Apache-2.2

用於 Jenkins 和 Sonar 的帶有 SSL 的 Apache 反向代理配置

  • July 14, 2021

我在 Apache 伺服器後面執行兩個服務:Jenkins(埠 8080)和 SonarQube(埠 9000)。

我的 apache 配置如下所示:

<VirtualHost *:80>
 ServerName server
 Redirect permanent / https://server.domain.com/
</VirtualHost>

<VirtualHost *:80>
 ServerName server.domain.com
 Redirect permanent / https://server.domain.com/
</VirtualHost>

<VirtualHost *:443>
 ServerName server.domain.com

 SSLEngine on
 SSLCertificateFile /etc/ssl/certs/server.crt
 SSLCertificateKeyFile /etc/ssl/private/server.key

 ProxyPass        /jenkins http://localhost:8080/jenkins nocanon
 ProxyPassReverse /jenkins http://localhost:8080/jenkins
 ProxyPassReverse /jenkins http://server.domain.com/jenkins
 ProxyPassReverse /jenkins https://server.domain.com/jenkins

 ProxyPass        /sonar http://localhost:9000/sonar nocanon
 ProxyPassReverse /sonar http://localhost:9000/sonar

 AllowEncodedSlashes NoDecode
 ProxyRequests Off
 ProxyPreserveHost On
 <Proxy http://localhost:8080/*>
   Order deny,allow
   Allow from all
 </Proxy>
</VirtualHost>

一切似乎都執行良好,除了 Jenkins 抱怨此消息:您的反向代理設置似乎已損壞。

當我執行 Jenkins 提供的ReverseProxySetupMonitor測試時,錯誤消息表明沒有正確設置反向代理,因為它沒有將 http 替換為 https:

$ curl -iLk -e https://server.domain.com/jenkins/manage https://server.domain.com/jenkins/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/test
[...]
404 http://server.domain.com/jenkins/manage vs. https://server.domain.com/jenkins/manage
[...]

這僅我在伺服器上啟用 SSL(現在使用自簽名證書)後才出現。

問題: 如何修復反向代理設置以使 Jenkins 滿意?有關如何改進 apache 配置文件的提示的獎勵積分。

我已經檢查了以下兩個相關問題:

wiki Jenkins 上的此頁面提到,根據2014 年 7 月,Jenkins 反向代理的推薦配置。缺少的參數是RequestHeader set X-Forwarded-Proto "https"RequestHeader set X-Forwarded-Port "443"

所以配置變成了

<VirtualHost *:443>
   SSLEngine on
   SSLCertificateFile /etc/ssl/certs/cert.pem
   ServerAdmin  webmaster@localhost
   ProxyRequests     Off
   ProxyPreserveHost On
   AllowEncodedSlashes NoDecode
   <Proxy *>
       Order deny,allow
       Allow from all
   </Proxy>
   ProxyPass         /  http://localhost:8080/ nocanon
   ProxyPassReverse  /  http://localhost:8080/
   ProxyPassReverse  /  http://www.example.com/
   RequestHeader set X-Forwarded-Proto "https"
   RequestHeader set X-Forwarded-Port "443"
</VirtualHost>

引用自:https://serverfault.com/questions/653408