Rundeck reverse proxy behind Nginx

Question

I have configured reverse proxy for Rundeck behind Nginx. Below is the Rundeck.conf which is placed in the path /etc/nginx/sites-enabled

ssl_certificate      /etc/nginx/ssl/server.crt;
ssl_certificate_key  /etc/nginx/ssl/server.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers   on;
## server configuration
server {
    listen 443 ssl;
    listen 80 ;
    server_name ~(?<repo>.+)\.pilot1 pilot1;
    if ($http_x_forwarded_proto = '') {
        set $http_x_forwarded_proto  $scheme;
    }
    ## Application specific logs
    ## access_log /var/log/nginx/pilot1.ci1.peapod.com-access.log timing;
    ## error_log /var/log/nginx/pilot1.ci1.peapod.com-error.log;
# rewrite ^/$ /rundeck/menu/home redirect;
   rewrite ^/rundeck/?(/rundeck)?$ /rundeck/menu/home redirect;
   chunked_transfer_encoding on;
    client_max_body_size 0;

location ^~ /rundeck/ {
        proxy_pass          http://localhost:4440;
        proxy_read_timeout  900;
}
}

Reverse proxy works fine when I browse and login to Rundeck.But when I click log out the redirection to the login page exposes the port:4440 as below LOGIN----> pilot1/rundeck redirects to pilot1/rundeck/menu/home (works fine) Logout---> pilot1:4440/rundeck/user/loggedout

I do not want the port to be exposed. How do i fix this issue?

Did you set framework.rundeck.url and grails.serverURL to use https? Check `framework.rundeck.url` in `/etc/rundeck/framework.properties` and `grails.serverURL` in `/etc/rundeck/rundeck-config.properties`. — minamijoyo, Feb 11 '17 at 09:11

score 3 · Answer 1 · answered Jun 27 '17 at 05:13

3

Here is what I had to do:

In NGINX config under an appropriate 'server' section set up a location:

  location /rundeck/ {
    proxy_pass http://localhost:4440;
    proxy_set_header X-Forwarded-Host $host:$server_port;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }

Rundeck config:

sed -i "/^grails.serverURL/c grails.serverURL = ${RUNDECK_URL}" /etc/rundeck/rundeck-config.properties
sed -i "/^framework.server.url/c framework.server.url = ${RUNDECK_URL}" /etc/rundeck/framework.properties
sed -i '/^RDECK_JVM="$RDECK_JVM/ s/"$/ -Dserver.web.context=\/rundeck"/' /etc/rundeck/profile

where RUNDECK_URL should point to you NGINX ip (dns name) so http://my-nginx.com/rundeck

answered Jun 27 '17 at 05:13

Sergey

978
2
11
33

Just a few details : 1] It seems that "server.web.context" parameter doesn't exist anymore (Rundeck 3.2.8), the new one is "server.contextPath". 2] You should not change the /etc/rundeck/profile as it can be overwritten on Rundeck upgrade. As the documentation suggests, you should use /etc/default/rundeckd (on DEB install) with this content : `RDECK_JVM_OPTS="-Dserver.contextPath=/rundeck"` Documentation : https://docs.rundeck.com/docs/administration/configuration/system-properties.html – DaryL Jun 23 '20 at 15:15
A portion of this should not be followed as `/etc/rundeck/profile`, can will be updated on upgrade. save to `/etc/defaults/rundeckd` – ekydfejj Mar 22 '21 at 22:40

Rundeck reverse proxy behind Nginx

1 Answers1