> Indeed I changed the reverse proxy conf in Apache to:
>
> <VirtualHost *:443>
>
> ServerName build.domain.tld
> ServerAdmin
[hidden email]
>
> SSLProxyEngine On
> ProxyPreserveHost on
> ProxyPass /
https://127.0.0.1:8443/> ProxyPassReverse /
https://127.0.0.1:8443/>
> SSLEngine on
> SSLCertificateFile /path/to/wildcard_cert.cert
> SSLCertificateKeyFile /path/to/wildcard_key.pem
> SSLOptions StrictRequire
> SSLProtocol all -SSLv2
>
> [...]
>
> </VirtualHost>
>
>
> kohsuke wrote:
>>
>> alesque wrote:
>>> I presume that Hudson is installed from Debian package you provide.
>>>
>>> Edit the file /etc/default/hudson and adapt the HUDSON_ARGS accordingly:
>>>
>>> HUDSON_ARGS="--httpsPort=8443 --httpsKeyStore=/path/to/keystore.jks
>>> --httpsKeyStorePassword=[password]"
>>>
>>> Restart Hudson.
>>>
>>> /etc/init.d/hudson restart
>>
>> Hmm, so I guess you don't terminate HTTPS at Apache in this set up,
>> then. HTTPS is terminated by Winstone in this case. Is that right?
>>
>> If so, your reverse http proxy forwards to
https://127.0.0.1:8443/
>> instead of
http://127.0.0.1:8080/ ?
>>
>>>
>>>
>>> kohsuke wrote:
>>>>
>>>> Out of curiosity and for others in the same situation, how did you
>>>> configure Winstone to do this?
>>>>
>>>> 2008/7/1 alesque <
[hidden email]>:
>>>>>
>>>>> Hi,
>>>>>
>>>>> When Winstone runs in HTTP mode, Hudson is not aware that the Apache
>>>>> Reverse
>>>>> Proxy handles connection through https. So Hudson sends redirects with
>>>>> http:// scheme instead of https://.
>>>>>
>>>>> I set SSL up in Winstone and now everything works like a charm.
>>>>>
>>>>> Regards,
>>>>> Alexandre
>>>>>
>>>>>
>>>>> kohsuke wrote:
>>>>>>
>>>>>>
>>>>>> I think first we need to differenciate whether this is a browser
>>>>>> JavaScript problem or the apache problem.
>>>>>>
>>>>>> Please try the scripting console (
http://server/hudson/script) and try
>>>>>> typing something like
>>>>>>
>>>>>> print "abc";
>>>>>>
>>>>>> and click run. If this runs successfully, I suspect the issue is a
>>>>>> browser issue and not your apache configuration.
>>>>>>
>>>>>> Another useful test is try to hit port 8080 directly via HTTP and see
>>>>>> if
>>>>>> that's working.
>>>>>>
>>>>>> Let me know those two results and we can narrow down the
>>>>>> possibilities.
>>>>>>
>>>>>> alesque wrote:
>>>>>>> I'm currently trying to expose an Hudson instance behind an Apache
>>>>>>> Reverse
>>>>>>> Proxy w/ SSL.
>>>>>>>
>>>>>>> The Apache conf:
>>>>>>>
>>>>>>> <VirtualHost *:443>
>>>>>>>
>>>>>>> ServerName build.domain.tld
>>>>>>> ServerAdmin
[hidden email]
>>>>>>>
>>>>>>> ProxyPass /
http://127.0.0.1:8080/>>>>>>> ProxyPassReverse /
http://127.0.0.1:8080/>>>>>>> ProxyPreserveHost on
>>>>>>>
>>>>>>> SSLEngine on
>>>>>>> SSLCertificateFile /etc/ssl/private/wildcard_cert.cert
>>>>>>> SSLCertificateKeyFile /etc/ssl/private/wildcard_key.pem
>>>>>>> SSLOptions StrictRequire
>>>>>>> SSLProtocol all -SSLv2
>>>>>>>
>>>>>>> ErrorLog /var/log/apache2/error.log
>>>>>>> CustomLog /var/log/apache2/access.log combined
>>>>>>>
>>>>>>> </VirtualHost>
>>>>>>>
>>>>>>> Hudson is running with Winstone:
>>>>>>>
>>>>>>> /usr/bin/java -Xmx256m -jar /usr/local/hudson/hudson.war
>>>>>>>
>>>>>>> I modified the Hudson URL through the Manage Hudson / Configure
>>>>>>> System
>>>>>>> accordingly (e.g.
