Jenkins reports reverse proxy setup incorrect with Apache using virtual hosts with SNI
The one issue that I see with your config is that:
ProxyPassReverse / https://jenkins.example.com
Should be:
ProxyPassReverse / https://jenkins.example.com/
Seems like the service is sending http://
instead of https://
location headers (probably because your connection to its listener from Apache is unencrypted on the localhost listener), in which case you'll need to add:
ProxyPassReverse / http://jenkins.example.com/
So, what's probably occurring currently is the API call is failing because it gets an http://
address in the Location:
header of the redirect (which is missed for un-translation in the ProxyPassReverse
because it's not http
).
It sends the request to that location and gets another redirect response, from your <VirtualHost *:80>
. Their validity checker knows that ain't right and errors, while curl
follows one more redirect and gets a valid response.
Add the ProxyPassReverse
for http://
above and this should correct the issue, if I'm right.
If you use Apache as reverse proxy, it needs to be at least 2.2.18 and set the option AllowEncodedSlashes NoDecode
(earlier versions only have values On and Off, both of which are wrong); as well as nocanon
in the ProxyPass
directive.
Both need to be set within the VirtualHost, as AllowEncodedSlashes isn't inherited.
<VirtualHost *:80>
AllowEncodedSlashes NoDecode
ServerName build.example.org
ProxyPass / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/
ProxyRequests Off
</VirtualHost>