I've been testing various reverse proxies with Jenkins, and am unable to use the CLI over an Apache reverse proxy using mod_proxy with the new full-duplex HTTP transport and the plain CLI protocol that was introduced in Jenkins 2.54. Both Nginx and HAProxy work using the full duplex HTTP transport correctly. Accessing Jenkins through my browser over the Apache proxy works correctly.

I used Wireshark to see what was happening, and the issue appears to be that Apache tries to buffer the body of the upload connection before proxying it to Jenkins, so Jenkins never sees the upload connection. As far as I can tell, the current code for FullDuplexHttpService and FullDuplexHttpStream require that both connections are unbuffered. The relevant setting in Apache has a minimum value of 512, and neither SetEnv proxy-sendchunks 1 nor SetEnv proxy-sendchunked 1 have a noticeable effect.

I am testing using https://github.com/jglick/jenkins-demo-reverse-proxy, and attempting to run the following CLI command:

java -jar jenkins-cli.jar -s "http://localhost:80/jenkins|http://localhost/jenkins" -logger FINE help

This is the error that is thrown by Jenkins 2.82:

WARNING: null
java.io.IOException: HTTP full-duplex channel timeout: 829c689a-05cb-4e9a-a559-eeed9c099460
	at jenkins.util.FullDuplexHttpService.download(FullDuplexHttpService.java:108)
	at jenkins.util.FullDuplexHttpService$Response.generateResponse(FullDuplexHttpService.java:175)

Assuming that Jenkins' full-duplex HTTP connection is spec compliant, this is arguably a bug in Apache.