Thanks Marius, good point. Fixed and fixed. On Mon, Apr 28, 2014 at 11:22 PM, Marius Gedminas <[email protected]> wrote: > On Mon, Apr 28, 2014 at 05:56:00PM -0700, Scott Hendrickson wrote: >> I guess I prematurely marked this as [SOLVED]. Thank you for the >> feedback! I incorporated it and did some more testing of the >> configuration. Here's what I'm experiencing: >> >> (1) "ProxyPreserveHost On" seems to make the output filters >> unnecessary, as you guessed. >> However, if I remove the Header edit Location then I get the reverse >> proxy is broken warning >> I still got the warning even if I set Jenkins Location on the >> Configure System page to https://my.domain/jenkins. > > Oh, you're using HTTPS? In that case you need *two* ProxyPassReverse > directives: > > ProxyPassReverse /jenkins http://localhost:8080/jenkins > ProxyPassReverse /jenkins http://my.domain/jenkins > > See > https://wiki.jenkins-ci.org/display/JENKINS/Running+Jenkins+behind+Apache#RunningJenkinsbehindApache-modproxywithHTTPS > >> (2) Once I turned on Jenkins security, Apache (not Jenkins) began >> demanding a username/password > > No idea there, sorry. > >> (3) I left the "weird" authentication stuff in the configuration. At >> the top of my (Apache) configuration I have the following: >> <Directory /> >> Order Allow,Deny >> Deny from all >> Require all denied >> </Directory> >> <Location /> >> Order Allow,Deny >> Deny from all >> Require all denied >> </Location> >> The intent is to make the server deny everything to everyone by >> default unless I specifically allow it. When I tried removing either >> "Order ... Deny ..." or "Require all ..." from the Jenkins >> configuration it didn't work. > > Why would you remove deprecated directives from one vhost but not > globally? See https://httpd.apache.org/docs/trunk/upgrading.html#access > >> Below is the updated configuration. > >> # The following directive is not inherited by virtual hosts and *must* >> additionally be copied to each virtual host declaration >> AllowEncodedSlashes NoDecode >> >> # Jenkins must be configured with prefix "/jenkins" and port 8080 >> <Proxy http://localhost:8080/jenkins*> >> Order deny,allow >> Allow from all >> </Proxy> >> <Location /jenkins> >> ProxyPass http://localhost:8080/jenkins nocanon >> ProxyPassReverse http://localhost:8080/jenkins >> ProxyPreserveHost On >> Header edit Location ^http://([^/]+)/jenkins https://$1/jenkins >> >> # Authorization header inappropriately included for some >> reason when proxying >> # This causes Jenkins to repeatedly ask for login credentials >> RequestHeader unset Authorization >> >> Order deny,allow >> Allow from all >> Require all granted >> </Location> > > Marius Gedminas > -- > In English, is it grammatically correct to use "Apple" and > "relatively-inexpensive" in the same sentence? > -- James Nicoll
-- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
