Skip to content

Instantly share code, notes, and snippets.

@xelwarto
Created May 25, 2015 11:49
Show Gist options
  • Save xelwarto/ac4f8b43e4194355082c to your computer and use it in GitHub Desktop.
Save xelwarto/ac4f8b43e4194355082c to your computer and use it in GitHub Desktop.
Jenkins CI haproxy configuration example
global
chroot /var/lib/haproxy
crt-base /etc/pki/tls/certs
daemon
group haproxy
log 127.0.0.1 local0
maxconn 2000
pidfile /var/run/haproxy.pid
stats socket /var/lib/haproxy/stats
tune.ssl.default-dh-param 2048
user haproxy
defaults
log global
maxconn 2000
mode http
option redispatch
option forwardfor
option http-server-close
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
frontend jenkins
bind *:443 no-sslv3 ssl crt jenkins-ci.cert
bind *:80
default_backend jenkins-mstr
redirect location https://jenkins.my.domain/ if !{ ssl_fc }
reqadd X-Forwarded-Proto:\ http
backend jenkins-mstr
balance roundrobin
http-request set-header Host 127.0.0.1:8080
reqirep ^([^\ \t:]*:)\ https://jenkins.my.domain/(.*) \1\ http://127.0.0.1:8080/\2
rspirep ^([^\ \t:]*:)\ http://127.0.0.1:8080/(.*) \1\ https://jenkins.my.domain/\2
server jenkins01 127.0.0.1:8080 check
@persus
Copy link

persus commented May 22, 2022

I would as well appreciate a sample configuration for HAProxy 2.2

@xelwarto
Copy link
Author

@MAnasKhalid and @persus - I appreciate your feedback, however it has been a long while since I have worked with this and if this config is no longer relevant, I may just remove it. I am not sure if I will have the time but I may try to replicate the issue you reported; can you provide details on your setup ... software versions, setup, configurations, etc.

@persus
Copy link

persus commented May 22, 2022

I'm running HAProxy 2.2 on a Debian 11 server as reverse proxy (HA-Proxy version 2.2.9-2+deb11u3 2022/03/10).
Behind it I'm running Jenkins 2.332.3 on another Debian 11 server.
The goal is to get Jenkins accessible via a subdomain (e.g. https://jenkins.example.com).
The SSL-configuraiton is valid since it works for other services quite well.

This is my standard frontend config of HAProxy

frontend https
  # Binds
  bind *:80
  bind *:443 ssl crt /etc/ssl/private/example.com.cert.pem
  redirect scheme https code 301 if !{ ssl_fc }
  # Mode
  mode http
  option http-server-close
  http-request set-header X-Forwarded-For %[src]
  use_backend jenkins_srvc if { hdr(host) -i jenkins.example.com }

And now I'm struggling to get the backend configuration working

Thank you very much in advance

@persus
Copy link

persus commented May 22, 2022

Oh I found it. Here is the proper backend configuration for the frontend configuration I posted above:

backend jenkins_srvc
  option forwardfor
  mode http
  http-request set-header X-Forwarded-Port %[dst_port]
  http-request add-header X-Forwarded-Proto https if { ssl_fc }
  http-request set-header X-Forwarded-Host %[req.hdr(Host)]
  server cicd01 10.1.1.39:8080 check

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment