Oh good catch. I am still curious why it would redirect to http - in *theory* the header is available so it can know the forwarded protocol...
but good to hear this is resolved. On Thursday, July 28, 2016 at 10:16:25 AM UTC+10, Dominic Scheirlinck wrote: > > Hi Michael, > > The relevant part is the proxy_redirect directive (I had mine at 'off'). > > Jenkins generates a redirect, and nginx (if acting as a reverse proxy) has > to rewrite the location to the correct one (Jenkins, running behind the > reverse proxy, is relatively correct in redirecting to HTTP I believe). > Something like this directive should fix the problem: > proxy_redirect http:// https://; > > This is mentioned by the wiki: > > https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy > > I guess the only real strange thing is that I managed to go this long > without something else breaking it! > > > Dom > > > On Thursday, 28 July 2016 12:03:23 UTC+12, Michael Neale wrote: >> >> Are you able to share the relevant parts of your nginx config? >> >> I that redirect seems to be the problem (it should not redirect to non >> https, that seems a bug). I assume you are using example.com instead of >> your actual url just by way of example? >> >> On Thursday, July 28, 2016 at 9:59:53 AM UTC+10, Dominic Scheirlinck >> wrote: >>> >>> Here's what's going on according to my testing: >>> >>> - /blue/js-extensions/ is the only affected resource >>> - The page attempts to load https://example.com/blue/js-extensions >>> (NB: no trailing slash) >>> - This results in a 302, redirecting to Location: >>> http://example.com/blue/js-extensions/ (NB: trailing slash, but no >>> HTTPS) >>> - If I'm visiting this location directly, HSTS will send me (307) to >>> https://example.com/blue/js-extensions/ (finally, the working URL), but >>> HSTS doesn't seem to be applied to <script src> by UAs (or at least not >>> consistently). >>> >>> Why https://example.com/blue/js-extensions redirects to >>> http://example.com/blue/js-extensions/ and changes the protocol, I'm >>> not sure. There doesn't seem to be anything in my nginx config about >>> trailing slashes specifically. I am using `proxy_set_header X-Forwarded-For >>> $proxy_add_x_forwarded_for;`. >>> >>> Like the other respondents, I've been using HTTPS Jenkins for years, >>> have the correct protocol in the 'Jenkins Location' setting, and all the >>> other assets on /blue/ (e.g. blueorigin.js or blueorigin.css) are being >>> loaded over HTTPS correctly. >>> >>> Regards, >>> Dom >>> >>> >>> On Thursday, 28 July 2016 10:45:36 UTC+12, Michael Neale wrote: >>> >>>> It's hard to say, it could be a quirk of proxy settings. The resources >>>> don't specify any absolute paths that I can tell. >>>> >>> -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/af4b0b20-d24a-48d8-a14f-6e344301fa0f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
