How to disable http to https re-direct in Jenkins?
0
I currently have Jenkins running behind SSL with http re-driecting to https. For a custom integration which doesn't support SSL yet, I need to disable the http to https re-direct. I am unable to do so by commenting the re-direct in apache conf.
Following is my apache config.
<VirtualHost *:80>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
ProxyRequests Off
ProxyVia On
Redirect permanent / https://jenkins-tb.myorg.com/
# RewriteEngine On
# RewriteCond %{HTTPS} !=on
# RewriteRule ^/?login/(.*) https://%{SERVER_NAME}/login/$1 [R,L]
</Virtualhost>
<VirtualHost *:443>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/apache2/ssl/crt/jenkins-asd.myorg.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/key/server_jenkins-asd.myorg.com.key
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
# ProxyPassReverse /login http://jenkins-thunderbolt.myorg.com/login
# ProxyPassReverse /login https://jenkins-thunderbolt.myorg.com/login
ProxyPass /sonar http://localhost:9000/sonar
ProxyPassReverse /sonar http://localhost:9000/sonar
RequestHeader set X_FORWARDED_PROTO "https"
RequestHeader set X-Forwarded-Port "443"
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
<Proxy http://localhost:8080/*>
Order allow,deny
Allow from all
</Proxy>
ProxyPreserveHost on
# AllowEncodedSlashes NoDecode
</VirtualHost>
How do i re-enable http without disabling https? Basically need to stop re-direction from http to https.
apache jenkins reverse-proxy
asked Nov 22 '18 at 6:54
JeelJeel
684822
add a comment |
0
I currently have Jenkins running behind SSL with http re-driecting to https. For a custom integration which doesn't support SSL yet, I need to disable the http to https re-direct. I am unable to do so by commenting the re-direct in apache conf.
Following is my apache config.
<VirtualHost *:80>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
ProxyRequests Off
ProxyVia On
Redirect permanent / https://jenkins-tb.myorg.com/
# RewriteEngine On
# RewriteCond %{HTTPS} !=on
# RewriteRule ^/?login/(.*) https://%{SERVER_NAME}/login/$1 [R,L]
</Virtualhost>
<VirtualHost *:443>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/apache2/ssl/crt/jenkins-asd.myorg.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/key/server_jenkins-asd.myorg.com.key
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
# ProxyPassReverse /login http://jenkins-thunderbolt.myorg.com/login
# ProxyPassReverse /login https://jenkins-thunderbolt.myorg.com/login
ProxyPass /sonar http://localhost:9000/sonar
ProxyPassReverse /sonar http://localhost:9000/sonar
RequestHeader set X_FORWARDED_PROTO "https"
RequestHeader set X-Forwarded-Port "443"
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
<Proxy http://localhost:8080/*>
Order allow,deny
Allow from all
</Proxy>
ProxyPreserveHost on
# AllowEncodedSlashes NoDecode
</VirtualHost>
How do i re-enable http without disabling https? Basically need to stop re-direction from http to https.
apache jenkins reverse-proxy
asked Nov 22 '18 at 6:54
JeelJeel
684822
add a comment |
0
0
0
I currently have Jenkins running behind SSL with http re-driecting to https. For a custom integration which doesn't support SSL yet, I need to disable the http to https re-direct. I am unable to do so by commenting the re-direct in apache conf.
Following is my apache config.
<VirtualHost *:80>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
ProxyRequests Off
ProxyVia On
Redirect permanent / https://jenkins-tb.myorg.com/
# RewriteEngine On
# RewriteCond %{HTTPS} !=on
# RewriteRule ^/?login/(.*) https://%{SERVER_NAME}/login/$1 [R,L]
</Virtualhost>
<VirtualHost *:443>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/apache2/ssl/crt/jenkins-asd.myorg.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/key/server_jenkins-asd.myorg.com.key
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
# ProxyPassReverse /login http://jenkins-thunderbolt.myorg.com/login
# ProxyPassReverse /login https://jenkins-thunderbolt.myorg.com/login
ProxyPass /sonar http://localhost:9000/sonar
ProxyPassReverse /sonar http://localhost:9000/sonar
RequestHeader set X_FORWARDED_PROTO "https"
RequestHeader set X-Forwarded-Port "443"
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
<Proxy http://localhost:8080/*>
Order allow,deny
Allow from all
</Proxy>
ProxyPreserveHost on
# AllowEncodedSlashes NoDecode
</VirtualHost>
How do i re-enable http without disabling https? Basically need to stop re-direction from http to https.
apache jenkins reverse-proxy
asked Nov 22 '18 at 6:54
JeelJeel
684822
I currently have Jenkins running behind SSL with http re-driecting to https. For a custom integration which doesn't support SSL yet, I need to disable the http to https re-direct. I am unable to do so by commenting the re-direct in apache conf.
Following is my apache config.
<VirtualHost *:80>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
ProxyRequests Off
ProxyVia On
Redirect permanent / https://jenkins-tb.myorg.com/
# RewriteEngine On
# RewriteCond %{HTTPS} !=on
# RewriteRule ^/?login/(.*) https://%{SERVER_NAME}/login/$1 [R,L]
</Virtualhost>
<VirtualHost *:443>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/apache2/ssl/crt/jenkins-asd.myorg.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/key/server_jenkins-asd.myorg.com.key
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
# ProxyPassReverse /login http://jenkins-thunderbolt.myorg.com/login
# ProxyPassReverse /login https://jenkins-thunderbolt.myorg.com/login
ProxyPass /sonar http://localhost:9000/sonar
ProxyPassReverse /sonar http://localhost:9000/sonar
RequestHeader set X_FORWARDED_PROTO "https"
RequestHeader set X-Forwarded-Port "443"
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
<Proxy http://localhost:8080/*>
Order allow,deny
Allow from all
</Proxy>
ProxyPreserveHost on
# AllowEncodedSlashes NoDecode
</VirtualHost>
How do i re-enable http without disabling https? Basically need to stop re-direction from http to https.
