如何使用websocket连接Jenkins从代理和Apache反向代理背后的主节点
-
null
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerName off
ProxyRequests Off
AllowEncodedSlashes NoDecode
<Location /jenkins>
ProxyPreserveHost On
ProxyPass http://192.168.1.10:8080/jenkins nocanon
ProxyPassReverse http://192.168.1.10:8080/jenkins
ProxyPassReverse https://my.public.fqdn.com/jenkins
RequestHeader set X-Forwarded-Host "my.public.fqdn.com"
</Location>
<Location /jenkins/wsagents>
### Configurations tested and commented, not working ###
#SetEnv force-no-vary 1
#SetEnv force-proxy-request-1.0 1
#SetEnv proxy-nokeepalive 1
#RequestHeader unset Expect early
ProxyPreserveHost On
ProxyPass ws://192.168.1.10:8080/jenkins/wsagents
ProxyPassReverse ws://192.168.1.10:8080/jenkins/wsagents
</Location>
java -jar agent.jar -jnlpUrl https://my.public.fqdn.com/jenkins/computer/Slave%20Windows/slave-agent.jnlp -secret @secret-file -workDir "E:\JenkinsSlave"
Sending handshake request:
> GET wss://my.public.fqdn.com/jenkins/wsagents/
> Connection: Upgrade
> Host: my.public.fqdn.com
> Node-Name: Slave Windows
> Origin: my.public.fqdn.com
> Sec-WebSocket-Key: FFGODSDcF0TTP4q/usk9Bw==
> Sec-WebSocket-Version: 13
> Secret-Key: 123123123123
> Upgrade: websocket
> X-Remoting-Capability: rO0ABXNyABpod4ucmVtbpbmcuQ2FwYWJpbGl0eQAAAAAAAAABAgABSgAEbWFza3hwAAAAf4=
2021-01-14T22:48:44.776+0100 FINE io.jenkins.remoting.shaded.org.glassfish.tyrus.core.DebugContext flush: < Session 36d3c733-37f3-4f6e-bea1-920e8cf6f3da [128 ms]: Received handshake response:
< 400
< Cache-Control: must-revalidate, no-cache, no-store
< Content-Length: 533
< Content-Type: text/html;charset=iso-8859-1
< Cookie: 52d4f682f884de63b52ae34622c7f3968acfc365d02327e2eec34f1f8e1
< Server: Jetty(9.4.33.v20201020)
< X-Content-Type-Options: nosniff
< X-Remoting-Capability: rO0ABXNyABpod4ucmVtbpbmcuQ2FwYWJpbGl0eQAAAAAAAAABAgABSgAEbWFza3hwAAAAf4=
< X-Remoting-Minimum-Version: 3.14
SEVERE hudson.remoting.jnlp.Main$CuiListener error: Handshake error.
io.jenkins.remoting.shaded.javax.websocket.DeploymentException: Handshake error.
at io.jenkins.remoting.shaded.org.glassfish.tyrus.client.ClientManager$3$1.run(ClientManager.java:674)
at io.jenkins.remoting.shaded.org.glassfish.tyrus.client.ClientManager$3.run(ClientManager.java:712)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at io.jenkins.remoting.shaded.org.glassfish.tyrus.client.ClientManager$SameThreadExecutorService.execute(ClientManager.java:866)
at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:118)
at io.jenkins.remoting.shaded.org.glassfish.tyrus.client.ClientManager.connectToServer(ClientManager.java:511)
at io.jenkins.remoting.shaded.org.glassfish.tyrus.client.ClientManager.connectToServer(ClientManager.java:355)
at hudson.remoting.Engine.runWebSocket(Engine.java:628)
at hudson.remoting.Engine.run(Engine.java:470)
Caused by: io.jenkins.remoting.shaded.org.glassfish.tyrus.core.HandshakeException: Response code was not 101: 400.
在Jenkins主节点日志中,我发现(系统日志级别设置为ALL):
警告O.E.J.W.S.WebSocketServerFactory#ISUpgradeRequest:不是'HTTP/1.1'请求(was[HTTP/1.0])
问题是
为什么apache反向代理将HTTP/1.1切换到HTTP/1.0,以便与后端进行websocket通信,以及如何修复它?
我在apache中尝试了许多配置,但都没有成功(即强制不变)
共有1个答案
对于第二部分(如何修复),我对apache配置添加了以下内容。它使用这个问题的答案:WebSocket通过SSL与Apache反向代理
具体来说:
# allow for upgrading to websockets
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:8080/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://localhost:8080/$1 [P,L]
ProxyPass "/jenkins/wsagents" "ws://localhost:8080/jenkins/wsagents"
ProxyPassReverse "/jenkins/wsagents" "ws://localhost:8080/jenkins/wsagents"
启用了mod_rewrite和mod_proxy_wstunnel。
-
我在谷歌上冲浪,没有找到任何具体的答案或例子,所以再次尝试我的运气在这里(经常是幸运的)。 问题所在 > 我在apache反向代理后面运行了一个spring boot RESTful服务。此RESTful服务只运行HTTP。假设它运行在本地IP172.S端口8080上。 我还配置了一个apache反向代理。假设它运行在本地IP172.a和公共IP55.a上。该代理响应两个端口80,但所有HTTP通
-
我在服务器上安装了keycloak standanlone,并尝试通过Nginx在反向代理后面使用它。Keycloak绑定到127.0.0.1
-
主要内容:1. 简单的反向代理,2. 集群和平衡器,3. Balancer和BalancerMember配置,3. 故障转移,4. 均衡器管理器除了作为“基本”Web服务器,并为最终用户提供静态和动态内容之外,Apache httpd(以及大多数其他Web服务器)也可以充当反向代理服务器,也称为“网关” “服务器。 在这种情况下,httpd本身不生成或托管数据,而是由一个或多个后端服务器获取内容,后端服务器通常没有直接连接到外部网络。当httpd收到来自客户端的请求时,请求本身被代理到这些后端服
-
null 这起作用了,当调用https://www.website.com/auth/oauth/authorizeendpoint时,我将在https://www.website.com/auth/login上重定向,并看到我的登录表单。 问题是没有加载jquery或css这样的资源,因为它试图通过URL https://www.website.com/resources/jquery.min.
-
我试图从apache反向代理后面连接到socket.io服务器。我在端口8888上运行apache。nodejs服务器运行在同一台机器的端口9096上。为了进行测试,在我的本地计算机上配置代理,如下所示: 在客户端代码中,我执行如下操作: 如何使它连接到本地主机:8888/some/path/socket.io/1?123983759 ?
-
我们发现了一个使用http2的解决方案,但更喜欢不使用http2的解决方案(出于原因,请参见https://http2.pro/doc/apache)。 使用http2的Apache工作配置 有人能帮助我们创建一个有效的apache反向代理配置,该配置与CsrfPreventionRequestCycleListener一起工作而不使用http2模块吗?