I have a really weird requirement (Security team doesn't even want people who don't have access to see the Jenkins UI), where I want to run Jenkins behind reverse proxy (Apache) and then secure it via Active Directory Authentication.
Here is my config
LDAPCacheEntries 0
LDAPCacheTTL 5
LDAPOpCacheEntries 0
LDAPOpCacheTTL 5
<VirtualHost 0.0.0.0:80>
ServerName localhost
RequestHeader unset WWW-Authenticate
ProxyPass / http://localhost:8080/ retry=1 acquire=3000 timeout=600 ttl=60 Keepalive=On
ProxyPassReverse / http://localhost:8080/
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes On
<Proxy http://localhost:8080/>
Order deny,allow
Allow from all
</Proxy>
<Location />
AuthLDAPBindDN “testuser”
AuthLDAPBindPassword “testpasswd”
AuthLDAPURL "ldaps://testserver.example.com:636/ou=test,ou=users,dc=internal,dc=example,dc=com?sAMAccountName?sub?(objectClass=user)"
AuthType Basic
AuthName "AD/LDAP Credentials"
AuthBasicProvider ldap
AuthUserFile /dev/null
require ldap-group CN=Admin,OU=Security,OU=Groups,DC=internal,DC=example,DC=com
</Location>
LogLevel debug
ErrorLog /var/log/httpd/jenkins-error_log
CustomLog /var/log/httpd/jenkins-access_log common
Now everything looks OK, except that the page takes forever to load and sometimes I get a timeout (that's why I have the 600 sec in timeout value). So just want to confirm if there is anything wrong with my config?