https://build.domain.tld/). When I click Save I get
>>>>>>> an
>>>>>>> error :
>>>>>>>
>>>>>>> Response Headers:
>>>>>>> -----------------
>>>>>>> Date: Thu, 26 Jun 2008 09:06:43 GMT
>>>>>>> Server: Winstone Servlet Engine v0.9.10
>>>>>>> Location:
http://build.domain.tld/>>>>>>> Content-Length: 0
>>>>>>> X-Powered-By: Servlet/2.5 (Winstone/0.9.10)
>>>>>>> Via: 1.1 build.olympefoundation.org
>>>>>>> Content-Type: text/plain
>>>>>>> Keep-Alive: timeout=5, max=92
>>>>>>> Connection: Keep-Alive
>>>>>>>
>>>>>>> Response Body:
>>>>>>> --------------
>>>>>>> <html><head><title>Error 400</title></head><body
>>>>>>> bgcolor="#ffffff"><h1>Status Code: 400</h1>Exception
>>>>>>> : This page expects a form submission<br>Stacktrace: <pre>(none)
>>>>>>> </pre><br><hr size="1" width="90%">Generated by Winstone Servlet
>>>>>>> Engine
>>>>>>> v0.9.10 at Thu Jun 26 11:06
>>>>>>> :48 CEST 2008</body></html>
>>>>>>>
>>>>>>> Exception:
>>>>>>> ----------
>>>>>>> [webapp 2008/06/26 09:23:33] - Error while serving
>>>>>>>
http://build.domain.tldnull>>>>>>> java.lang.reflect.InvocationTargetException
>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>>>>> Method)
>>>>>>> at
>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>>> at
>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>>>>> at
>>>>>>> org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:103)
>>>>>>> at
>>>>>>> org.kohsuke.stapler.Function.bindAndinvoke(Function.java:57)
>>>>>>> at
>>>>>>> org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:75)
>>>>>>> at
>>>>>>> org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30)
>>>>>>> at org.kohsuke.stapler.Stapler.invoke(Stapler.java:440)
>>>>>>> at org.kohsuke.stapler.Stapler.invoke(Stapler.java:361)
>>>>>>> at org.kohsuke.stapler.Stapler.service(Stapler.java:121)
>>>>>>> at
>>>>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
>>>>>>> at
>>>>>>> winstone.ServletConfiguration.execute(ServletConfiguration.java:249)
>>>>>>> at
>>>>>>> winstone.RequestDispatcher.forward(RequestDispatcher.java:335)
>>>>>>> at
>>>>>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378)
>>>>>>> at
>>>>>>> hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:38)
>>>>>>> at
>>>>>>> hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:30)
>>>>>>> at
>>>>>>> winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
>>>>>>> at
>>>>>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
>>>>>>> at
>>>>>>> hudson.security.HudsonFilter.doFilter(HudsonFilter.java:88)
>>>>>>> at
>>>>>>> winstone.FilterConfiguration.execute(FilterConfiguration.java:195)
>>>>>>> at
>>>>>>> winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368)
>>>>>>> at
>>>>>>> winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
>>>>>>> at
>>>>>>> winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244)
>>>>>>> at
>>>>>>> winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
>>>>>>> at java.lang.Thread.run(Thread.java:619)
>>>>>>> Caused by: java.lang.Error: This page expects a form submission
>>>>>>> at hudson.StructuredForm.get(StructuredForm.java:28)
>>>>>>> at hudson.model.Hudson.doConfigSubmit(Hudson.java:1466)
>>>>>>> ... 26 more
>>>>>>>
>>>>>>>
>>>>>>> The Location value references an http location instead of https.
>>>>>>>
>>>>>>> If a go back to the home of Hudson everything seems working until I
>>>>>>> click
>>>>>>> on
>>>>>>> an URL sending a 302 HTTP status with a malformed Location in the
>>>>>>> response
>>>>>>> headers.
>>>>>>>
>>>>>>>
>>>>>>> Any help would be appreciated,
>>>>>>>
>>>>>>> Regards,
>>>>>>> Alexandre
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Kohsuke Kawaguchi
>>>>>> Sun Microsystems
[hidden email]
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>>
http://www.nabble.com/Hudson-behind-an-Apache-Reverse-Proxy-w--SSL-tp18132618p18210874.html>>>>> Sent from the Hudson users mailing list archive at Nabble.com.
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail:
[hidden email]
>>>>> For additional commands, e-mail:
[hidden email]
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Kohsuke Kawaguchi
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail:
[hidden email]
>>>> For additional commands, e-mail:
[hidden email]
>>>>
>>>>
>>>>
>>>
>>
>>
>> --
>> Kohsuke Kawaguchi
>> Sun Microsystems
[hidden email]
>>
>>
>>
>
Locked
smime.p7s (4K)