Are you able to share the relevant parts of your nginx config? I that redirect seems to be the problem (it should not redirect to non https, that seems a bug). I assume you are using example.com instead of your actual url just by way of example?
On Thursday, July 28, 2016 at 9:59:53 AM UTC+10, Dominic Scheirlinck wrote: > > Here's what's going on according to my testing: > > - /blue/js-extensions/ is the only affected resource > - The page attempts to load https://example.com/blue/js-extensions (NB: > no trailing slash) > - This results in a 302, redirecting to Location: > http://example.com/blue/js-extensions/ (NB: trailing slash, but no HTTPS) > - If I'm visiting this location directly, HSTS will send me (307) to > https://example.com/blue/js-extensions/ (finally, the working URL), but > HSTS doesn't seem to be applied to <script src> by UAs (or at least not > consistently). > > Why https://example.com/blue/js-extensions redirects to > http://example.com/blue/js-extensions/ and changes the protocol, I'm not > sure. There doesn't seem to be anything in my nginx config about trailing > slashes specifically. I am using `proxy_set_header X-Forwarded-For > $proxy_add_x_forwarded_for;`. > > Like the other respondents, I've been using HTTPS Jenkins for years, have > the correct protocol in the 'Jenkins Location' setting, and all the other > assets on /blue/ (e.g. blueorigin.js or blueorigin.css) are being loaded > over HTTPS correctly. > > Regards, > Dom > > > On Thursday, 28 July 2016 10:45:36 UTC+12, Michael Neale wrote: > >> It's hard to say, it could be a quirk of proxy settings. The resources >> don't specify any absolute paths that I can tell. >> > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/d1b4c854-ef34-41da-b877-913808b369b2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
