Bry*_*lls 6 ssl nginx https jenkins
我在为我的 Jenkins CI 服务器设置 SSL 时遇到问题。我在 nginx 后面使用 Jenkins 作为反向代理。我upstream prematurely closed connection while reading response header from upstream在我的jenkins.error.log文件中收到这些错误。
2014/09/30 13:01:49 [error] 4875#0: *1 upstream prematurely closed connection while reading response header from upstream, client: <MY IP ADDR>, server: jenkins.<SERVER URL>.com, request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:8080/favicon.ico", host: "jenkins.<SERVER URL>.com"
2014/09/30 13:01:50 [error] 4875#0: *1 upstream prematurely closed connection while reading response header from upstream, client: <MY IP ADDR>, server: jenkins.<SERVER URL>.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "jenkins.<SERVER URL>.com"
詹金斯正在运行。我可以通过连接https://<SERVER IP ADDR>:8080(即使 Chrome 抱怨证书)。不过,nginx 给了我一条502 Bad Gateway官方网址的消息。
站点可用配置:
upstream jenkins {
server 127.0.0.1:8080 fail_timeout=0;
}
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443;
#listen [::]:443 default ipv6only=on;
server_name jenkins.<SERVER URL>.com <SERVER IP ADDR>;
ssl on;
ssl_certificate /etc/nginx/ssl/jenkins.<SERVER URL>.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/<SERVER URL>.com.key;
access_log /etc/nginx/logs/jenkins.access.log;
error_log /etc/nginx/logs/jenkins.error.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// https://;
proxy_pass http://jenkins;
}
}
问题在于詹金斯本身。我们最初为 Jenkins 禁用了 http 端口,只允许 https。一旦我们再次允许 http,我们就只允许来自 127.0.0.1 的请求,这解决了我们的问题。
tl;dr: 启用http端口,仅允许通过127.0.0.1的请求
| 归档时间: |
|
| 查看次数: |
25386 次 |
| 最近记录: |