Hi Michael, The relevant part is the proxy_redirect directive (I had mine at 'off').
Jenkins generates a redirect, and nginx (if acting as a reverse proxy) has to rewrite the location to the correct one (Jenkins, running behind the reverse proxy, is relatively correct in redirecting to HTTP I believe). Something like this directive should fix the problem: proxy_redirect http:// https://; This is mentioned by the wiki: https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy I guess the only real strange thing is that I managed to go this long without something else breaking it! Dom On Thursday, 28 July 2016 12:03:23 UTC+12, Michael Neale wrote: > > Are you able to share the relevant parts of your nginx config? > > I that redirect seems to be the problem (it should not redirect to non > https, that seems a bug). I assume you are using example.com instead of > your actual url just by way of example? > > On Thursday, July 28, 2016 at 9:59:53 AM UTC+10, Dominic Scheirlinck wrote: >> >> Here's what's going on according to my testing: >> >> - /blue/js-extensions/ is the only affected resource >> - The page attempts to load https://example.com/blue/js-extensions (NB: >> no trailing slash) >> - This results in a 302, redirecting to Location: >> http://example.com/blue/js-extensions/ (NB: trailing slash, but no HTTPS) >> - If I'm visiting this location directly, HSTS will send me (307) to >> https://example.com/blue/js-extensions/ (finally, the working URL), but >> HSTS doesn't seem to be applied to <script src> by UAs (or at least not >> consistently). >> >> Why https://example.com/blue/js-extensions redirects to >> http://example.com/blue/js-extensions/ and changes the protocol, I'm not >> sure. There doesn't seem to be anything in my nginx config about trailing >> slashes specifically. I am using `proxy_set_header X-Forwarded-For >> $proxy_add_x_forwarded_for;`. >> >> Like the other respondents, I've been using HTTPS Jenkins for years, have >> the correct protocol in the 'Jenkins Location' setting, and all the other >> assets on /blue/ (e.g. blueorigin.js or blueorigin.css) are being loaded >> over HTTPS correctly. >> >> Regards, >> Dom >> >> >> On Thursday, 28 July 2016 10:45:36 UTC+12, Michael Neale wrote: >> >>> It's hard to say, it could be a quirk of proxy settings. The resources >>> don't specify any absolute paths that I can tell. >>> >> -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/a32bfb44-5585-4469-b13c-f3a44f4b2563%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
