Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31464

git-client uses proxy from plugins section of jenkins

    XMLWordPrintable

Details

    Description

      The git client appears to be using the http proxy settings from the "Manage plugins" section of Jenkins. That proxy is for the master to download plugins, not for SCM clients to access repositories. Slave machines shouldn't require the same access to the internet as the master.

      Here you can see that localhost:3128 is being used as a proxy when that slave does not have a proxy listening on port 31218
      > /usr/bin/git config --local credential.username frank # timeout=10
      > /usr/bin/git config --local credential.helper store --file=/tmp/git6157196107535640953.credentials # timeout=10
      Setting http proxy: localhost:3128
      > /usr/bin/git -c core.askpass=true fetch --tags --progress https://github.com/frank/fright.git +refs/heads/:refs/remotes/origin/
      > /usr/bin/git config --local --remove-section credential # timeout=10

      Using environmental variables should be the approach for accessing http/https on the web from a git client.

      Attachments

        Activity

          We also have different proxy settings on the master and agents. Fortunately a local .gitconfig on the build node has precedence over the setting from the master. So we distribute a /home/jenkins/.gitconfig file with the following content to the build nodes:

          /home/jenkins/.gitconfig
          [http "https://git.example.com"]
                  proxy = http://proxy.example.com:3128
          [http "https://dev.example.com"]
                  proxy = http://proxy2.example.com:3128 

          Jenkins still logs Setting http proxy: proxy.masteronly.example.com:3128 during the build - but git selects the proxy from the local .gitconfig.

          andreasmandel Andreas Mandel added a comment - We also have different proxy settings on the master and agents. Fortunately a local .gitconfig on the build node has precedence over the setting from the master. So we distribute a /home/jenkins/.gitconfig file with the following content to the build nodes: /home/jenkins/.gitconfig [http "https://git.example.com"] proxy = http://proxy.example.com:3128 [http "https://dev.example.com"] proxy = http://proxy2.example.com:3128 Jenkins still logs Setting http proxy: proxy.masteronly.example.com:3128 during the build - but git selects the proxy from the local .gitconfig .
          junkpiano Yusuke Ohashi added a comment - - edited

          Hello,

          I also had this issue, and solved by modifying git-plugin only.

          Here is my change.

          https://github.com/junkpiano/git-plugin/commit/7f86f4113bd9813ccfb2e684ecfcbea4277cc458

          In my environment, master and slave machines are located in different network zones. All machines can connect with each others. Some machines needs proxy to access external contents but the others don't. So I introduced environmental variable to toggle proxy on/off on node. This gives you flexible proxy setting on the fly.

          There might be something I missed, so your feedbacks are appreciated.

          Thanks.

          junkpiano Yusuke Ohashi added a comment - - edited Hello, I also had this issue, and solved by modifying git-plugin only. Here is my change. https://github.com/junkpiano/git-plugin/commit/7f86f4113bd9813ccfb2e684ecfcbea4277cc458 In my environment, master and slave machines are located in different network zones. All machines can connect with each others. Some machines needs proxy to access external contents but the others don't. So I introduced environmental variable to toggle proxy on/off on node. This gives you flexible proxy setting on the fly. There might be something I missed, so your feedbacks are appreciated. Thanks.
          haufsolutions Michael Hauf added a comment -

          I have the same problem..  and got: "Received HTTP code 403 from proxy after CONNECT..." when I try to connect to my repo.

          I have added my GIT Host to the "No Proxy Host" section under the HTTP Proxy Config.

          This seems to be acceptable workaround for the moment.

          haufsolutions Michael Hauf added a comment - I have the same problem..  and got: "Received HTTP code 403 from proxy after CONNECT..." when I try to connect to my repo. I have added my GIT Host to the "No Proxy Host" section under the HTTP Proxy Config. This seems to be acceptable workaround for the moment.
          markewaite Mark Waite added a comment -

          alex1x one of the key reasons I've been unwilling to merge those pull requests is due to insufficient testing.  I don't have a test environment to check the current proxy implementation, nor do I have a test environment to check the proposed new proxy environment. gmontero has tested it in his environment, but the plugin is used by over 120000 installations worldwide, so I'm hesitant to merge a proxy configuration change  with only a single point of validation.

          Is there any way you can construct a separate Jenkins environment to use as a test case?

          Are you allowed to run Docker images in that environment?  If so, I can provide a Docker definition which includes the two pull request builds.

          markewaite Mark Waite added a comment - alex1x one of the key reasons I've been unwilling to merge those pull requests is due to insufficient testing.  I don't have a test environment to check the current proxy implementation, nor do I have a test environment to check the proposed new proxy environment. gmontero has tested it in his environment, but the plugin is used by over 120000 installations worldwide, so I'm hesitant to merge a proxy configuration change  with only a single point of validation. Is there any way you can construct a separate Jenkins environment to use as a test case? Are you allowed to run Docker images in that environment?  If so, I can provide a Docker definition which includes the two pull request builds.

          Hey, thanks for the quick response and helpful comments. It looks like the 2 PRs in question address exactly what I'm seeing, however unfortunately I am not able to load custom hpi's into the environment I'm working on, so I've instead worked around this (not use git plugin, just write a script to checkout git and load my Jenkinsfile).

          alex1x Alex Tasioulis added a comment - Hey, thanks for the quick response and helpful comments. It looks like the 2 PRs in question address exactly what I'm seeing, however unfortunately I am not able to load custom hpi's into the environment I'm working on, so I've instead worked around this (not use git plugin, just write a script to checkout git and load my Jenkinsfile).

          People

            Unassigned Unassigned
            scattym Matt Clark
            Votes:
            19 Vote for this issue
            Watchers:
            27 Start watching this issue

            Dates

              Created:
              Updated: