Oh good catch. I am still curious why it would redirect to http - in *theory* the header is available so it can know the forwarded protocol...
but good to hear this is resolved. On Thursday, July 28, 2016 at 10:16:25 AM UTC+10, Dominic Scheirlinck wrote: > > Hi Michael, > > The relevant part is the proxy_redirect directive (I had mine at 'off'). > > Jenkins generates a redirect, and nginx (if acting as a reverse proxy) has > to rewrite the location to the correct one (Jenkins, running behind the > reverse proxy, is relatively correct in redirecting to HTTP I believe). > Something like this directive should fix the problem: > proxy_redirect http:// https://; > > This is mentioned by the wiki: > > https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy > > I guess the only real strange thing is that I managed to go this long > without something else breaking it! > > > Dom > > > On Thursday, 28 July 2016 12:03:23 UTC+12, Michael Neale wrote: >> >> Are you able to share the relevant parts of your nginx config? >> >> I that redirect seems to be the problem (it should not redirect to non >> https, that seems a bug). I assume you are using example.com instead of >> your actual url just by way of example? >> >> On Thursday, July 28, 2016 at 9:59:53 AM UTC+10, Dominic Scheirlinck >> wrote: >>> >>> Here's what's going on according to my testing: >>> >>> - /blue/js-extensions/ is the only affected resource >>> - The page attempts to load https://example.com/blue/js-extensions >>> (NB: no trailing slash) >>> - This results in a 302, redirecting to Location: >>> http://example.com/blue/js-extensions/ (NB: trailing slash, but no >>> HTTPS) >>> - If I'm visiting this location directly, HSTS will send me (307) to >>> https://example.com/blue/js-extensions/ (finally, the working URL), but >>> HSTS doesn't seem to be applied to <script src> by UAs (or at least not >>> consistently). >>> >>> Why https://example.com/blue/js-extensions redirects to >>> http://example.com/blue/js-extensions/ and changes the protocol, I'm >>> not sure. There doesn't seem to be anything in my nginx config about >>> trailing slashes specifically. I am using `proxy_set_header X-Forwarded-For >>> $proxy_add_x_forwarded_for;`. >>> >>> Like the other respondents, I've been using HTTPS Jenkins for years, >>> have the correct protocol in the 'Jenkins Location' setting, and all the >>> other assets on /blue/ (e.g. blueorigin.js or blueorigin.css) are being >>> loaded over HTTPS correctly. >>> >>> Regards, >>> Dom >>> >>> >>> On Thursday, 28 July 2016 10:45:36 UTC+12, Michael Neale wrote: >>> >>>> It's hard to say, it could be a quirk of proxy settings. The resources >>>> don't specify any absolute paths that I can tell. >>>> >>> -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/af4b0b20-d24a-48d8-a14f-6e344301fa0f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
