I am running two services behind an Apache server: Jenkins (Port 8080) and SonarQube (Port 9000).

My apache config looks like this:

<VirtualHost *:80>
  ServerName server
  Redirect permanent / https://server.domain.com/

<VirtualHost *:80>
  ServerName server.domain.com
  Redirect permanent / https://server.domain.com/

<VirtualHost *:443>
  ServerName server.domain.com

  SSLEngine on
  SSLCertificateFile /etc/ssl/certs/server.crt
  SSLCertificateKeyFile /etc/ssl/private/server.key

  ProxyPass        /jenkins http://localhost:8080/jenkins nocanon
  ProxyPassReverse /jenkins http://localhost:8080/jenkins
  ProxyPassReverse /jenkins http://server.domain.com/jenkins
  ProxyPassReverse /jenkins https://server.domain.com/jenkins

  ProxyPass        /sonar http://localhost:9000/sonar nocanon
  ProxyPassReverse /sonar http://localhost:9000/sonar

  AllowEncodedSlashes NoDecode
  ProxyRequests Off
  ProxyPreserveHost On
  <Proxy http://localhost:8080/*>
    Order deny,allow
    Allow from all

Everything seems to be working fine, except that Jenkins is complaining with this message: It appears that your reverse proxy set up is broken.

When I run the ReverseProxySetupMonitor test provided by Jenkins, the error message indicates that something with the reverse proxy is not set up correctly, as is does not replace http with https:

$ curl -iLk -e https://server.domain.com/jenkins/manage https://server.domain.com/jenkins/administrativeMonitor/hudson.diagnosis.ReverseProxySetupMonitor/test
404 http://server.domain.com/jenkins/manage vs. https://server.domain.com/jenkins/manage

This only appeared after I enabled SSL on the server (which is now using a self-signed certificate).

Question: How do I fix the reverse proxy setup so that Jenkins is happy? Bonus points for tips on how to improve the apache config file.

I already checked the following two related questions:

This page on wiki Jenkins mentioned that as per July 2014, the recommended configuration for Jenkins reverse proxy. The missing parameter is RequestHeader set X-Forwarded-Proto "https" and RequestHeader set X-Forwarded-Port "443"

So the configuration became

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/cert.pem
    ServerAdmin  webmaster@localhost
    ProxyRequests     Off
    ProxyPreserveHost On
    AllowEncodedSlashes NoDecode
    <Proxy *>
        Order deny,allow
        Allow from all
    ProxyPass         /  http://localhost:8080/ nocanon
    ProxyPassReverse  /  http://localhost:8080/
    ProxyPassReverse  /  http://www.example.com/
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Port "443"
Windows Apache Front-end setup for Jenkins

The main differences here are:

  • How to set up a temporary certificate
  • stopping apache winging about not having any ssl cache

My setup:

  • Install was to d:\ (not c:\ - adapt this to your needs)

  • Jenkins is on port 8080

  • Unzip Apache httpd-2.4.18-win64-VC14.zip (from http://www.apachelounge.com/download/) to d:\ .

  • Install OpenSSL Win64OpenSSL_Light-1_0_2f.exe (http://slproweb.com/products/Win32OpenSSL.html) to d:\OpenSSL-Win64

  • Create the ssl certificate:

    • cd to the OpenSSL bin directory and run the magic:

       pushd d:\OpenSSL-Win64\bin
       set OPENSSL_CONF=openssl.cfg
       openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt
  • Copy the server.* files from d:\OpenSSL-Win64\bin to D:\Apache24\conf

  • Edit d:\Apache24\conf\httpd.conf :

    • Search and replace "c:/" with "d:/"

    • Change after the line "Listen 80", adding "Listen 443":

      Listen 80
      Listen 443
    • Uncomment these lines:

      LoadModule headers_module modules/mod_headers.so
      LoadModule proxy_module modules/mod_proxy.so
      LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
      LoadModule proxy_http_module modules/mod_proxy_http.so
      LoadModule rewrite_module modules/mod_rewrite.so
      LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
      LoadModule ssl_module modules/mod_ssl.so
      LoadModule vhost_alias_module modules/mod_vhost_alias.so
    • Update "#ServerName www.example.com:80" to:

      ServerName myserver.mydomain:80
    • Add this at the end:

      <IfModule socache_shmcb_module>
      SSLSessionCache "shmcb:logs/ssl_scache(512000)"
      <VirtualHost *:80>
        ServerName myserver
        Redirect permanent / https://myserver.mydomain/
      <VirtualHost *:80>
        ServerName myserver.mydomain
        Redirect permanent / https://myserver.mydomain/
      <VirtualHost *:443>
                  SSLEngine on
                  SSLCertificateFile conf/server.crt
                  SSLCertificateKeyFile conf/server.key
                  ServerAdmin  me@mydomain
                  ProxyRequests             Off
                  ProxyPreserveHost On
                  AllowEncodedSlashes NoDecode
                  <Proxy *>
                              Order deny,allow
                              Allow from all
                  ProxyPass         /  http://localhost:8080/ nocanon
                  ProxyPassReverse  /  http://localhost:8080/
                  ProxyPassReverse  /  http://myserver.mydomain/
                  RequestHeader set X-Forwarded-Proto "https"
                  RequestHeader set X-Forwarded-Port "443"

I did not stop Jenkins listening on port 8080, so I can still connect if apache fails. My objective in using https is to hide parameters.

David Robson
I created a Docker container to run Apache2 as a reverse proxy for Sonarqube at the same host.

Follow the Source Code. https://github.com/clebermasters/sonarqube-https-apache2