nginx 反向代理背后的 Jenkins 在所有情况下都不会重定向
Jenkins behind nginx reverse proxy doesn't redirect in all situations
我通过 docker-compose 安装了 jenkins 和 nginx 运行,它们都在同一个 docker 网络上。 Jenkins 不会向主机公开任何端口,并且在端口 8080 和 nginx 映射 8003:443.
上具有默认配置 运行
我们有一个服务器位于私有网络和子域上,我有以下 nginx 配置文件
upstream jenkins {
server jenkins:8080;
}
server {
listen 443 ssl;
server_name abc.example.com;
ssl_certificate /etc/ssl/private/certificate.crt;
ssl_certificate_key /etc/ssl/private/key.pem;
root /var/run/jenkins/war/;
ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server.
location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
#rewrite all static files into requests to the root
#E.g /static/12345678/css/something.css will become /css/something.css
rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" / last;
}
location /userContent {
#have nginx handle all the static requests to the userContent folder files
#note : This is the $JENKINS_HOME dir
root /var/lib/jenkins/;
if (!-f $request_filename){
#this file does not exist, might be a directory or a /**view** url
rewrite (.*) / last;
break;
}
sendfile on;
}
location / {
proxy_pass http://jenkins/;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
sendfile off;
proxy_redirect default;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
proxy_max_temp_file_size 0;
#this is the maximum upload size
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_set_header Connection ""; # Clear for keepalive
}
}
这些设置中的大部分都取自故障排除指南,因为我最初的尝试并没有列出所有设置,我曾经并且仍然收到通知 It appears that your reverse proxy set up is broken. 目前,它似乎只部分工作。有些 urls 工作正常,如果我点击人我会得到 https://abc.example.com:8003/asynchPeople/ 但其他人像登录和蓝海似乎放弃了端口。手动添加回来确实使 url 然后工作。所以我不确定到底出了什么问题。我还应该补充一点,我已将 jenkins url 设置为 abc.example.com:8003
经过大量阅读,以下内容对我的情况有所帮助。
proxy_set_header X-Forwarded-Host $http_host;
这维护了端口号和功能,似乎与 Jenkins 预期的一样。
关于反向代理坏了,我通过curl检查了管理任务。这失败了,给我错误并将我重定向到这里:https://curl.haxx.se/docs/sslcerts.html。即使所有浏览器都显示安全图标并且没有显示任何问题。
我通过 docker-compose 安装了 jenkins 和 nginx 运行,它们都在同一个 docker 网络上。 Jenkins 不会向主机公开任何端口,并且在端口 8080 和 nginx 映射 8003:443.
我们有一个服务器位于私有网络和子域上,我有以下 nginx 配置文件
upstream jenkins {
server jenkins:8080;
}
server {
listen 443 ssl;
server_name abc.example.com;
ssl_certificate /etc/ssl/private/certificate.crt;
ssl_certificate_key /etc/ssl/private/key.pem;
root /var/run/jenkins/war/;
ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server.
location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
#rewrite all static files into requests to the root
#E.g /static/12345678/css/something.css will become /css/something.css
rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" / last;
}
location /userContent {
#have nginx handle all the static requests to the userContent folder files
#note : This is the $JENKINS_HOME dir
root /var/lib/jenkins/;
if (!-f $request_filename){
#this file does not exist, might be a directory or a /**view** url
rewrite (.*) / last;
break;
}
sendfile on;
}
location / {
proxy_pass http://jenkins/;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
sendfile off;
proxy_redirect default;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
proxy_max_temp_file_size 0;
#this is the maximum upload size
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_set_header Connection ""; # Clear for keepalive
}
}
这些设置中的大部分都取自故障排除指南,因为我最初的尝试并没有列出所有设置,我曾经并且仍然收到通知 It appears that your reverse proxy set up is broken. 目前,它似乎只部分工作。有些 urls 工作正常,如果我点击人我会得到 https://abc.example.com:8003/asynchPeople/ 但其他人像登录和蓝海似乎放弃了端口。手动添加回来确实使 url 然后工作。所以我不确定到底出了什么问题。我还应该补充一点,我已将 jenkins url 设置为 abc.example.com:8003
经过大量阅读,以下内容对我的情况有所帮助。
proxy_set_header X-Forwarded-Host $http_host;
这维护了端口号和功能,似乎与 Jenkins 预期的一样。
关于反向代理坏了,我通过curl检查了管理任务。这失败了,给我错误并将我重定向到这里:https://curl.haxx.se/docs/sslcerts.html。即使所有浏览器都显示安全图标并且没有显示任何问题。