Reputation: 668
Jenkins behind Apache Server / Can't log in Jenkins
I'm running an Apache Server 2.2 to handle Jenkins and SonaType Nexus information (both installed as Windows Service). While SonatypeNexus runs perfectly Jenkins doesn't. To be more specific: I'can't log in Jenkins. Just for your notice: we are using LDAP to login, but this can't be the reason for login failure, as login from local host works.
If I try to log in Jenkins from localhost:8071 it works perfectly.
When I log in from another system via network (using https://myServer.com:8095/) I can browse and configure Jenkins, but I can't login. Whenever I try I get "redirected" to the page of Jenkins I was on before hitting the "login" button.
Security settings are set to "everyone can do anything" -> can't be the reason either.
Hint 0: As you maybe already noticed we are using https for for any request from the outside dedicated to the server. But within the server Apache only uses http to handle information -> could this lead to problems?
Hint 1: I only get "redirected" using correct login parameters. Using wrong ones is leading me to the "Invalid login information. Please try again." page.
Hint 2: Sonatype Nexus is running behind the same Apache Server and works great.
Potentional Reason: guess the reason why I can login via localhost, but not via network must be our Apache 2.2 server which is handling information wrong. By using localhost I can bypass Apache (-> works) but via network Apache gets used (-> don't work).
Any ideas how to fix this or at least what the reason could be?
Here are some settings from apache server (httpd-ssl.conf) that maybe could be useful:
<VirtualHost *:8095>
ServerName myServer.com
ServerAdmin [email protected]
# Nexus via HTTPS.
ProxyPass /nexus http://localhost:8072/nexus
ProxyPassReverse /nexus http://localhost:8072/nexus
ProxyPassReverseCookiePath / /nexus
RequestHeader set X-Forwarded-Proto "https"
ErrorLog logs/nexus_error_ssl.log
CustomLog logs/nexus_access_ssl.log common
# Jenkins via HTTPS.
ProxyPass / http://localhost:8071/ nocanon
ProxyPassReverse / http://localhost:8071/
ProxyPassReverse / http://my.host.com/
# also tested second ProxyPassReverse with specific port
ProxyPassReverseCookiePath / /
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
ProxyRequests Off
AllowEncodedSlashes NoDecode
SSLEngine on
Upvotes: 1
Views: 2953
Answers (2)
Reputation: 668
I'm not sure if i describe my solution correct, since my collegue found the answer and not me.
Since the Apache was handling https (incomming from jenkins) correctly (requests reached LDAP), but was unable to pass http information (incomming from LDAP) correctly (login was unable).
So he took a look at the http settings and configured the settings to enable http. This was leading to our goal -> we can login now, BUT it also leads towards another problem -> http is enabled and usable for users...
Upvotes: 1
Reputation: 2280
On this page, it hints that you might need to add another ProxyPassReverse to fix http links generated by Jenkins:
ProxyPassReverse / http://your.host.com:8095/
Also, it mentions that you should add
ProxyPreserveHost On
to your config. Please check the link for further information.
Upvotes: 0
Related Questions
- Jenkins Security - Unable to login
- unable to login to jenkins.Throwing an error like invalid login information,please try again.Even we entered correct credential
- Unable to login Jenkins-Invalid username or password error
- unable to login to jenkins(Unlock Jenkins)
- How to access Jenkins after enabling require login?
- Cannot access Jenkins
- Cannot login Jenkins
- Jenkins "Invalid Login Information"
- Login to Jenkins via URL
- Apache basic authentication issue with reverse proxy