apache jenkins reverse-proxy
apache jenkins reverse-proxy
asked Nov 22 '18 at 6:54
JeelJeel
684822
asked Nov 22 '18 at 6:54
JeelJeel
684822
edited Nov 22 '18 at 7:38
Jeel
asked Nov 22 '18 at 6:54
JeelJeel
684822
asked Nov 22 '18 at 6:54
JeelJeel
684822
asked Nov 22 '18 at 6:54
JeelJeel
684822
684822
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
1
Based on you configuration, replace the <VirtualHost *:80> block with the following. But please note, passwords are now transfered in clear text.
<VirtualHost *:80>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPass /sonar http://localhost:9000/sonar
ProxyPassReverse /sonar http://localhost:9000/sonar
RequestHeader set X_FORWARDED_PROTO "http"
RequestHeader set X-Forwarded-Port "80"
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
<Proxy http://localhost:8080/*>
Order allow,deny
Allow from all
</Proxy>
ProxyPreserveHost on
</Virtualhost>
This also includes that /sonar is also available over http.
answered Nov 22 '18 at 8:16
JGKJGK
1,1621312
I understand the vulnerability. I will control the inbound on port 80 via SG. Thanks for sharing the config I wanted
– Jeel
Nov 22 '18 at 8:23
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53425367%2fhow-to-disable-http-to-https-re-direct-in-jenkins%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
1
Based on you configuration, replace the <VirtualHost *:80> block with the following. But please note, passwords are now transfered in clear text.
<VirtualHost *:80>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPass /sonar http://localhost:9000/sonar
ProxyPassReverse /sonar http://localhost:9000/sonar
RequestHeader set X_FORWARDED_PROTO "http"
RequestHeader set X-Forwarded-Port "80"
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
<Proxy http://localhost:8080/*>
Order allow,deny
Allow from all
</Proxy>
ProxyPreserveHost on
</Virtualhost>
This also includes that /sonar is also available over http.
answered Nov 22 '18 at 8:16
JGKJGK
1,1621312
I understand the vulnerability. I will control the inbound on port 80 via SG. Thanks for sharing the config I wanted
– Jeel
Nov 22 '18 at 8:23
add a comment |
1
Based on you configuration, replace the <VirtualHost *:80> block with the following. But please note, passwords are now transfered in clear text.
<VirtualHost *:80>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPass /sonar http://localhost:9000/sonar
ProxyPassReverse /sonar http://localhost:9000/sonar
RequestHeader set X_FORWARDED_PROTO "http"
RequestHeader set X-Forwarded-Port "80"
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
<Proxy http://localhost:8080/*>
Order allow,deny
Allow from all
</Proxy>
ProxyPreserveHost on
</Virtualhost>
This also includes that /sonar is also available over http.
answered Nov 22 '18 at 8:16
JGKJGK
1,1621312
I understand the vulnerability. I will control the inbound on port 80 via SG. Thanks for sharing the config I wanted
– Jeel
Nov 22 '18 at 8:23
add a comment |
1
1
1
Based on you configuration, replace the <VirtualHost *:80> block with the following. But please note, passwords are now transfered in clear text.
<VirtualHost *:80>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPass /sonar http://localhost:9000/sonar
ProxyPassReverse /sonar http://localhost:9000/sonar
RequestHeader set X_FORWARDED_PROTO "http"
RequestHeader set X-Forwarded-Port "80"
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
<Proxy http://localhost:8080/*>
Order allow,deny
Allow from all
</Proxy>
ProxyPreserveHost on
</Virtualhost>
This also includes that /sonar is also available over http.
answered Nov 22 '18 at 8:16
JGKJGK
1,1621312
Based on you configuration, replace the <VirtualHost *:80> block with the following. But please note, passwords are now transfered in clear text.
<VirtualHost *:80>
ServerName jenkins-tb.myorg.com
ServerAlias www.jenkins-tb.myorg.com
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPass /sonar http://localhost:9000/sonar
ProxyPassReverse /sonar http://localhost:9000/sonar
RequestHeader set X_FORWARDED_PROTO "http"
RequestHeader set X-Forwarded-Port "80"
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
<Proxy http://localhost:8080/*>
Order allow,deny
Allow from all
</Proxy>
ProxyPreserveHost on
</Virtualhost>
This also includes that /sonar is also available over http.
answered Nov 22 '18 at 8:16
JGKJGK
1,1621312
answered Nov 22 '18 at 8:16
JGKJGK
1,1621312
answered Nov 22 '18 at 8:16
JGKJGK
1,1621312
answered Nov 22 '18 at 8:16
JGKJGK
1,1621312
1,1621312
I understand the vulnerability. I will control the inbound on port 80 via SG. Thanks for sharing the config I wanted
– Jeel
Nov 22 '18 at 8:23
add a comment |
I understand the vulnerability. I will control the inbound on port 80 via SG. Thanks for sharing the config I wanted
– Jeel
Nov 22 '18 at 8:23
I understand the vulnerability. I will control the inbound on port 80 via SG. Thanks for sharing the config I wanted
– Jeel
Nov 22 '18 at 8:23
I understand the vulnerability. I will control the inbound on port 80 via SG. Thanks for sharing the config I wanted
– Jeel
Nov 22 '18 at 8:23
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53425367%2fhow-to-disable-http-to-https-re-direct-in-jenkins%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
