Sto usando Centos 7 con Nginx e un SSL di letsencrypt da utilizzare come proxy per jenkins sullo stesso droplet. Tutto funzionava fino al punto in cui ho provato a delegare Jenkins .. che ha dato un errore 502 Bad Gateway. Il blocco del server è sotto, qualche idea sul perché questo accada?
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/DOMAIN.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/DOMAIN.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:E$
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
server_name DOMAIN.com;
location ~ /.well-known {
allow all;
}
# The rest of your server block
root /usr/share/nginx/html;
index index.html index.htm;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location ^~ /jenkins {
sendfile off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
#proxy_redirect http:// https://;
add_header Pragma "no-cache";
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://localhost:8080;
proxy_read_timeout 90;
proxy_redirect http://localhost:8080 https://DOMAIN.com/jenkins;
# Optionally, require HTTP basic auth.
# auth_basic "Please authenticate";
# auth_basic_user_file /opt/nginx/htpasswd;}}
Ecco alcune righe estratte dal registro errori nginx:
2016/05/12 11:43:03 [error] 2514#0: *1 no resolver defined to resolve localhost, client: xxx.xxx.xxx.xxx, server: DOMAIN.com, request: "GET /jenkins HTTP/1.1", host$
2016/05/12 12:18:24 [error] 2724#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client: xxx.xxx.xxx.xxx, server: DOMAIN.com, request$
2016/05/12 12:18:25 [error] 2724#0: *1 no live upstreams while connecting to upstream, client: xxx.xxx.xxx.xxx, server: DOMAIN.com, request: "GET /jenkins HTTP/1.1"$
EDIT: Un amico ha funzionato modificando il mio blocco server sotto le direttive SSL in questo modo, ma stava provando qualunque cosa funzionasse, non sei sicuro che questo sia il modo migliore?
location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
#rewrite all static files into requests to the root
#E.g /static/12345678/css/something.css will become /css/something.css
rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;}
location /userContent {
#have nginx handle all the static requests to the userContent folder files
#note : This is the $JENKINS_HOME dir
root /var/lib/jenkins/;
if (!-f $request_filename){
#this file does not exist, might be a directory or a /**view** url
rewrite (.*) /$1 last;
break;}
sendfile on;}
location @jenkins {
sendfile off;
proxy_pass http://127.0.0.1:8080;
proxy_redirect http:// https://;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_max_temp_file_size 0;
#this is the maximum upload size
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;}
location / {
# Optional configuration to detect and redirect iPhones
if ($http_user_agent ~* '(iPhone|iPod)') {
rewrite ^/$ /view/iphone/ redirect;}
try_files $uri @jenkins;}}