curl-具有反向代理到替代端口号的Jenkins

我有一个jenkins生成器服务器,我正在尝试使用nginx设置反向代理.我遵循了jenkins站点上的所有howto和文档,但唯一不同的是我需要服务器可以在不同于标准https端口的其他端口上访问.

必须通过https://jenkins.example.com:9090可以访问服务器,该服务器现在可以工作,但是我仍然遇到一些问题.在Manage Jenkins中,我不断收到消息

It appears that your reverse proxy set up is broken

同样,当我登录或应用或保存一些配置更改时,我一直重定向到https://jenkins.example.com,但没有端口号.

当我检查curl并在标题的某些页面中查找时,它会将位置标题设置为正确的url,但没有端口号.

我在nginx中有以下配置

server {
  listen 443 ssl spdy;
  server_name jenkins.example.com;
  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
  add_header X-Frame-Options "DENY";

  ssl on;
  ssl_certificate /etc/nginx/ssl/server.chain.crt;
  ssl_certificate_key /etc/nginx/ssl/server.key;
  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-$
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  # Diffie-Hellman parameter for DHE ciphersuites,recommended 2048 bits
  ssl_dhparam /etc/nginx/ssl/dhparam.pem;

  # enable ocsp stapling (mechanism by which a site can convey certificate revocation information to visitors in a privacy-preserving,scalable manner)
  # http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
  resolver 8.8.8.8;
  ssl_stapling on;
  ssl_trusted_certificate /etc/nginx/ssl/server.crt;

  access_log            /var/log/nginx/jenkins.access.log;

  location / {
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;

    # Fix the "It appears that your reverse proxy set up is broken" error.
    proxy_pass          http://127.0.0.1:8080/;
    proxy_read_timeout  90;

    proxy_redirect      http://127.0.0.1:8080 https://jenkins.example.com:9090;
  }
}

在jenkins的默认配置中,我添加了–httpListenAddress = 127.0.0.1,并在Manage Jenkins中添加了>.配置系统我已将正确的URL(端口号为https://jenkins.example.com:9090/)添加到Jenkins位置.

这些是我使用curl检查标题时的标题.

curl -I  https://jenkins.example.com:9090/scriptApproval
HTTP/1.1 302 Found
Server: nginx/1.9.4
Date: Thu,24 Sep 2015 13:17:56 GMT
Content-Length: 0
Connection: keep-alive
X-Content-Type-Options: nosniff
Location: https://jenkin.example.com/scriptApproval/
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: DENY

更新1

添加proxy_set_header X-Forwarded-Port 9090时；到nginx配置,这似乎可以修复错误看来,您的反向代理设置在“设置”页面上已损坏.

更新2

也许与斜杠有关.当我用curl调用https://build.example.com:9090/pluginManager/时,我从jenkins得到了403禁止响应,但是当我调用https://build.example.com:9090/pluginManager时却没有结尾的斜线找到302响应并将位置标头设置为https://build.example.com/pluginManager/

更新3

该服务器连接在共享的Internet上,并连接了我无法控制的更多服务器.它仅运行Jenkins CI和nginx,它们应该是反向代理.路由器上的WAN端口列出到端口9090,该端口转发到端口443上的服务器,该服务器应该是Nginx,后者应将所有内容代理到正在监听端口8080的Jenkins-CI.

更新4

这是我尝试过的当前配置.这似乎也不起作用.

upstream jenkins {
  server 127.0.0.1:8080 fail_timeout=0;
}

server {
  listen 9090 default ssl http2;
  server_name build.pixplicity.com;

  ssl on;
  ssl_certificate /etc/nginx/ssl/server.chain.crt;
  ssl_certificate_key /etc/nginx/ssl/server.key;

  access_log            /var/log/nginx/jenkins.access.log;

  location / {
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto https;
    proxy_set_header        X-Forward-Port 9090;

    # Fix the "It appears that your reverse proxy set up is broken" error.
    proxy_pass          http://127.0.0.1:8080;
    proxy_read_timeout  90;

    proxy_redirect http://127.0.0.1:8080 https://build.pixplicity.com:9090;
    #proxy_redirect default;
  }
}