Hudson behind an Apache Reverse Proxy w/ SSL
Locked
Hudson behind an Apache Reverse Proxy w/ SSL
 
|
Re: Hudson behind an Apache Reverse Proxy w/ SSL
Administrator
|
I think first we need to differenciate whether this is a browser JavaScript problem or the apache problem. Please try the scripting console (http://server/hudson/script) and try typing something like print "abc"; and click run. If this runs successfully, I suspect the issue is a browser issue and not your apache configuration. Another useful test is try to hit port 8080 directly via HTTP and see if that's working. Let me know those two results and we can narrow down the possibilities. alesque wrote: > I'm currently trying to expose an Hudson instance behind an Apache Reverse > Proxy w/ SSL. > > The Apache conf: > > <VirtualHost *:443> > > ServerName build.domain.tld > ServerAdmin [hidden email] > > ProxyPass / http://127.0.0.1:8080/ > ProxyPassReverse / http://127.0.0.1:8080/ > ProxyPreserveHost on > > SSLEngine on > SSLCertificateFile /etc/ssl/private/wildcard_cert.cert > SSLCertificateKeyFile /etc/ssl/private/wildcard_key.pem > SSLOptions StrictRequire > SSLProtocol all -SSLv2 > > ErrorLog /var/log/apache2/error.log > CustomLog /var/log/apache2/access.log combined > > </VirtualHost> > > Hudson is running with Winstone: > > /usr/bin/java -Xmx256m -jar /usr/local/hudson/hudson.war > > I modified the Hudson URL through the Manage Hudson / Configure System > accordingly (e.g. https://build.domain.tld/). When I click Save I get an > error : > > Response Headers: > ----------------- > Date: Thu, 26 Jun 2008 09:06:43 GMT > Server: Winstone Servlet Engine v0.9.10 > Location: http://build.domain.tld/ > Content-Length: 0 > X-Powered-By: Servlet/2.5 (Winstone/0.9.10) > Via: 1.1 build.olympefoundation.org > Content-Type: text/plain > Keep-Alive: timeout=5, max=92 > Connection: Keep-Alive > > Response Body: > -------------- > <html><head><title>Error 400</title></head><body > bgcolor="#ffffff"><h1>Status Code: 400</h1>Exception > : This page expects a form submission<br>Stacktrace: <pre>(none) > </pre><br><hr size="1" width="90%">Generated by Winstone Servlet Engine > v0.9.10 at Thu Jun 26 11:06 > :48 CEST 2008</body></html> > > Exception: > ---------- > [webapp 2008/06/26 09:23:33] - Error while serving > http://build.domain.tldnull java.lang.reflect.InvocationTargetException > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at > org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:103) > at org.kohsuke.stapler.Function.bindAndinvoke(Function.java:57) > at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:75) > at > org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30) > at org.kohsuke.stapler.Stapler.invoke(Stapler.java:440) > at org.kohsuke.stapler.Stapler.invoke(Stapler.java:361) > at org.kohsuke.stapler.Stapler.service(Stapler.java:121) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:45) > at > winstone.ServletConfiguration.execute(ServletConfiguration.java:249) > at winstone.RequestDispatcher.forward(RequestDispatcher.java:335) > at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378) > at > hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:38) > at > hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:30) > at > winstone.FilterConfiguration.execute(FilterConfiguration.java:195) > at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368) > at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:88) > at > winstone.FilterConfiguration.execute(FilterConfiguration.java:195) > at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368) > at winstone.RequestDispatcher.forward(RequestDispatcher.java:333) > at > winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244) > at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150) > at java.lang.Thread.run(Thread.java:619) > Caused by: java.lang.Error: This page expects a form submission > at hudson.StructuredForm.get(StructuredForm.java:28) > at hudson.model.Hudson.doConfigSubmit(Hudson.java:1466) > ... 26 more > > > The Location value references an http location instead of https. > > If a go back to the home of Hudson everything seems working until I click on > an URL sending a 302 HTTP status with a malformed Location in the response > headers. > > > Any help would be appreciated, > > Regards, > Alexandre -- Kohsuke Kawaguchi Sun Microsystems [hidden email] |
