• Icon: New Feature New Feature
    • Resolution: Fixed
    • Icon: Major Major
    • core
    • Platform: All, OS: All

      I already have apache and other security measure in place to secure hudson, but
      need the TCP port for JNLP slave agent to be fixed for firewall issues.
      I found the setting under security for this and if set manually in the
      config.xml file it work with security not enabled, but if you make changes on
      the configuration page it removes it if security is not enabled.

      My suggestions would be
      A. to move this setting to its own section to include any other JNLP settings.
      B. Persist this setting regardless of the security setting if its already set.

      Thanks

          [JENKINS-4478] Move TCP port out from under security

          rcalosso created issue -
          Jenkins IRC Bot made changes -
          Component/s New: core [ 15593 ]
          Component/s Original: concurrent-build [ 15628 ]
          Daniel Beck made changes -
          Link New: This issue is duplicated by JENKINS-12649 [ JENKINS-12649 ]

          Jan Klass added a comment -

          First of all, the port being under security was a bit unexpected on our end.

          Having to enable security (we have it disabled) is very unintuitive and cost us time to figure out. That the JNLP port is bound no matter the enable security setting being turned on or off, is very questionable and confusing. This should defiitely be changed ASAP, to prevent user confusion. Especially, since simply moving the setting but keeping it as is should be rather simple!?

          On one LTS installation, I have security enabled, but use anonymous access anyway. On a second installation, we use anonymous access with security disabled. The confusing part is that on the second installation, I can enable security to set the JNLP port, and then save the settings. Checking back, security is still disabled (I guess because no Security Realm was chosen) but the port is set. This is a very unintuitive and hidden behaviour.

          This is assigned to @Kohsuke Kawaguchi, I guess since 2009. Is this something you can and will do? Or would it be helpful if someone from the community jumped in?

          Jan Klass added a comment - First of all, the port being under security was a bit unexpected on our end. Having to enable security (we have it disabled) is very unintuitive and cost us time to figure out. That the JNLP port is bound no matter the enable security setting being turned on or off, is very questionable and confusing. This should defiitely be changed ASAP, to prevent user confusion. Especially, since simply moving the setting but keeping it as is should be rather simple!? On one LTS installation, I have security enabled, but use anonymous access anyway. On a second installation, we use anonymous access with security disabled. The confusing part is that on the second installation, I can enable security to set the JNLP port, and then save the settings. Checking back, security is still disabled (I guess because no Security Realm was chosen) but the port is set. This is a very unintuitive and hidden behaviour. This is assigned to @Kohsuke Kawaguchi, I guess since 2009. Is this something you can and will do? Or would it be helpful if someone from the community jumped in?

          Jan Klass added a comment - - edited

          It would also be helpful, if the node configuration setting for JNLP port (tunneling) would be a bit more elaborative about the server JNLP port, and where it is configured.

          In our case, even when changing the JNLP port, it was not necessary to configure anything there (as jenkins sends it to the slave on initial connection by the slave).

          Jan Klass added a comment - - edited It would also be helpful, if the node configuration setting for JNLP port (tunneling) would be a bit more elaborative about the server JNLP port, and where it is configured. In our case, even when changing the JNLP port, it was not necessary to configure anything there (as jenkins sends it to the slave on initial connection by the slave).
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 134551 ] New: JNJira + In-Review [ 174165 ]
          Daniel Beck made changes -
          Labels New: newbie-friendly
          Oleg Nenashev made changes -
          Assignee Original: Kohsuke Kawaguchi [ kohsuke ]
          Oleg Nenashev made changes -
          Link New: This issue is duplicated by JENKINS-44382 [ JENKINS-44382 ]
          Kseniia Nenasheva made changes -
          Assignee New: Kseniia Nenasheva [ ks_nenasheva ]

            ks_nenasheva Kseniia Nenasheva
            rcalosso rcalosso
            Votes:
            4 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: