我正在尝试在Centos 7.5服务器上使用nginx-1.12.2为Jenkins 2.151配置反向代理。我的Jenkins使用前缀/ Jenkins在端口8080上运行。当我去管理配置时,使用下面的nginx配置文件总会得到It appears that your reverse proxy set up is broken。尝试了几种无法修复的选项。
已经尝试了这两个建议,没有运气
https://wiki.jenkins.io/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy NGINX/JENKINS: It appears that your reverse proxy set up is broken
现在正在寻找帮助。
worker_processes 1;
events { worker_connections 1024; }
http {
log_format compression '$remote_addr - $remote_user [$time_local] '
'"$request" $status $upstream_addr '
'"$http_referer" "$http_user_agent" "$gzip_ratio"';
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 http2 ssl;
server_name jenkins-dev.test.com;
access_log /var/log/nginx/access.log compression;
error_log /var/log/nginx/error.log ;
ignore_invalid_headers off;
location ^~ /jenkins/ {
proxy_pass http://localhost:8080/jenkins/;
proxy_redirect http:// https://;
sendfile off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_max_temp_file_size 0;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_temp_file_write_size 64k;
proxy_http_version 1.1;
proxy_request_buffering off;
}
ssl on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_certificate /etc/pki/tls/certs/server.crt;
ssl_certificate_key /etc/pki/tls/certs/server.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:20m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'HIGH:AES-GCM:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:!SSLv3:!SSLv2:!EXPORT:!DH:!DES:!3DES:!MD5:!DHE:!ADH:!EDH';
ssl_ecdh_curve secp384r1;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
}
}
谢谢 SR
答案 0 :(得分:1)
如果使用nginx进行反向代理,则需要适当设置Jenkins URL,并且必须通过下面的nginx配置重写标头以使其匹配:
location / {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://localhost:8080;
}
答案 1 :(得分:0)
确保用于访问jenkins的URL和设置的Jenkins URL相同。
例如我使用http://example.com通过浏览器访问我的詹金斯,因此我将詹金斯URL设置为http://example.com。例如,如果将其设置为http://<IP_address>,则会看到您要报告的错误。
答案 2 :(得分:0)
也许不是最好的解决方案,但解决方法是将操作系统级别的端口从80转发到8080。这更像是黑客。
将端口80重定向到端口8080进行TCP通信:
firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080
保留新设置。
firewall-cmd --runtime-to-permanent
验证端口重新路由:
firewall-cmd --list-all
注意:您也可以重新启动,只是为了确保
。