Apache-2.2
用於 Jenkins 和 Sonar 的帶有 SSL 的 Apache 反向代理配置
我在 Apache 伺服器後面執行兩個服務:Jenkins(埠 8080)和 SonarQube(埠 9000)。
我的 apache 配置如下所示:
<VirtualHost *:80> ServerName server Redirect permanent / https://server.domain.com/ </VirtualHost> <VirtualHost *:80> ServerName server.domain.com Redirect permanent / https://server.domain.com/ </VirtualHost> <VirtualHost *:443> ServerName server.domain.com SSLEngine on SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key ProxyPass /jenkins http://localhost:8080/jenkins nocanon ProxyPassReverse /jenkins http://localhost:8080/jenkins ProxyPassReverse /jenkins http://server.domain.com/jenkins ProxyPassReverse /jenkins https://server.domain.com/jenkins ProxyPass /sonar http://localhost:9000/sonar nocanon ProxyPassReverse /sonar http://localhost:9000/sonar AllowEncodedSlashes NoDecode ProxyRequests Off ProxyPreserveHost On <Proxy http://localhost:8080/*> Order deny,allow Allow from all </Proxy> </VirtualHost>
一切似乎都執行良好,除了 Jenkins 抱怨此消息:您的反向代理設置似乎已損壞。
當我執行 Jenkins 提供的ReverseProxySetupMonitor測試時,錯誤消息表明沒有正確設置反向代理,因為它沒有將 http 替換為 https:
$ curl -iLk -e https://server.domain.com/jenkins/manage https://server.domain.com/jenkins/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/test [...] 404 http://server.domain.com/jenkins/manage vs. https://server.domain.com/jenkins/manage [...]
這僅在我在伺服器上啟用 SSL(現在使用自簽名證書)後才出現。
問題: 如何修復反向代理設置以使 Jenkins 滿意?有關如何改進 apache 配置文件的提示的獎勵積分。
我已經檢查了以下兩個相關問題:
wiki Jenkins 上的此頁面提到,根據2014 年 7 月,Jenkins 反向代理的推薦配置。缺少的參數是
RequestHeader set X-Forwarded-Proto "https"
和RequestHeader set X-Forwarded-Port "443"
所以配置變成了
<VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/ssl/certs/cert.pem ServerAdmin webmaster@localhost ProxyRequests Off ProxyPreserveHost On AllowEncodedSlashes NoDecode <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / http://localhost:8080/ nocanon ProxyPassReverse / http://localhost:8080/ ProxyPassReverse / http://www.example.com/ RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443" </VirtualHost>