Issue
I am using Jenkins and Nginx both in Docker,
From Jenkins docker documentation, it seems that jenkins need 2 ports, 50000 and 8080, Reference : https://github.com/jenkinsci/docker/blob/master/README.md
Nginx acting as reverse proxy has this configuration right now
server {
listen 80;
server_name jenkins.kryptohive.com
www.jenkins.kryptohive.com;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://jenkins.kryptohive.com$request_uri;
}
}
server {
listen 443 ssl http2;
server_name www.jenkins.kryptohive.com;
server_tokens off;
include /etc/nginx/conf.d/ssl.kryptohive;
return 301 https://jenkins.kryptohive.com$request_uri;
}
# configuration of the server
server {
listen 443 ssl http2;
server_name jenkins.kryptohive.com;
access_log /var/log/nginx/jenkins_access.log;
error_log /var/log/nginx/jenkins_error.log;
include /etc/nginx/conf.d/ssl.kryptohive;
include /etc/nginx/conf.d/gzip_conf;
server_tokens off;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://jenkins:8080;
proxy_read_timeout 90;
proxy_redirect http://jenkins:8080 https://jenkins.kryptohive.com;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off;
add_header 'X-SSH-Endpoint' 'jenkins.kryptohive.com:50000' always;
}
}
Reference for nginx config : http://web.archive.org/web/20190723112236/https://wiki.jenkins.io/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy
and this works perfectly fine to serve Jenkins website ,but i get error
SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
Request headers:
Content-Type: application/json
User-Agent: GitLab/14.0.0-pre
X-Gitlab-Event: Push Hook
Request body:
{
"object_kind": "push",
"event_name": "push",
"before": "e7f7c62995e68446fb1c519fb7f2316eb083bb83",
"after": "9d62e92972ed32ca67c09108395ebad9a20f3e92",
"ref": "refs/heads/master",
"checkout_sha": "9d62e92972ed32ca67c09108395ebad9a20f3e92",
"message": null,
"user_id": 4642285,
"user_name": "Abstract Aesthetics",
"user_username": "4bstractanimation",
"user_email": "",
"user_avatar": "https://secure.gravatar.com/avatar/99a9286c8eaf9b7335f91c3ddbdad7fd?s=80&d=identicon",
"project_id": 26279073,
"project": {
"id": 26279073,
"name": "ucurs-default-shop",
"description": "",
"web_url": "https://gitlab.com/4bstractanimation/django-standard-shop",
"avatar_url": null,
"git_ssh_url": "[email protected]:4bstractanimation/django-standard-shop.git",
"git_http_url": "https://gitlab.com/4bstractanimation/django-standard-shop.git",
"namespace": "Abstract Aesthetics",
"visibility_level": 0,
"path_with_namespace": "4bstractanimation/django-standard-shop",
"default_branch": "master",
"ci_config_path": "",
"homepage": "https://gitlab.com/4bstractanimation/django-standard-shop",
"url": "[email protected]:4bstractanimation/django-standard-shop.git",
"ssh_url": "[email protected]:4bstractanimation/django-standard-shop.git",
"http_url": "https://gitlab.com/4bstractanimation/django-standard-shop.git"
},
"commits": [
{
"id": "9d62e92972ed32ca67c09108395ebad9a20f3e92",
"message": "theme updated\n",
"title": "theme updated",
"timestamp": "2021-05-31T20:45:11+05:00",
"url": "https://gitlab.com/4bstractanimation/django-standard-shop/-/commit/9d62e92972ed32ca67c09108395ebad9a20f3e92",
"author": {
"name": "Abstract Aesthetics",
"email": "[email protected]"
},
"added": [
],
"modified": [
"public/index.html"
],
"removed": [
]
},
{
"id": "6eaf6296ce2a7215431ae2e641fd64159fd26be0",
"message": "theme updated\n",
"title": "theme updated",
"timestamp": "2021-05-31T20:44:57+05:00",
"url": "https://gitlab.com/4bstractanimation/django-standard-shop/-/commit/6eaf6296ce2a7215431ae2e641fd64159fd26be0",
"author": {
"name": "Abstract Aesthetics",
"email": "[email protected]"
},
"added": [
"src/components/admin-view/images/logo_feild.js"
],
"modified": [
"src/StateStore/reducer.js",
"src/components/admin-view/images/index.js",
"src/components/admin-view/information/TextView.js",
"src/components/admin-view/information/index.js",
"src/components/layout/footer/index.js",
"src/components/layout/header/index.js"
],
"removed": [
]
},
{
"id": "e7f7c62995e68446fb1c519fb7f2316eb083bb83",
"message": "theme updated\n",
"title": "theme updated",
"timestamp": "2021-05-31T19:38:49+05:00",
"url": "https://gitlab.com/4bstractanimation/django-standard-shop/-/commit/e7f7c62995e68446fb1c519fb7f2316eb083bb83",
"author": {
"name": "Abstract Aesthetics",
"email": "[email protected]"
},
"added": [
"src/components/customers-view/filter-product/price_filter.js"
],
"modified": [
"public/index.html",
"src/components/customers-view/filter-product/index.js",
"src/components/customers-view/populated-view/index.js",
"src/components/customers-view/single-product-card/index.js",
"src/components/customers-view/single-product-view/index.js"
],
"removed": [
]
}
],
"total_commits_count": 3,
"push_options": {
},
"repository": {
"name": "ucurs-default-shop",
"url": "[email protected]:4bstractanimation/django-standard-shop.git",
"description": "",
"homepage": "https://gitlab.com/4bstractanimation/django-standard-shop",
"git_http_url": "https://gitlab.com/4bstractanimation/django-standard-shop.git",
"git_ssh_url": "[email protected]:4bstractanimation/django-standard-shop.git",
"visibility_level": 0
}
}
when i try to connect GitLab to jenkins.
how can i configure nginx to also serv port 50000 of jenkins over ssl My docker compose enviroment :
version: "3.4"
services:
# JENKINS
jenkins:
image: jenkins/jenkins:lts-jdk11
volumes:
- ${PWD}/Jenkins:/var/jenkins_home
# NGINX SERVER
nginx_server:
image: webdevops/php-nginx:7.3
volumes:
- ${PWD}/config/nginx/conf.d:/etc/nginx/conf.d
- ${PWD}/log/nginx:/var/log/nginx
- ${PWD}/../get-cert/data/certbot/conf:/certs
ports:
- 80:80 # app port
- 443:443
- 50000:50000
container_name: nginx_server
#####################################################
EDIT The problem is actually with SSL in general, as i tried running
curl jenkins.kryptohive.com
and it gave the following error
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
I recreated the SSL certificate, yet still the same error, although in browser it seems to validate my ssl certificate
Solution
It was probably some cache issue, as it worked when i commented some code in nginx for proxy headers. and restarted the server after that i un commented that code again and restarted server, it still worked.
Answered By - ZOthix