Created
May 25, 2015 11:49
-
-
Save xelwarto/ac4f8b43e4194355082c to your computer and use it in GitHub Desktop.
Jenkins CI haproxy configuration example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global | |
| chroot /var/lib/haproxy | |
| crt-base /etc/pki/tls/certs | |
| daemon | |
| group haproxy | |
| log 127.0.0.1 local0 | |
| maxconn 2000 | |
| pidfile /var/run/haproxy.pid | |
| stats socket /var/lib/haproxy/stats | |
| tune.ssl.default-dh-param 2048 | |
| user haproxy | |
| defaults | |
| log global | |
| maxconn 2000 | |
| mode http | |
| option redispatch | |
| option forwardfor | |
| option http-server-close | |
| retries 3 | |
| timeout http-request 10s | |
| timeout queue 1m | |
| timeout connect 10s | |
| timeout client 1m | |
| timeout server 1m | |
| timeout check 10s | |
| frontend jenkins | |
| bind *:443 no-sslv3 ssl crt jenkins-ci.cert | |
| bind *:80 | |
| default_backend jenkins-mstr | |
| redirect location https://jenkins.my.domain/ if !{ ssl_fc } | |
| reqadd X-Forwarded-Proto:\ http | |
| backend jenkins-mstr | |
| balance roundrobin | |
| http-request set-header Host 127.0.0.1:8080 | |
| reqirep ^([^\ \t:]*:)\ https://jenkins.my.domain/(.*) \1\ http://127.0.0.1:8080/\2 | |
| rspirep ^([^\ \t:]*:)\ http://127.0.0.1:8080/(.*) \1\ https://jenkins.my.domain/\2 | |
| server jenkins01 127.0.0.1:8080 check |
I'm running HAProxy 2.2 on a Debian 11 server as reverse proxy (HA-Proxy version 2.2.9-2+deb11u3 2022/03/10).
Behind it I'm running Jenkins 2.332.3 on another Debian 11 server.
The goal is to get Jenkins accessible via a subdomain (e.g. https://jenkins.example.com).
The SSL-configuraiton is valid since it works for other services quite well.
This is my standard frontend config of HAProxy
frontend https
# Binds
bind *:80
bind *:443 ssl crt /etc/ssl/private/example.com.cert.pem
redirect scheme https code 301 if !{ ssl_fc }
# Mode
mode http
option http-server-close
http-request set-header X-Forwarded-For %[src]
use_backend jenkins_srvc if { hdr(host) -i jenkins.example.com }
And now I'm struggling to get the backend configuration working
Thank you very much in advance
Oh I found it. Here is the proper backend configuration for the frontend configuration I posted above:
backend jenkins_srvc
option forwardfor
mode http
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Host %[req.hdr(Host)]
server cicd01 10.1.1.39:8080 check
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@MAnasKhalid and @persus - I appreciate your feedback, however it has been a long while since I have worked with this and if this config is no longer relevant, I may just remove it. I am not sure if I will have the time but I may try to replicate the issue you reported; can you provide details on your setup ... software versions, setup, configurations, etc.