Fix Jenkins reverse proxy according to docs

Jenkins has documented[0] the appropriate way to reverse proxy Jenkins and it is complaining that our config is broken so update it according to their docs. Big changes here are to set nodecode on AllowEncodedSlashes and nocanon on ProxyPass so that the PATH_INFO value is left alone. But also set some X-Forward headers to tell Jenkins about the original port and protocol. Also remove the modrewrite rules so that they do not interfere with ProxyPass as they appear to no longer be needed to host zuul status. [0] https://wiki.jenkins-ci.org/display/JENKINS/Running+Jenkins+behind+Apache Change-Id: I9e2b159c1bde1c55779b7b519969b167ec788ea9
2015-01-07 16:50:06 -08:00 · 2015-01-07 16:50:06 -08:00 · cca6819f67
parent 059294e70e
commit cca6819f67
1 changed files with 4 additions and 7 deletions
--- a/templates/jenkins.vhost.erb
+++ b/templates/jenkins.vhost.erb
@ -36,12 +36,9 @@
             # MSIE 7 and newer should be able to use keepalive
             BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

-             RewriteEngine on
-             RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("::jenkins::master::vhost_name") %>
-             RewriteRule ^.*$ https://<%= scope.lookupvar("::jenkins::master::vhost_name") %>/
-
-             RewriteRule /zuul/status http://127.0.0.1:8001/status [P]
-
-             ProxyPass / http://127.0.0.1:8080/ retry=0
+             AllowEncodedSlashes NoDecode
+             ProxyPass / http://127.0.0.1:8080/ retry=0 nocanon
             ProxyPassReverse / http://127.0.0.1:8080/
+             RequestHeader set X-Forwarded-Proto "https"
+             RequestHeader set X-Forwarded-Port "443"
 </VirtualHost>