smime.p7s (4K)
Re: Hudson behind an Apache Reverse Proxy w/ SSL
|
|
Re: Hudson behind an Apache Reverse Proxy w/ SSL
|
Administrator
|
Re: Hudson behind an Apache Reverse Proxy w/ SSL
|
|
Re: Hudson behind an Apache Reverse Proxy w/ SSL
|
Administrator
|
alesque wrote:
> I presume that Hudson is installed from Debian package you provide. > > Edit the file /etc/default/hudson and adapt the HUDSON_ARGS accordingly: > > HUDSON_ARGS="--httpsPort=8443 --httpsKeyStore=/path/to/keystore.jks > --httpsKeyStorePassword=[password]" > > Restart Hudson. > > /etc/init.d/hudson restart then. HTTPS is terminated by Winstone in this case. Is that right? If so, your reverse http proxy forwards to https://127.0.0.1:8443/ instead of http://127.0.0.1:8080/ ? > > > kohsuke wrote: >> >> Out of curiosity and for others in the same situation, how did you >> configure Winstone to do this? >> >> 2008/7/1 alesque <[hidden email]>: >>> >>> Hi, >>> >>> When Winstone runs in HTTP mode, Hudson is not aware that the Apache >>> Reverse >>> Proxy handles connection through https. So Hudson sends redirects with >>> http:// scheme instead of https://. >>> >>> I set SSL up in Winstone and now everything works like a charm. >>> >>> Regards, >>> Alexandre >>> >>> >>> kohsuke wrote: >>>> >>>> >>>> I think first we need to differenciate whether this is a browser >>>> JavaScript problem or the apache problem. >>>> >>>> Please try the scripting console (http://server/hudson/script) and try >>>> typing something like >>>> >>>> print "abc"; >>>> >>>> and click run. If this runs successfully, I suspect the issue is a >>>> browser issue and not your apache configuration. >>>> >>>> Another useful test is try to hit port 8080 directly via HTTP and see if >>>> that's working. >>>> >>>> Let me know those two results and we can narrow down the possibilities. >>>> >>>> alesque wrote: >>>>> I'm currently trying to expose an Hudson instance behind an Apache >>>>> Reverse >>>>> Proxy w/ SSL. >>>>> >>>>> The Apache conf: >>>>> >>>>> <VirtualHost *:443> >>>>> >>>>> ServerName build.domain.tld >>>>> ServerAdmin [hidden email] >>>>> >>>>> ProxyPass / http://127.0.0.1:8080/ >>>>> ProxyPassReverse / http://127.0.0.1:8080/ >>>>> ProxyPreserveHost on >>>>> >>>>> SSLEngine on >>>>> SSLCertificateFile /etc/ssl/private/wildcard_cert.cert >>>>> SSLCertificateKeyFile /etc/ssl/private/wildcard_key.pem >>>>> SSLOptions StrictRequire >>>>> SSLProtocol all -SSLv2 >>>>> >>>>> ErrorLog /var/log/apache2/error.log >>>>> CustomLog /var/log/apache2/access.log combined >>>>> >>>>> </VirtualHost> >>>>> >>>>> Hudson is running with Winstone: >>>>> >>>>> /usr/bin/java -Xmx256m -jar /usr/local/hudson/hudson.war >>>>> >>>>> I modified the Hudson URL through the Manage Hudson / Configure System >>>>> accordingly (e.g. https://build.domain.tld/). When I click Save I get >>>>> an >>>>> error : >>>>> >>>>> Response Headers: >>>>> ----------------- >>>>> Date: Thu, 26 Jun 2008 09:06:43 GMT >>>>> Server: Winstone Servlet Engine v0.9.10 >>>>> Location: http://build.domain.tld/ >>>>> Content-Length: 0 >>>>> X-Powered-By: Servlet/2.5 (Winstone/0.9.10) >>>>> Via: 1.1 build.olympefoundation.org >>>>> Content-Type: text/plain >>>>> Keep-Alive: timeout=5, max=92 >>>>> Connection: Keep-Alive >>>>> >>>>> Response Body: >>>>> -------------- >>>>> <html><head><title>Error 