小贝子编程

Ngnix 1.12/Jenkins 2.151:您的反向代理设置似乎已损坏



我正在Centos 7.5服务器上用nginx-1.12.2为Jenkins 2.151配置反向代理。我的Jenkins在8080端口上运行,前缀为/Jenkins。当我去管理配置时,使用下面的nginx配置文件总是得到It appears that your reverse proxy set up is broken。尝试了几个不同的选项,但无法修复。

已经尝试了这两个推荐,没有运气

https://wiki.jenkins.io/display/JENKINS/Jenkins+behin+an+NGinX+reverse+proxyNGINX/JENKINS:看来你的反向代理设置已损坏

现在正在寻求帮助。

worker_processes 1;
events { worker_connections 1024; }
http {
log_format compression '$remote_addr - $remote_user [$time_local] '
'"$request" $status $upstream_addr '
'"$http_referer" "$http_user_agent" "$gzip_ratio"';
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 http2 ssl;
server_name jenkins-dev.test.com;
access_log /var/log/nginx/access.log compression;
error_log  /var/log/nginx/error.log ;
ignore_invalid_headers off;
location ^~ /jenkins/ {
proxy_pass http://localhost:8080/jenkins/;
proxy_redirect http:// https://;
sendfile off;
proxy_set_header   Host             $host:$server_port;
proxy_set_header   X-Real-IP        $remote_addr;
proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
proxy_set_header   X-Forwarded-Proto https;
proxy_set_header   X-Forwarded-Port 443;
proxy_max_temp_file_size 0;
client_max_body_size       10m;
client_body_buffer_size    128k;
proxy_connect_timeout      90;
proxy_send_timeout         90;
proxy_read_timeout         90;
proxy_temp_file_write_size 64k;
proxy_http_version 1.1;
proxy_request_buffering off;
}
ssl on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_certificate /etc/pki/tls/certs/server.crt;
ssl_certificate_key /etc/pki/tls/certs/server.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:20m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'HIGH:AES-GCM:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:!SSLv3:!SSLv2:!EXPORT:!DH:!DES:!3DES:!MD5:!DHE:!ADH:!EDH';
ssl_ecdh_curve secp384r1;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
}
}

谢谢SR-

如果使用nginx进行反向代理,则需要适当设置Jenkins URL,并且必须通过nginx配置重写标头以匹配。以下是一个示例:

location / {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://localhost:8080;
}

确保用于访问jenkins的url和设置的jenkins url相同。

例如,我使用http://example.com通过浏览器访问我的jenkins,所以我将jenkins URL设置为http://example.com。例如,如果您将其设置为http://<IP_address>,您将看到您正在报告的错误。

也许不是最好的解决方案,但解决方法是操作系统级端口从80转发到8080。这更像是一次黑客攻击。

  1. 将端口80重定向到端口8080以获取TCP流量:

    firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080

  2. 使新设置保持不变。

    firewall-cmd --runtime-to-permanent

  3. 验证端口重新路由:

    firewall-cmd --list-all

注意:您也可以重新启动,只是为了确保安全。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium