Hide Jenkins on port 8080 behind NGINX using proxy_pass ?

Francisco V. iseeprimenumbers at gmail.com
Fri Oct 16 17:26:17 UTC 2015


Hi, not 100% sure about it, but usually when you use reverse proxy
capabilities, URIs must match because that is what is used to know
where to pass the request.

For example, if your backend is 1.1.1.1/foo, you will have to redirect
from somedomain.com/foo

Redirecting without specific URIs like somedomain.com to
backend.domain/app did never work for me. I always use
somedomain.com/app to backend.domain/app and be sure to match trailing
slashed too (Example: somedomain.com/app won't match
backend.domain.com/app/ - notice the final slash in the backend URI)

Hope it helps,

Regards,

Francisco

On 16 October 2015 at 13:26, Nurahmadie Nurahmadie <nurahmadie at gmail.com> wrote:
>
>
> On Fri, Oct 16, 2015 at 11:24 PM, Nurahmadie Nurahmadie
> <nurahmadie at gmail.com> wrote:
>>
>> Well, in that case it's more like the whole gitlab-http server is
>> overriding your jenkins server block.
>>
>> Assuming your jenkins reverse proxy is configured like this:
>>
>> server {
>>    listen 80;
>>    listen [::]:80 default ipv6only=on;
>>
>>    location /jenkins/ {
>>       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>>       proxy_set_header Host $http_host;
>>       proxy_pass http://172.17.144.123:8080;
>
>          # make sure to remove the trailing slash here
>>
>>
>>    }
>> }
>>
>> Could you add `server_name` directive over there, set it to `localhost`.
>> and see if you can get localhost/jenkins work?
>>
>> If you want to add it to the same domain with gitlab, you should set a
>> location inside gitlab-http.conf (use `location ^~ /jenkins/` to get the
>> highest precedence). Will get reset if you call gitlab-ctl reconfigure if
>> you don't add it to the template.
>>
>> On Fri, Oct 16, 2015 at 10:56 PM, edofthemountain <nginx-forum at nginx.us>
>> wrote:
>>>
>>> Thank you for your reply.  I am not sure I understand.
>>>
>>> I do know Jenkins proxy_pass will  work if I do the following:
>>>
>>> 1 -  gitlab-ctl stop
>>> 2 - Comment-out the "#include gitlab-http.conf" in the nginx.conf file
>>> 3 - gitlab-ctl start
>>> 4 - http://localhost/jenkins takes me to http://localhost:8081/jenkins
>>>
>>> I assume this means something in gitlab-http.conf is intercpting the
>>> http://localhost/jenkins correct?
>>>
>>> Is it likely a location directive?
>>>
>>>
>>> # This file is managed by gitlab-ctl. Manual changes will be
>>> # erased! To change the contents below, edit /etc/gitlab/gitlab.rb
>>> # and run `sudo gitlab-ctl reconfigure`.
>>>
>>> ## GitLab
>>> ## Modified from
>>>
>>> https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab-ssl
>>> &
>>>
>>> https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab
>>> ##
>>> ## Lines starting with two hashes (##) are comments with information.
>>> ## Lines starting with one hash (#) are configuration parameters that can
>>> be
>>> uncommented.
>>> ##
>>> ##################################
>>> ##        CHUNKED TRANSFER      ##
>>> ##################################
>>> ##
>>> ## It is a known issue that Git-over-HTTP requires chunked transfer
>>> encoding
>>> [0]
>>> ## which is not supported by Nginx < 1.3.9 [1]. As a result, pushing a
>>> large
>>> object
>>> ## with Git (i.e. a single large file) can lead to a 411 error. In theory
>>> you can get
>>> ## around this by tweaking this configuration file and either:
>>> ## - installing an old version of Nginx with the chunkin module [2]
>>> compiled
>>> in, or
>>> ## - using a newer version of Nginx.
>>> ##
>>> ## At the time of writing we do not know if either of these theoretical
>>> solutions works.
>>> ## As a workaround users can use Git over SSH to push large files.
>>> ##
>>> ## [0]
>>>
>>> https://git.kernel.org/cgit/git/git.git/tree/Documentation/technical/http-protocol.txt#n99
>>> ## [1] https://github.com/agentzh/chunkin-nginx-module#status
>>> ## [2] https://github.com/agentzh/chunkin-nginx-module
>>> ##
>>> ###################################
>>> ##         configuration         ##
>>> ###################################
>>>
>>> upstream gitlab {
>>>   server unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket
>>> fail_timeout=0;
>>> }
>>>
>>> upstream gitlab-git-http-server {
>>>   server unix:/var/opt/gitlab/gitlab-git-http-server/socket;
>>> }
>>>
>>>
>>> server {
>>>   listen *:80;
>>>
>>>
>>>   server_name gitlab.monserver.fr;
>>>   server_tokens off; ## Don't show the nginx version number, a security
>>> best
>>> practice
>>>   root /opt/gitlab/embedded/service/gitlab-rails/public;
>>>
>>>   ## Increase this if you want to upload large attachments
>>>   ## Or if you want to accept large git objects over http
>>>   client_max_body_size 250m;
>>>
>>>
>>>   ## Individual nginx logs for this GitLab vhost
>>>   access_log  /var/log/gitlab/nginx/gitlab_access.log gitlab_access;
>>>   error_log   /var/log/gitlab/nginx/gitlab_error.log;
>>>
>>>   location / {
>>>     ## Serve static files from defined root folder.
>>>     ## @gitlab is a named location for the upstream fallback, see below.
>>>     try_files $uri $uri/index.html $uri.html @gitlab;
>>>   }
>>>
>>>   location /uploads/ {
>>>     ## If you use HTTPS make sure you disable gzip compression
>>>     ## to be safe against BREACH attack.
>>>
>>>
>>>     ## https://github.com/gitlabhq/gitlabhq/issues/694
>>>     ## Some requests take more than 30 seconds.
>>>     proxy_read_timeout      300;
>>>     proxy_connect_timeout   300;
>>>     proxy_redirect          off;
>>>
>>>     proxy_set_header    Host                $http_host;
>>>     proxy_set_header    X-Real-IP           $remote_addr;
>>>     proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
>>>     proxy_set_header    X-Forwarded-Proto   http;
>>>     proxy_set_header    X-Frame-Options     SAMEORIGIN;
>>>
>>>     proxy_pass http://gitlab;
>>>   }
>>>
>>>   ## If a file, which is not found in the root folder is requested,
>>>   ## then the proxy passes the request to the upsteam (gitlab unicorn).
>>>   location @gitlab {
>>>     ## If you use HTTPS make sure you disable gzip compression
>>>     ## to be safe against BREACH attack.
>>>
>>>
>>>     ## https://github.com/gitlabhq/gitlabhq/issues/694
>>>     ## Some requests take more than 30 seconds.
>>>     proxy_read_timeout      300;
>>>     proxy_connect_timeout   300;
>>>     proxy_redirect          off;
>>>
>>>     proxy_set_header    Host                $http_host;
>>>     proxy_set_header    X-Real-IP           $remote_addr;
>>>     proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
>>>     proxy_set_header    X-Forwarded-Proto   http;
>>>     proxy_set_header    X-Frame-Options     SAMEORIGIN;
>>>
>>>     proxy_pass http://gitlab;
>>>   }
>>>
>>>   location ~ [-\/\w\.]+\.git\/ {
>>>     ## If you use HTTPS make sure you disable gzip compression
>>>     ## to be safe against BREACH attack.
>>>
>>>
>>>     ## https://github.com/gitlabhq/gitlabhq/issues/694
>>>     ## Some requests take more than 30 seconds.
>>>     proxy_read_timeout      300;
>>>     proxy_connect_timeout   300;
>>>     proxy_redirect          off;
>>>
>>>     proxy_set_header    Host                $http_host;
>>>     proxy_set_header    X-Real-IP           $remote_addr;
>>>     proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
>>>     proxy_set_header    X-Forwarded-Proto   http;
>>>
>>>     proxy_pass http://gitlab-git-http-server;
>>>   }
>>>
>>>   ## Enable gzip compression as per rails guide:
>>>   ## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
>>>   ## WARNING: If you are using relative urls remove the block below
>>>   ## See config/application.rb under "Relative url support" for the list
>>> of
>>>   ## other files that need to be changed for relative url support
>>>   location ~ ^/(assets)/ {
>>>     root /opt/gitlab/embedded/service/gitlab-rails/public;
>>>     gzip_static on; # to serve pre-gzipped version
>>>     expires max;
>>>     add_header Cache-Control public;
>>>   }
>>>
>>>
>>>   error_page 502 /502.html;
>>>
>>>
>>> }
>>>
>>> Posted at Nginx Forum:
>>> https://forum.nginx.org/read.php?2,262255,262282#msg-262282
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>>
>>
>>
>> --
>> regards,
>> Nurahmadie
>> --
>
>
>
>
> --
> regards,
> Nurahmadie
> --
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx



More information about the nginx mailing list