Jenkins reports reverse proxy setup incorrect with Apache using virtual hosts with SNI

The one issue that I see with your config is that:

ProxyPassReverse  /  https://jenkins.example.com

Should be:

ProxyPassReverse  /  https://jenkins.example.com/

Seems like the service is sending http:// instead of https:// location headers (probably because your connection to its listener from Apache is unencrypted on the localhost listener), in which case you'll need to add:

ProxyPassReverse  /  http://jenkins.example.com/

So, what's probably occurring currently is the API call is failing because it gets an http:// address in the Location: header of the redirect (which is missed for un-translation in the ProxyPassReverse because it's not http).

It sends the request to that location and gets another redirect response, from your <VirtualHost *:80>. Their validity checker knows that ain't right and errors, while curl follows one more redirect and gets a valid response.

Add the ProxyPassReverse for http:// above and this should correct the issue, if I'm right.


If you use Apache as reverse proxy, it needs to be at least 2.2.18 and set the option AllowEncodedSlashes NoDecode (earlier versions only have values On and Off, both of which are wrong); as well as nocanon in the ProxyPass directive.

Both need to be set within the VirtualHost, as AllowEncodedSlashes isn't inherited.

<VirtualHost *:80>
        AllowEncodedSlashes NoDecode
        ServerName build.example.org
        ProxyPass         /  http://localhost:8080/ nocanon
        ProxyPassReverse  /  http://localhost:8080/
        ProxyRequests     Off
</VirtualHost>