opendev/puppet-jenkins
Code Issues Proposed changes
puppet-jenkins/templates/jenkins.vhost.erb
Clark Boylan cca6819f67 Fix Jenkins reverse proxy according to docs 
Jenkins has documented[0] the appropriate way to reverse proxy Jenkins
and it is complaining that our config is broken so update it according
to their docs.

Big changes here are to set nodecode on AllowEncodedSlashes and nocanon
on ProxyPass so that the PATH_INFO value is left alone. But also set
some X-Forward headers to tell Jenkins about the original port and
protocol.

Also remove the modrewrite rules so that they do not interfere with
ProxyPass as they appear to no longer be needed to host zuul status.

[0] https://wiki.jenkins-ci.org/display/JENKINS/Running+Jenkins+behind+Apache

Change-Id: I9e2b159c1bde1c55779b7b519969b167ec788ea9
2015-01-07 16:53:18 -08:00

45 lines
2.0 KiB
Plaintext
Raw Blame History

<VirtualHost <%= scope.lookupvar("::jenkins::master::vhost_name") %>:80>
ServerAdmin <%= scope.lookupvar("::jenkins::master::serveradmin") %>
ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-access.log combined
Redirect / https://<%= scope.lookupvar("::jenkins::master::vhost_name") %>/
</VirtualHost>
<VirtualHost <%= scope.lookupvar("::jenkins::master::vhost_name") %>:443>
ServerName <%= scope.lookupvar("::jenkins::master::vhost_name") %>
ServerAdmin <%= scope.lookupvar("::jenkins::master::serveradmin") %>
ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-ssl-access.log combined
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile <%= scope.lookupvar("::jenkins::master::ssl_cert_file") %>
SSLCertificateKeyFile <%= scope.lookupvar("::jenkins::master::ssl_key_file") %>
<% if scope.lookupvar("::jenkins::master::ssl_chain_file") != "" %>
SSLCertificateChainFile <%= scope.lookupvar("::jenkins::master::ssl_chain_file") %>
<% end %>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
AllowEncodedSlashes NoDecode
ProxyPass / http://127.0.0.1:8080/ retry=0 nocanon
ProxyPassReverse / http://127.0.0.1:8080/
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
</VirtualHost>
View Git Blame Copy Permalink