When a request arrives for certain URLs, Nginx becomes a proxy and further forward that request to Jenkins, then it forwards the response back to the client. A typical set up for mod_proxy would look like this:<\/p>\n
When using SSL, you might want to use something like the below nginx config.<\/p>\n
- \n
- Terminate SSL connection at nginx<\/li>\n
- Proxy it internally to Jenkins on port 8080<\/li>\n
- Replace the Location Header of Jenkins with https instead of http<\/li>\n<\/ul>\n
Note that the third point is pretty tricky. We use\u00a0
proxy_redirect http:\/\/ https:\/\/;<\/code>\u00a0that corresponds to Apaches’s\u00a0ProxyPassReverse<\/code><\/p>\n<\/div>\n<\/div>\n<\/section>\n\n \n
\n<\/div>\n\n\nupstream jenkins {\r\n server 127.0.0.1:8080 fail_timeout=0;\r\n}\r\n\r\nserver {\r\n listen 80 default;\r\n server_name 127.0.0.1 *.mydomain.com;\r\n rewrite ^ https:\/\/$server_name$request_uri? permanent;\r\n}\r\n\r\nserver {\r\n listen 443 default ssl;\r\n server_name 127.0.0.1 *.mydomain.com;\r\n\r\n ssl_certificate \/etc\/ssl\/certs\/my.crt;\r\n ssl_certificate_key \/etc\/ssl\/private\/my.key;\r\n\r\n ssl_session_timeout 5m;\r\n ssl_protocols SSLv3 TLSv1;\r\n ssl_ciphers HIGH:!ADH:!MD5;\r\n ssl_prefer_server_ciphers on;\r\n\r\n # auth_basic \"Restricted\";\r\n # auth_basic_user_file \/home\/jenkins\/htpasswd;\r\n\r\n location \/ {\r\n proxy_set_header Host $http_host;\r\n proxy_set_header X-Real-IP $remote_addr;\r\n proxy_set_header X-Forwarded-Proto https;\r\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\r\n proxy_redirect http:\/\/ https:\/\/;\r\n\r\n add_header Pragma \"no-cache\";\r\n\r\n proxy_pass http:\/\/jenkins;\r\n }\r\n}<\/code><\/pre>\n<\/div>\n<\/div>\n<\/section>\n","protected":false},"excerpt":{"rendered":"Create a HTTPS proxy for jenkins using NGINX <\/p>\n
In situations where you have existing web sites on your server, you may find it useful to run Jenkins (or the servlet container that Jenkins runs in) behind Nginx, so that you can bind Jenkins to the part of a bigger website that […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[70],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7643"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7643"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7643\/revisions"}],"predecessor-version":[{"id":7644,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7643\/revisions\/7644"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7643"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7643"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7643"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}