdmin admin@myServer.com # Nexus via HTTPS. ProxyPass /nexus http://localhost:8072/nexus ProxyPassReverse /nexus http://localhost:8072/nexus ProxyPassReverseCookiePath / /nexus RequestHeader set X-Forwarded-Proto "https" ErrorLog logs/nexus_error_ssl.log CustomLog logs/nexus_access_ssl.log common # Jenkins via HTTPS. ProxyPass / http://localhost:8071/ nocanon ProxyPassReverse / http://localhost:8071/ ProxyPassReverse / http://my.host.com/ # also tested second ProxyPassReverse with specific port ProxyPassReverseCookiePath / / ProxyPreserveHost On RequestHeader set X-Forwarded-Proto "https" ProxyRequests Off AllowEncodedSlashes NoDecode SSLEngine on
+1
source share
2 answers

I am not sure if I described my decision correctly, as my colleague found the answer, not me.

Since Apache correctly handled https (incoming from jenkins) (requests reached LDAP), but could not correctly transmit http information (incoming from LDAP) (login could not).

So, he looked at the http settings and configured the options to enable http. This led to our goal - → we can log into the system, BUT , which also leads to another problem → http is enabled and available to users ...

+1
source

On this page, you may need to add another ProxyPassReverse to fix the http links created by Jenkins:

 ProxyPassReverse / http://your.host.com:8095/

In addition, it mentions that you should add

 ProxyPreserveHost On

into your configuration. For more information, see Link.

0
source

Source: https://habr.com/ru/post/1210683/

More articles:


All Articles