I guess I prematurely marked this as [SOLVED]. Thank you for the feedback! I incorporated it and did some more testing of the configuration. Here's what I'm experiencing:
(1) "ProxyPreserveHost On" seems to make the output filters unnecessary, as you guessed. However, if I remove the Header edit Location then I get the reverse proxy is broken warning I still got the warning even if I set Jenkins Location on the Configure System page to https://my.domain/jenkins. (2) Once I turned on Jenkins security, Apache (not Jenkins) began demanding a username/password I have no idea why this is, but when I made a fresh install and turned on security, Jenkins began giving me 401's causing Apache to prompt for a username/password. No matter what I entered, it never accepted the credentials. Looking at the network traffic indicated that the proxy configuration was adding an "Authorization" header, which Jenkins was rejecting. Normally, I should see the main Jenkins page and be able to log in through the Jenkins username/password page. Anyway, I was able to get it working by removing the Authorization request header. Why this happens, I do not know. But, without it, I couldn't get to the main page once security was turned on. (3) I left the "weird" authentication stuff in the configuration. At the top of my (Apache) configuration I have the following: <Directory /> Order Allow,Deny Deny from all Require all denied </Directory> <Location /> Order Allow,Deny Deny from all Require all denied </Location> The intent is to make the server deny everything to everyone by default unless I specifically allow it. When I tried removing either "Order ... Deny ..." or "Require all ..." from the Jenkins configuration it didn't work. Below is the updated configuration. Thanks again! -- Scott # The following directive is not inherited by virtual hosts and *must* additionally be copied to each virtual host declaration AllowEncodedSlashes NoDecode # Jenkins must be configured with prefix "/jenkins" and port 8080 <Proxy http://localhost:8080/jenkins*> Order deny,allow Allow from all </Proxy> <Location /jenkins> ProxyPass http://localhost:8080/jenkins nocanon ProxyPassReverse http://localhost:8080/jenkins ProxyPreserveHost On Header edit Location ^http://([^/]+)/jenkins https://$1/jenkins # Authorization header inappropriately included for some reason when proxying # This causes Jenkins to repeatedly ask for login credentials RequestHeader unset Authorization Order deny,allow Allow from all Require all granted </Location> -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
