How to Enable ProxyPass for Jenkins Application using Apache HTTP server
Here in this article we will see how we can enable access to Jenkins URL which runs on default port 8080 from Apache HTTP server on port 80. It is always a good practice to hide the details of your Application like port number when we are trying to provide the access to the application to the end users like developers or any other members.
Test Environment
Fedora 32 installed with selinux enabled
Apahce HTTP server installed
Jenkins installed
If you are interested in watching video. Here is the YouTube video on the same step by step procedure outlined below.
Procedure
Step1: Validate Apache HTTP server installation
Make sure you have the Apache HTTP server installed on your Linux machine as shown below. If not installed get it installed and validated.
$ sudo systemctl status httpd.service
URL - http://fedser.stack.com/ - [FQDN on my Linux system - fedser.stack.com]
Step2: Validate Jenkins installation
Make sure you have the Jenkins Application installed on your Linux machine as shown below. If not installed get it installed and validated.
$ rpm -qa | grep jenkins
jenkins-2.277.4-1.1.noarch
$ ps -ef | grep jenkins
jenkins 1291 1 2 07:38 ? 00:02:27 /etc/alternatives/java -Dcom.sun.akuma.Daemon=daemonized -Djava.awt.headless=true -DJENKINS_HOME=/var/lib/jenkins -jar /usr/lib/jenkins/jenkins.war --logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war --daemon --httpPort=8080 --debug=5 --handlerCountMax=100 --handlerCountMaxIdle=20
root 17650 15175 0 09:39 pts/0 00:00:00 grep --color=auto jenkins
URL - http://fedser.stack.com:8080/
Step3: Enable and Load the Proxy modules
For enabling the ProxyPass we need to enable the mod_proxy and mod_proxy_http modules as shown below. These are by default loaded in the default Apache installation. If not enabled, please load them as shown below.
$ sudo cat /etc/httpd/conf.modules.d/00-proxy.conf | egrep "<mod_proxy>|<mod_proxy_http>"
Output:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
Step4: Create the below virtual host configuration file for enabling proxy access to Jenkins Application
Now that we have Apache and Jenkins installed and also the required modules loaded, we need to include the below proxypass configuration to enable our Jenkins Application URL to be served from default port 80 as shown below.
$ sudo cat /etc/httpd/conf.d/jenkins.conf
<VirtualHost *:80>
<Directory />
AllowOverride none
#Require all denied
Require host stack.com
</Directory>
ServerAdmin admin@feser.stack.com
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes On
<Proxy *>
Require all granted
</Proxy>
ProxyPass / http://fedser.stack.com:8080/ nocanon
ProxyPassReverse / http://fedser.stack.com:8080/
</VirtualHost>
Step5: Restart the httpd service
After the configuration changes we need to restart our Apache instance for the changes to take effect as shown below.
$ sudo systemctl restart httpd.service
Step6: Access the Jenkins Application on port 80
Lets try to access the URL as shown below on port 80 which should ideally serve the Jenkins Application URL.
URL - http://fedser.stack.com/
If you get any Error 403 Permission denied exception while accessing the application as shown below in the error_log that is because of SELinux enabled on the Linux system which is blocking the outbound network connection from Apache HTTP server on port 8080.
$ sudo tail -f /var/log/httpd/error_log
[Tue May 25 08:58:10.941538 2021] [proxy:error] [pid 16133:tid 16235] (13)Permission denied: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (localhost) failed
[Tue May 25 08:58:10.941626 2021] [proxy_http:error] [pid 16133:tid 16235] [client 127.0.0.1:41684] AH01114: HTTP: failed to make connection to backend: localhost
[Tue May 25 08:58:11.654201 2021] [proxy:error] [pid 16134:tid 16261] (13)Permission denied: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (localhost) failed
To resolve this error you need to enable the outbound http network connection boolean as shown below.
$ sudo /usr/sbin/setsebool -P httpd_can_network_connect 1
Once the selinux boolean is enabled we should be able to access the application and load the Jenkins login page.
Hope you enjoyed reading this article. Thank you..
Leave a Reply
You must be logged in to post a comment.