Previously, when the agent would attempt to connect to our master, it would get back the following:

      Sep 06 06:54:13 internalhostname java[31206]: INFO: Locating server among https://jenkins.domain.tld/jenkins/, https://internalhostname/jenkins/

      Since switching from 2.76 to 2.78, and to using the agent.jar instead of the slave.jar, we are getting:

      Sep 12 13:30:56 internalhostname java[31206]: INFO: Locating server among https://jenkins.domain.tld/jenkins/, http://internalhostname/jenkins/ 

      Please note the change from https to http.

      I cannot determine what caused this change however, or where I can configure this.

      The problem is that the domain url cannot be resolved from the agent because it tries to connect to the external ip which is only accessible from the office network.

      The internal hostname works fine, but only over https, not http.

      We start the agent using:

      /bin/java -Djsse.enableSNIExtension=false -jar /data/jenkins/agent.jar -noCertificateCheck -jnlpUrl https://internalhostname/jenkins/computer/internalhostname/slave-agent.jnlp -secret ea1459602ecd86fe6ca5393857791b1bf56391febdbb7f4693ffd718399c56c9

          [JENKINS-46815] master returns wrong protocol to slave agent

          Rob Bast added a comment - - edited

           Since switching from 2.76 to 2.78

          I can see if the older package is still available on our server, and if that is the case, if a roll-back fixes it. Will get back to you later today.

          Rob Bast added a comment - - edited  Since switching from 2.76 to 2.78 I can see if the older package is still available on our server, and if that is the case, if a roll-back fixes it. Will get back to you later today.

          Daniel Beck added a comment -

          Sorry I must be blind

          Daniel Beck added a comment - Sorry I must be blind

          Daniel Beck added a comment -

          No obvious culprits in the version range.

          oleg_nenashev WDYT?

          Daniel Beck added a comment - No obvious culprits in the version range. oleg_nenashev WDYT?

          Rob Bast added a comment -

          Downgrading to 2.76 did not fix it, neither did 2.74 or 2.72. I am starting to think it must be a change in configuration somewhere, either Jenkins side or server side. But I simply do not know how these server "urls" are determined and what could influence said process or logic.

          Rob Bast added a comment - Downgrading to 2.76 did not fix it, neither did 2.74 or 2.72. I am starting to think it must be a change in configuration somewhere, either Jenkins side or server side. But I simply do not know how these server "urls" are determined and what could influence said process or logic.

          Daniel Beck added a comment -

          System properties (output of /systemInfo URL), and the 'Jenkins Location' config in Manage Jenkins » Configure System, and possibly reverse proxy configuration and headers passed to Jenkins.

          Daniel Beck added a comment - System properties (output of /systemInfo URL), and the 'Jenkins Location' config in Manage Jenkins » Configure System, and possibly reverse proxy configuration and headers passed to Jenkins.

          Rob Bast added a comment -

          Yeah the system configuration has the external facing hostname (I assume it is used to construct URLs on the pages and such as well?) which is only accessible from the office network, not from the slave machines.

          I do not understand where it gets the second url from, and why that used to be https but is http now a days.

          Rob Bast added a comment - Yeah the system configuration has the external facing hostname (I assume it is used to construct URLs on the pages and such as well?) which is only accessible from the office network, not from the slave machines. I do not understand where it gets the second url from, and why that used to be https but is http now a days.

          Daniel Beck added a comment -

          https://github.com/jenkinsci/jenkins/blob/master/core/src/main/resources/hudson/slaves/SlaveComputer/slave-agent.jnlp.jelly#L101

          My guess is a change to the reverse proxy configuration, probably started or stopped passing X-Forwarded-Proto or similar.

          Run the following in script console and report the output:

          println Jenkins.instance.rootUrlFromRequest
          println org.kohsuke.stapler.Stapler.currentRequest.getHeader('X-Forwarded-For')
          println org.kohsuke.stapler.Stapler.currentRequest.getHeader('X-Forwarded-Host')
          println org.kohsuke.stapler.Stapler.currentRequest.getHeader('X-Forwarded-Proto')
          println org.kohsuke.stapler.Stapler.currentRequest.getHeader('X-Forwarded-Port')
          println org.kohsuke.stapler.Stapler.currentRequest.serverPort
          println org.kohsuke.stapler.Stapler.currentRequest.serverName

          Daniel Beck added a comment - https://github.com/jenkinsci/jenkins/blob/master/core/src/main/resources/hudson/slaves/SlaveComputer/slave-agent.jnlp.jelly#L101 My guess is a change to the reverse proxy configuration, probably started or stopped passing X-Forwarded-Proto or similar. Run the following in script console and report the output: println Jenkins.instance.rootUrlFromRequest println org.kohsuke.stapler.Stapler.currentRequest.getHeader('X-Forwarded-For') println org.kohsuke.stapler.Stapler.currentRequest.getHeader('X-Forwarded-Host') println org.kohsuke.stapler.Stapler.currentRequest.getHeader('X-Forwarded-Proto') println org.kohsuke.stapler.Stapler.currentRequest.getHeader('X-Forwarded-Port') println org.kohsuke.stapler.Stapler.currentRequest.serverPort println org.kohsuke.stapler.Stapler.currentRequest.serverName

          Daniel Beck added a comment -

          Apparently the output (provided via IRC) is:

          http://external.domain.tld/jenkins/
          1.2.3.4
          external.domain.tld
          null
          null
          80
          external.domain.tld

          Daniel Beck added a comment - Apparently the output (provided via IRC) is: http://external.domain.tld/jenkins/ 1.2.3.4 external.domain.tld null null 80 external.domain.tld

          Rob Bast added a comment - - edited

          Content of jnlp file (when requested through the browser, not from the agent host) is:

           

          <?xml version="1.0"?>
          <jnlp codebase="https://external.domain.tld/jenkins/computer/internalhostname/" spec="1.0+">
           <information>
            <title>Agent for internalhostname</title>
            <vendor>Jenkins project</vendor>
            <homepage href="https://jenkins-ci.org/"/>
           </information>
           <security>
            <all-permissions/>
           </security>
           <resources>
           <j2se version="1.8+"/>
           <jar href="https://external.domain.tld/jenkins/jnlpJars/remoting.jar"/>
           </resources>
           <application-desc main-class="hudson.remoting.jnlp.Main">
            <argument>0cf93ebea71d3fefbbff35b25dd3db195976e7df79455431e619a3fce74c4efa</argument>
            <argument>internalhostname</argument>
            <argument>-workDir</argument>
            <argument>/data/jenkins</argument>
            <argument>-internalDir</argument>
            <argument>remoting</argument>
            <argument>-url</argument>
            <argument>https://external.domain.tld/jenkins/</argument>
            <argument>-url</argument>
            <argument>http://external.domain.tld/jenkins/</argument>
           </application-desc>
          </jnlp>

          Rob Bast added a comment - - edited Content of jnlp file (when requested through the browser, not from the agent host) is:   <?xml version="1.0"?> <jnlp codebase="https://external.domain.tld/jenkins/computer/internalhostname/" spec="1.0+">  <information>   <title>Agent for internalhostname</title>   <vendor>Jenkins project</vendor>   <homepage href="https://jenkins-ci.org/"/>  </information>  <security>   <all-permissions/>  </security>  <resources>  <j2se version="1.8+"/>  <jar href="https://external.domain.tld/jenkins/jnlpJars/remoting.jar"/>  </resources>  <application-desc main-class="hudson.remoting.jnlp.Main">   <argument>0cf93ebea71d3fefbbff35b25dd3db195976e7df79455431e619a3fce74c4efa</argument>   <argument>internalhostname</argument>   <argument>-workDir</argument>   <argument>/data/jenkins</argument>   <argument>-internalDir</argument>   <argument>remoting</argument>   <argument>-url</argument>   <argument> https://external.domain.tld/jenkins/ </argument>   <argument>-url</argument>   <argument> http://external.domain.tld/jenkins/ </argument>  </application-desc> </jnlp>

          Rob Bast added a comment -

          Sorry, turns out the reverse proxy was not setup correctly and did not pass the X-Forwarded-Proto header.

          Rob Bast added a comment - Sorry, turns out the reverse proxy was not setup correctly and did not pass the X-Forwarded-Proto header.

            Unassigned Unassigned
            alcohol Rob Bast
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: