我在Apache服务器后面运行两个服务:Jenkins(端口8080)和SonarQube(端口9000)。
我的apacheconfiguration如下所示:
<VirtualHost *:80> ServerName server Redirect permanent / https://server.domain.com/ </VirtualHost> <VirtualHost *:80> ServerName server.domain.com Redirect permanent / https://server.domain.com/ </VirtualHost> <VirtualHost *:443> ServerName server.domain.com SSLEngine on SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key ProxyPass /jenkins http://localhost:8080/jenkins nocanon ProxyPassReverse /jenkins http://localhost:8080/jenkins ProxyPassReverse /jenkins http://server.domain.com/jenkins ProxyPassReverse /jenkins https://server.domain.com/jenkins ProxyPass /sonar http://localhost:9000/sonar nocanon ProxyPassReverse /sonar http://localhost:9000/sonar AllowEncodedSlashes NoDecode ProxyRequests Off ProxyPreserveHost On <Proxy http://localhost:8080/*> Order deny,allow Allow from all </Proxy> </VirtualHost> 一切似乎都工作正常,除了jenkins抱怨这个消息: 似乎你的反向代理设置是坏的。
当我运行由Jenkins提供的ReverseProxySetupMonitortesting时,错误消息表明反向代理的某些设置没有正确设置,因为不会使用httpsreplacehttp:
$ curl -iLk -e https://server.domain.com/jenkins/manage https://server.domain.com/jenkins/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/test [...] 404 http://server.domain.com/jenkins/manage vs. https://server.domain.com/jenkins/manage [...]
这只是在服务器上启用SSL(现在使用自签名证书) 之后才出现的。
问题:如何修复反向代理设置,以便Jenkins很高兴? 关于如何改善Apacheconfiguration文件的提示奖金积分。
我已经检查了以下两个相关的问题:
Jenkins上的这个页面提到,根据2014年7月 ,Jenkins反向代理的推荐configuration。 缺less的参数是RequestHeader set X-Forwarded-Proto "https"和RequestHeader set X-Forwarded-Port "443"
所以configuration成了
<VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/ssl/certs/cert.pem ServerAdmin webmaster@localhost ProxyRequests Off ProxyPreserveHost On AllowEncodedSlashes NoDecode <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / http://localhost:8080/ nocanon ProxyPassReverse / http://localhost:8080/ ProxyPassReverse / http://www.example.com/ RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443" </VirtualHost>
Jenkins的Windows Apache前端设置
这里的主要区别是:
我的设置:
安装到d:\(不是c:\ – 适应您的需要)
jenkins在8080港口
将Apache httpd-2.4.18-win64-VC14.zip(从http://www.apachelounge.com/download/ )解压到d:\。
将OpenSSL Win64OpenSSL_Light-1_0_2f.exe( http://slproweb.com/products/Win32OpenSSL.html )安装到d:\ OpenSSL-Win64
创buildssl证书:
cd到OpenSSL bin目录并运行魔术:
pushd d:\OpenSSL-Win64\bin set OPENSSL_CONF=openssl.cfg openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt
将服务器。*文件从d:\ OpenSSL-Win64 \ bin复制到D:\ Apache24 \ conf
编辑d:\ Apache24 \ conf \ httpd.conf:
用“d:/”search并replace“c:/”
在“Listen 80”后添加“Listen 443”:
Listen 80 Listen 443
取消这些行的注释:
LoadModule headers_module modules/mod_headers.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule ssl_module modules/mod_ssl.so LoadModule vhost_alias_module modules/mod_vhost_alias.so
更新“#ServerName http://www.example.com:80”到:
ServerName myserver.mydomain:80
最后加上:
<IfModule socache_shmcb_module> SSLSessionCache "shmcb:logs/ssl_scache(512000)" </IfModule> <VirtualHost *:80> ServerName myserver Redirect permanent / https://myserver.mydomain/ </VirtualHost> <VirtualHost *:80> ServerName myserver.mydomain Redirect permanent / https://myserver.mydomain/ </VirtualHost> <VirtualHost *:443> SSLEngine on SSLCertificateFile conf/server.crt SSLCertificateKeyFile conf/server.key ServerAdmin me@mydomain ProxyRequests Off ProxyPreserveHost On AllowEncodedSlashes NoDecode <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / http://localhost:8080/ nocanon ProxyPassReverse / http://localhost:8080/ ProxyPassReverse / http://myserver.mydomain/ RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443" </VirtualHost>
我并没有停止Jenkins在8080端口上侦听,所以如果Apache失败,我仍然可以连接。 我使用https的目的是隐藏参数。