400</title></head><body >>>>> bgcolor="#ffffff"><h1>Status Code: 400</h1>Exception >>>>> : This page expects a form submission<br>Stacktrace: <pre>(none) >>>>> </pre><br><hr size="1" width="90%">Generated by Winstone Servlet Engine >>>>> v0.9.10 at Thu Jun 26 11:06 >>>>> :48 CEST 2008</body></html> >>>>> >>>>> Exception: >>>>> ---------- >>>>> [webapp 2008/06/26 09:23:33] - Error while serving >>>>> http://build.domain.tldnull java.lang.reflect.InvocationTargetException >>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>>> at >>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >>>>> at >>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >>>>> at java.lang.reflect.Method.invoke(Method.java:597) >>>>> at >>>>> org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:103) >>>>> at org.kohsuke.stapler.Function.bindAndinvoke(Function.java:57) >>>>> at >>>>> org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:75) >>>>> at >>>>> org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30) >>>>> at org.kohsuke.stapler.Stapler.invoke(Stapler.java:440) >>>>> at org.kohsuke.stapler.Stapler.invoke(Stapler.java:361) >>>>> at org.kohsuke.stapler.Stapler.service(Stapler.java:121) >>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:45) >>>>> at >>>>> winstone.ServletConfiguration.execute(ServletConfiguration.java:249) >>>>> at >>>>> winstone.RequestDispatcher.forward(RequestDispatcher.java:335) >>>>> at >>>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378) >>>>> at >>>>> hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:38) >>>>> at >>>>> hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:30) >>>>> at >>>>> winstone.FilterConfiguration.execute(FilterConfiguration.java:195) >>>>> at >>>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368) >>>>> at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:88) >>>>> at >>>>> winstone.FilterConfiguration.execute(FilterConfiguration.java:195) >>>>> at >>>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368) >>>>> at >>>>> winstone.RequestDispatcher.forward(RequestDispatcher.java:333) >>>>> at >>>>> winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244) >>>>> at >>>>> winstone.RequestHandlerThread.run(RequestHandlerThread.java:150) >>>>> at java.lang.Thread.run(Thread.java:619) >>>>> Caused by: java.lang.Error: This page expects a form submission >>>>> at hudson.StructuredForm.get(StructuredForm.java:28) >>>>> at hudson.model.Hudson.doConfigSubmit(Hudson.java:1466) >>>>> ... 26 more >>>>> >>>>> >>>>> The Location value references an http location instead of https. >>>>> >>>>> If a go back to the home of Hudson everything seems working until I >>>>> click >>>>> on >>>>> an URL sending a 302 HTTP status with a malformed Location in the >>>>> response >>>>> headers. >>>>> >>>>> >>>>> Any help would be appreciated, >>>>> >>>>> Regards, >>>>> Alexandre >>>> >>>> >>>> -- >>>> Kohsuke Kawaguchi >>>> Sun Microsystems [hidden email] >>>> >>>> >>>> >>> >>> -- >>> View this message in context: >>> http://www.nabble.com/Hudson-behind-an-Apache-Reverse-Proxy-w--SSL-tp18132618p18210874.html >>> Sent from the Hudson users mailing list archive at Nabble.com. >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [hidden email] >>> For additional commands, e-mail: [hidden email] >>> >>> >> >> >> >> -- >> Kohsuke Kawaguchi >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [hidden email] >> For additional commands, e-mail: [hidden email] >> >> >> > -- Kohsuke Kawaguchi Sun Microsystems [hidden email] |
Re: Hudson behind an Apache Reverse Proxy w/ SSL
|
|
Re: Hudson behind an Apache Reverse Proxy w/ SSL
|
Administrator
|
