4

I have followed this tutorial and many others:

https://wiki.jenkins-ci.org/display/JENKINS/Running+Jenkins+behind+Apache

However, none of my attempts have been successful:

  1. When I go to Plugin Manager -> Available, it says "No updates"
  2. When I go to Plugin Manager -> Advanced -> Check Now, it says "Checking Updates..." and then nothing happens.
  3. Looking at Apache and Tomcat logs, nothing shows up.

  4. Looking at browser console, no errors appear. However, I get warnings like this one:

    [blocked] The page at 'https://mywebsite.com/jenkins/pluginManager/checkUpdates' was loaded over HTTPS, but ran insecure content from 'http://updates.jenkins-ci.org/updates/hudson.tools.JDKInstaller.json.html?id=hudson.tools.JDKInstaller&version=1.544': this content should also be loaded over HTTPS.

Looking at this, I realize the plugin manager wasn't designed for https, because it makes ajax requests for non-SSL endpoints.

So what's the right solution to this? Is there an HTTPS endpoint to use for downloading plugins? Do I need to use a different browser?

Thanks.

James Watkins
  • 4,806
  • 5
  • 32
  • 42

1 Answers1

6

There is an HTTPS endpoint to use:

https://updates.jenkins-ci.org/update-center.json
rakslice
  • 8,742
  • 4
  • 53
  • 57
  • While the endpoint is HTTPS, the URLs in the response are not. Thus completely defeating the purpose. – James Watkins Feb 27 '14 at 17:49
  • Ah. Does it still give AJAX warnings when you actually attempt to install a plugin? I didn't test that far. – rakslice Feb 27 '14 at 21:10
  • 1
    I believe this is the relevant Jenkins issue: https://issues.jenkins-ci.org/browse/JENKINS-20641 – Thien Mar 14 '14 at 17:07
  • Hmm... the file already has SHA1 checksums as Kohsuke suggests in that Jenkins issue. Maybe the updater is already validating the plugin? – rakslice Mar 15 '14 at 00:29
  • In case of SSL issue you may refer [this](https://stackoverflow.com/a/47709466/1802348) – positivecrux Dec 08 '17 at 07:20