0

I have HAProxy configured to terminate SSL connections for a Jenkins CI server, proxying to the Jenkins CI server backend over plain ol' HTTP. I can successfully perform [thus far] all of the operations I need to in the Jenkins CI server web interface, including manage the instance.

However, I get the Jenkins "reverse proxy setup is broken" warning. This is caused by stricter proxy configuration checking since Jenkins version 1.572, which uses a URL in the form of:

https://host-name/jenkins/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/testForReverseProxySetup/a%2Fb/

to test the reverse proxy configuration. The typical cause for the warning called out is the decoding of the %2F into a forward slash by the reverse proxy, which causes a 404.

There seems to be well documented configuration solutions for Apache and nginx reverse proxy configurations to eliminate this warning. What I have not been able to find is something similar to Apache's "AllowEncodedSlashes On" option, or nginx's "proxy_pass" configuration, or even an example of setting up Jenkins behind HAProxy (which I'm using instead of Apache or nginx because we already have HAProxy in place for other applications).

  • Operating system: CentOS 6.6
  • HAProxy version: 1.5.2-2
  • Jenkins version: 1.610
J. Gregory Wright
  • 133
  • 1
  • 7

1 Answers1

1

This was not, as it turned out, an issue with the URL encoding / decoding. It was simply operator error on my part - when terminating SSL at any proxy you must ensure that the X-Proxy-Proto header is set to https so that all URLs generated by Jenkins in this manner get use a scheme of https. I missed the line in the documentation on the troubleshooting page. Simple adding:

http-request set-header X-Forwarded-Proto https

To the backend definition removed the warning.

J. Gregory Wright
  • 133
  • 1
  • 7