I updated http://hudson.gotdns.com/wiki/display/HUDSON/Running+Hudson+behind+Apache to point back to this e-mail thread. alesque wrote: > Indeed I changed the reverse proxy conf in Apache to: > > <VirtualHost *:443> > > ServerName build.domain.tld > ServerAdmin [hidden email] > > SSLProxyEngine On > ProxyPreserveHost on > ProxyPass / https://127.0.0.1:8443/ > ProxyPassReverse / https://127.0.0.1:8443/ > > SSLEngine on > SSLCertificateFile /path/to/wildcard_cert.cert > SSLCertificateKeyFile /path/to/wildcard_key.pem > SSLOptions StrictRequire > SSLProtocol all -SSLv2 > > [...] > > </VirtualHost> > > > kohsuke wrote: >> >> alesque wrote: >>> I presume that Hudson is installed from Debian package you provide. >>> >>> Edit the file /etc/default/hudson and adapt the HUDSON_ARGS accordingly: >>> >>> HUDSON_ARGS="--httpsPort=8443 --httpsKeyStore=/path/to/keystore.jks >>> --httpsKeyStorePassword=[password]" >>> >>> Restart Hudson. >>> >>> /etc/init.d/hudson restart >> >> Hmm, so I guess you don't terminate HTTPS at Apache in this set up, >> then. HTTPS is terminated by Winstone in this case. Is that right? >> >> If so, your reverse http proxy forwards to https://127.0.0.1:8443/ >> instead of http://127.0.0.1:8080/ ? >> >>> >>> >>> kohsuke wrote: >>>> >>>> Out of curiosity and for others in the same situation, how did you >>>> configure Winstone to do this? >>>> >>>> 2008/7/1 alesque <[hidden email]>: >>>>> >>>>> Hi, >>>>> >>>>> When Winstone runs in HTTP mode, Hudson is not aware that the Apache >>>>> Reverse >>>>> Proxy handles connection through https. So Hudson sends redirects with >>>>> http:// scheme instead of https://. >>>>> >>>>> I set SSL up in Winstone and now everything works like a charm. >>>>> >>>>> Regards, >>>>> Alexandre >>>>> >>>>> >>>>> kohsuke wrote: >>>>>> >>>>>> >>>>>> I think first we need to differenciate whether this is a browser >>>>>> JavaScript problem or the apache problem. >>>>>> >>>>>> Please try the scripting console (http://server/hudson/script) and try >>>>>> typing something like >>>>>> >>>>>> print "abc"; >>>>>> >>>>>> and click run. If this runs successfully, I suspect the issue is a >>>>>> browser issue and not your apache configuration. >>>>>> >>>>>> Another useful test is try to hit port 8080 directly via HTTP and see >>>>>> if >>>>>> that's working. >>>>>> >>>>>> Let me know those two results and we can narrow down the >>>>>> possibilities. >>>>>> >>>>>> alesque wrote: >>>>>>> I'm currently trying to expose an Hudson instance behind an Apache >>>>>>> Reverse >>>>>>> Proxy w/ SSL. >>>>>>> >>>>>>> The Apache conf: >>>>>>> >>>>>>> <VirtualHost *:443> >>>>>>> >>>>>>> ServerName build.domain.tld >>>>>>> ServerAdmin [hidden email] >>>>>>> >>>>>>> ProxyPass / http://127.0.0.1:8080/ >>>>>>> ProxyPassReverse / http://127.0.0.1:8080/ >>>>>>> ProxyPreserveHost on >>>>>>> >>>>>>> SSLEngine on >>>>>>> SSLCertificateFile /etc/ssl/private/wildcard_cert.cert >>>>>>> SSLCertificateKeyFile /etc/ssl/private/wildcard_key.pem >>>>>>> SSLOptions StrictRequire >>>>>>> SSLProtocol all -SSLv2 >>>>>>> >>>>>>> ErrorLog /var/log/apache2/error.log >>>>>>> CustomLog /var/log/apache2/access.log combined >>>>>>> >>>>>>> </VirtualHost> >>>>>>> >>>>>>> Hudson is running with Winstone: >>>>>>> >>>>>>> /usr/bin/java -Xmx256m -jar /usr/local/hudson/hudson.war >>>>>>> >>>>>>> I modified the Hudson URL through the Manage Hudson / Configure >>>>>>> System >>>>>>> accordingly (e.g. https://build.domain.tld/). When I click Save I get >>>>>>> an >>>>>>> error : >>>>>>> >>>>>>> Response Headers: >>>>>>> ----------------- >>>>>>> Date: Thu, 26 Jun 2008 09:06:43 GMT >>>>>>> Server: Winstone Servlet Engine v0.9.10 >>>>>>> Location: http://build.domain.tld/ >>>>>>> Content-Length: 0 >>>>>>> X-Powered-By: Servlet/2.5 (Winstone/0.9.10) >>>>>>> Via: 1.1 build.olympefoundation.org >>>>>>> Content-Type: text/plain >>>>>>> Keep-Alive: timeout=5, max=92 >>>>>>> Connection: Keep-Alive >>>>>>> >>>>>>> Response Body: >>>>>>> -------------- >>>>>>> <html><head><title>Error 400</title></head><body >>>>>>> bgcolor="#ffffff"><h1>Status Code: 400</h1>Exception >>>>>>> : This page expects a form submission<br>Stacktrace: <pre>(none) >>>>>>> </pre><br><hr size="1" width="90%">Generated by Winstone Servlet >>>>>>> Engine >>>>>>> v0.9.10 at Thu Jun 26 11:06 >>>>>>> :48 CEST 2008</body></html> >>>>>>> >>>>>>> Exception: >>>>>>> ---------- >>>>>>> [webapp 2008/06/26 09:23:33] - Error while serving >>>>>>> http://build.domain.tldnull >>>>>>> java.lang.reflect.InvocationTargetException >>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native >>>>>>> Method) >>>>>>> at >>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >>>>>>> at >>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >>>>>>> at java.lang.reflect.Method.invoke(Method.java:597) >>>>>>> at >>>>>>> org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:103) >>>>>>> at >>>>>>> org.kohsuke.stapler.Function.bindAndinvoke(Function.java:57) >>>>>>> at >>>>>>> org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:75) >>>>>>> at >>>>>>> org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30) >>>>>>> at org.kohsuke.stapler.Stapler.invoke(Stapler.java:440) >>>>>>> at org.kohsuke.stapler.Stapler.invoke(Stapler.java:361) >>>>>>> at org.kohsuke.stapler.Stapler.service(Stapler.java:121) >>>>>>> at >>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:45) >>>>>>> at >>>>>>> winstone.ServletConfiguration.execute(ServletConfiguration.java:249) >>>>>>> at >>>>>>> winstone.RequestDispatcher.forward(RequestDispatcher.java:335) >>>>>>> at >>>>>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378) >>>>>>> at >>>>>>> hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:38) >>>>>>> at >>>>>>> hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:30) >>>>>>> at >>>>>>> winstone.FilterConfiguration.execute(FilterConfiguration.java:195) >>>>>>> at >>>>>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368) >>>>>>> at >>>>>>> hudson.security.HudsonFilter.doFilter(HudsonFilter.java:88) >>>>>>> at >>>>>>> winstone.FilterConfiguration.execute(FilterConfiguration.java:195) >>>>>>> at >>>>>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368) >>>>>>> at >>>>>>> winstone.RequestDispatcher.forward(RequestDispatcher.java:333) >>>>>>> at >>>>>>> winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244) >>>>>>> at >>>>>>> winstone.RequestHandlerThread.run(RequestHandlerThread.java:150) >>>>>>> at java.lang.Thread.run(Thread.java:619) >>>>>>> Caused by: java.lang.Error: This page expects a form submission >>>>>>> at hudson.StructuredForm.get(StructuredForm.java:28) >>>>>>> at hudson.model.Hudson.doConfigSubmit(Hudson.java:1466) >>>>>>> ... 26 more >>>>>>> >>>>>>> >>>>>>> The Location value references an http location instead of https. >>>>>>> >>>>>>> If a go back to the home of Hudson everything seems working until I >>>>>>> click >>>>>>> on >>>>>>> an URL sending a 302 HTTP status with a malformed Location in the >>>>>>> response >>>>>>> headers. >>>>>>> >>>>>>> >>>>>>> Any help would be appreciated, >>>>>>> >>>>>>> Regards, >>>>>>> Alexandre >>>>>> >>>>>> >>>>>> -- >>>>>> Kohsuke Kawaguchi >>>>>> Sun Microsystems [hidden email] >>>>>> >>>>>> >>>>>> >>>>> >>>>> -- >>>>> View this message in context: >>>>> http://www.nabble.com/Hudson-behind-an-Apache-Reverse-Proxy-w--SSL-tp18132618p18210874.html >>>>> Sent from the Hudson users mailing list archive at Nabble.com. >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: [hidden email] >>>>> For additional commands, e-mail: [hidden email] >>>>> >>>>> >>>> >>>> >>>> >>>> -- >>>> Kohsuke Kawaguchi >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [hidden email] >>>> For additional commands, e-mail: [hidden email] >>>> >>>> >>>> >>> >> >> >> -- >> Kohsuke Kawaguchi >> Sun Microsystems [hidden email] >> >> >> > -- Kohsuke Kawaguchi Sun Microsystems [hidden email] |
| Free forum by Nabble | Edit this page |