My Jenkins is running in Kubernetes with Service type: LoadBalancer, and added below azure annotations to take internal subnet private ip address to expose service internally.
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
service.beta.kubernetes.io/azure-load-balancer-internal-subnet: subnetNameI've one ubuntu VM where Apache is installed. Created self signed certificated and terminated in apache configurations, and I'm able to access apache home page using HTTPS.
Then I've created proxy rule to Jenkins service IP address. Basically I want to access Jenkins from Apache HTTPS --> to internally HTTP traffic towards kubernetes service.
Here is Apache configurations:
xxxx@xxxx:/etc/apache2/sites-available$ ls -ltrh
total 28K
-rw-r--r-- 1 root root 1332 Jul 16 18:14 000-default.conf
-rw-r--r-- 1 root root 6338 Jul 16 18:14 default-ssl.conf
drwxr-xr-x 2 root root 4096 Dec 12 17:24 abc
-rw-r--r-- 1 root root 680 Dec 12 13:04 abc.conf
drwxr-xr-x 2 root root 4096 Dec 12 14:29 xyz
-rw-r--r-- 1 root root 1151 Dec 12 13:08 xyz.conf
cat abc/00-redirect-to-https.conf
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^jenkins$ login [L,R=302]
cat abc.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/abc_error.log
CustomLog ${APACHE_LOG_DIR}/abc_access.log combined
<IfModule mod_headers.c>
RequestHeader unset X-Forwarded-For
RequestHeader unset X-Forwarded-Host
RequestHeader unset X-Forwarded-Server
RequestHeader set X-Forwarded-Proto "http"
RequestHeader set X-Forwarded-Port "80"
</IfModule>
# Apache will try to set application/json based on mime type
# This behaviour casing problems with empty json responses from spring
RemoveType json
Include sites-available/abc/*.conf
</VirtualHost>
cat xyz/00-jenkins.conf
ProxyPass /jenkins balancer://jenkins/jenkins
ProxyPassReverse /jenkins balancer://jenkins/jenkins
<Proxy balancer://jenkins>
BalancerMember http://x.x.x.x:8080 loadfactor=1 keepalive=On retry=0
ProxySet lbmethod=bytraffic
</Proxy>
cat xyz.conf
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName FQDN
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/xyz_error.log
CustomLog ${APACHE_LOG_DIR}/xyz_access.log combined
<IfModule mod_headers.c>
RequestHeader unset X-Forwarded-For
RequestHeader unset X-Forwarded-Host
RequestHeader unset X-Forwarded-Server
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
</IfModule>
SSLEngine on
SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/apache2/certs/ca.cert
SSLCertificateKeyFile /etc/apache2/certs/ca.key
# Apache will try to set application/json based on mime type
# This behaviour casing problems with empty json responses from spring
RemoveType json
Include sites-available/xyz/*.conf
</VirtualHost>If I do curl -k https://localhost/jenkins from local ubuntu VM then response shows that authentication required which is fine as below, but redirecting url becomes window.location.replace('/login?from=%2F')
<html><head><meta http-equiv='refresh' content='1;url=/login?from=%2Fjenkins'/><script>window.location.replace('/login?from=%2Fjenkins');</script></head><body style='background-color:white; color:white;'>
Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Read
... which is implied by: hudson.security.Permission.GenericRead
... which is implied by: hudson.model.Hudson.Administer
-->
</body></html> But with the same case, when I request from browser https://FQDN/jenkins again URL becomes https://FQDN/login?from=%2F But there browser throws URL Not found error
Not Found
The requested URL was not found on this server.Please assist here to correct the configurations..
Thanks..
More observation from logs:
when I did curl -k https://localhost/jenkins apache access logs shows 403 which is ok because I've not passed credentials
127.0.0.1 - - [13/Dec/2019:13:37:40 +0000] "GET /jenkins HTTP/1.1" 403 3297 "-" "curl/7.58.0"and when same tried from internet browser https://FQDN/jenkins apache logs first shows 403 which is wanted but soon after apache tries to find changed url in same VM instead of redirecting, due to which i'm not getting jenkins page.
165.225.106.137 - - [13/Dec/2019:13:38:19 +0000] "GET /jenkins HTTP/1.1" 403 3446 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
165.225.106.137 - - [13/Dec/2019:13:38:19 +0000] "GET /jenkins HTTP/1.1" 403 1564 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
165.225.106.137 - - [13/Dec/2019:13:38:20 +0000] "GET /login?from=%2F HTTP/1.1" 404 541 "https://DNSname/jenkins" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"It's working now after changing below configurations --
(1) Set the context path by modifying the jenkins.xml configuration file and adding --prefix=/jenkins (or similar) to the <arguments> entry.
https://wiki.jenkins.io/display/JENKINS/Running+Jenkins+behind+Apache
(2) Initially -- RewriteRule ^jenkins$ login [L,R=302] Now -- RewriteRule ^/jenkins(.*)$ /
(3) Initially --
ProxyPass /jenkins balancer://jenkins/jenkins
ProxyPassReverse /jenkins balancer://jenkins/jenkins
<Proxy balancer://jenkins>
BalancerMember http://x.x.x.x:8080 loadfactor=1 keepalive=On retry=0
ProxySet lbmethod=bytraffic
</Proxy>
Now --
ProxyPass /jenkins balancer://jenkins
ProxyPassReverse /jenkins balancer://jenkins
ProxyRequests Off
AllowEncodedSlashes NoDecode
<Proxy balancer://jenkins>
BalancerMember http://x.x.x.x:8080/jenkins loadfactor=1 keepalive=On retry=0
ProxySet lbmethod=bytraffic
</Proxy>