Jenkins 与 Nginx,仅需监听 https 端口

Jenkins 与 Nginx,仅需监听 https 端口

我在 AWS EC2 中有 Jenkins 实例。我已经安装了 Jenkins 端口8080。并且我有。 我nginx的:reverse-proxy
jenkins.mydomain.com.conf

server {
    listen       80;
    server_name   jenkins.mydomain.com;
    server_name_in_redirect on;

    location /.well-known {
        root /usr/share/nginx/html/letsencrypt-pig/jenkins.mydomain.com;
    }

    location / {
    rewrite        ^ https://$server_name$request_uri? permanent;
    #proxy_pass  http://127.0.0.1:8080;
    proxy_redirect      off;
    proxy_set_header    Host    $host;
    proxy_set_header    X-Real-IP       $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

server {
    listen       443 ssl;
    server_name  jenkins.mydomain.com;
#    server_name_in_redirect on;
    access_log      /var/log/nginx/ssl-access.log;
    error_log       /var/log/nginx/ssl-error.log;
    #ssl                  on;
    ssl_certificate     /etc/letsencrypt/live/jenkins.mydomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/jenkins.mydomain.com/privkey.pem;

    location /.well-known {
        root /usr/share/nginx/html/letsencrypt-pig/jenkins.mydomain.com;
    }

  location / {
    proxy_pass  http://127.0.0.1:8080; # internal ip
#    add_header Access-Control-Allow-Origin *;
    proxy_redirect      off;
    proxy_set_header    Host    $host;
    proxy_set_header    X-Real-IP       $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

一切都很好。它工作正常。但是,我不想80 port在安全组中打开。因此,当我删除80 port 在此处输入图片描述

security group,我可以https://jenkins.mydomain.com看看Login page 在此处输入图片描述

但当我采取Sign in行动时,我有timeout然后 在此处输入图片描述

答案1

我的詹金斯location块中有以下几行:

proxy_set_header X-Forwarded-Host "jenkins.example.com";
proxy_set_header X-Forwarded-Proto "https";

尤其是后者非常重要,它告诉 Jenkins 它应该生成httpsURL。

有关在 nginx 反向代理后运行 Jenkins 的更多信息:https://wiki.jenkins.io/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy

相关内容