Rundeck behind web proxy

Question

I am setting up Rundeck internally for myself to test. I currently an attempting to access the Official repositories for plugins however I know for a fact the server has no internet connection.

I see nowhere in the documentation for instructions on how to apply the webproxy to the rundeck application.

Has anyone done this before?

EDIT

The Server is a RHEL8 machine. I am not referring to using a reverse proxy.

** FOUND ANSWER **

After a couple of days of searching:

• If you are using a server that is disconnected from the internet
• Have an internal proxy to route external traffic
• Using the RHEL package of rundeck

Solution

1. edit your /etc/sysconfig/rundeckd file

2. paste custom RDECK_JVM_SETTINGS at the end of the file

RDECK_JVM_SETTINGS="${RDECK_JVM_SETTINGS:- -Xmx1024m -Xms256m -XX:MaxMetaspaceSize=256m -server -Dhttp.proxySet=true -Dhttp.proxyHost=server -Dhttp.proxyPort=8080 -Dhttps.proxySet=true -Dhttps.proxyHost=server -Dhttps.proxyPort=80 -Dhttp.nonProxyHosts=*.place.com }"

Answer 1

lets assume your rundeck is running in internal server with domain name "internal-rundeck.com:4440" and you want to expose it on "external-rundeck.com/rundeck" domain through nginx---follow below steps

step 1: In rundeck

RUNDECK_GRAILS_URL="external-rundeck.com/rundeck"
RUNDECK_SERVER_CONTEXTPATH=/="/rundeck"
RUNDECK_SERVER_FORWARDED=true

set above configurations in deployment file as environment variables

step 2: In nginx

location /rundeck/ {

proxy_pass http://internal-rundeck.com:4440/rundeck/;

}

add this in your nginx config file it works

Answer 2

After a couple of days of searching:

• If you are using a server that is disconnected from the internet
• Have an internal proxy to route external traffic
• Using the RHEL package of rundeck

Solution

1. edit your /etc/sysconfig/rundeckd file

2. paste custom RDECK_JVM_SETTINGS at the end of the file

   RDECK_JVM_SETTINGS="${RDECK_JVM_SETTINGS:- -Xmx1024m -Xms256m -XX:MaxMetaspaceSize=256m -server -Dhttp.proxySet=true -Dhttp.proxyHost=server -Dhttp.proxyPort=8080 -Dhttps.proxySet=true -Dhttps.proxyHost=server -Dhttps.proxyPort=80 -Dhttp.nonProxyHosts=*.place.com }"

Answer 3

You can test it quickly using Docker Compose.

The idea is to put the NGINX container in front of the Rundeck container.

/your/path/docker-compose.yml content:

version: "3.7"
services:
  rundeck:
    build:
      context: .
      args:
        IMAGE: ${RUNDECK_IMAGE:-rundeck/rundeck:3.3.10}
    container_name: rundeck-nginx
    ports:
    - 4440:4440
    environment:
      RUNDECK_GRAILS_URL: http://localhost
      RUNDECK_SERVER_FORWARDED: "true"
  nginx:
    image: nginx:alpine
    volumes:
      - ./config/nginx.conf:/etc/nginx/conf.d/default.conf:ro
    ports:
    - 80:80

/your/path/Dockerfile content:

ARG IMAGE
FROM ${IMAGE}

If you check the volumes block you need a specific NGINX configuration at /config path:

/your/path/config/nginx.conf content:

server {
    listen 80 default_server;
    server_name rundeck-cl;

    location / {
        # get the rundeck internal address/port
        proxy_pass http://rundeck:4440;
     }
}

To build:

docker-compose build

To run:

docker-compose up

To see your Rundeck instance:

Open your browser and put localhost, you can see Rundeck behind the NGINX proxy server.

Edit: I leave an example using NGINX on CENTOS/RHEL

1- Install Rundeck via YUM on Rundeck Server.

2- Install NGINX via YUM, just do sudo yum -y install nginx (if you like, you can do this in the same Rundeck server or just in another one).

3- NGINX side. Go to /etc/nginx/nginx.conf and add the following block inside server section:

        location /rundeck {
            proxy_pass http://your-rundeck-host:4440;
        }

Save the file.

4- RUNDECK side. Create a new file at /etc/sysconfig path named rundeckd with the following content:

RDECK_JVM_OPTS="-Dserver.web.context=/rundeck"

Give permissions to rundeck user: chown rundeck:rundeck /etc/sysconfig/rundeckd and save it.

5- RUNDECK side. Open the /etc/rundeck/rundeck-config.properties file and check the grails.serverURL parameter, you need to put the external IP or server DNS name and the correct context defined at NGINX side configuration.

grails.serverURL=http://your-nginx-ip-or-dns-name/rundeck

Save it.

6- NGINX side. Start the NGINX service: systemctl start nginx (later if you like to enable on every boot, just do systemctl enable nginx).

7- RUNDECK side. Start the Rundeck service, systemctl start rundeckd (this takes some seconds, later you can enable the service to start on every server boot, just do: systemctl enable rundeckd).

Now rundeck is behind the NGINX proxy server, just open your browser and type: http://your-nginx-ip-or-dns-name/rundeck.