-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
-------------------------------------------------------------------------------------------------------------------
System Properties:
-------------------------------------------------------------------------------------------------------------------
java.runtime.name Java(TM) SE Runtime Environment
java.runtime.version 1.8.0_171-b11
java.security.debug access:stack
java.specification.name Java Platform API Specification
java.specification.vendor Oracle Corporation
java.specification.version 1.8
java.vendor Oracle Corporation
java.vendor.url http://java.oracle.com/
java.vendor.url.bug http://bugreport.sun.com/bugreport/
java.version 1.8.0_171
java.vm.info mixed mode
java.vm.name Java HotSpot(TM) 64-Bit Server VM
java.vm.specification.name Java Virtual Machine Specification
java.vm.specification.vendor Oracle Corporation
java.vm.specification.version 1.8
java.vm.vendor Oracle Corporation
java.vm.version 25.171-b11
jetty.git.hash 82b8fb23f757335bb3329d540ce37a2a2615f0a8
os.arch amd64
os.name Linux
os.version 4.4.0-128-generic
-------------------------------------------------------------------------------------------------------------------
Plugins:
-------------------------------------------------------------------------------------------------------------------
ace-editor 1.1
ant 1.8
antisamy-markup-formatter 1.5
apache-httpcomponents-client-4-api 4.5.5-3.0
authentication-tokens 1.3
bouncycastle-api 2.16.3
branch-api 2.0.20
build-timeout 1.19
cloudbees-folder 6.5
command-launcher 1.2
conditional-buildstep 1.3.6
credentials 2.1.16
credentials-binding 1.16
display-url-api 2.2.0
docker-commons 1.13
docker-workflow 1.17
durable-task 1.22
email-ext 2.62
external-monitor-job 1.7
git 3.9.1
git-client 2.7.2
git-server 1.7
github 1.29.1
github-api 1.92
github-branch-source 2.3.6
github-organization-folder 1.6
gradle 1.28
handlebars 1.1.1
icon-shim 2.0.3
jackson2-api 2.8.11.3
javadoc 1.4
jdk-tool 1.1
jquery-detached 1.2.1
jsch 0.1.54.2
junit 1.24
ldap 1.20
mailer 1.21
mapdb-api 1.0.9.0
matrix-auth 2.2
matrix-project 1.13
maven-plugin 3.1.2
momentjs 1.1.1
pam-auth 1.3
parameterized-trigger 2.35.2
pipeline-build-step 2.7
pipeline-github-lib 1.0
pipeline-graph-analysis 1.6
pipeline-input-step 2.8
pipeline-milestone-step 1.3.1
pipeline-model-api 1.3
pipeline-model-declarative-agent 1.1.1
pipeline-model-definition 1.3
pipeline-model-extensions 1.3
pipeline-rest-api 2.10
pipeline-stage-step 2.3
pipeline-stage-tags-metadata 1.3
pipeline-stage-view 2.10
plain-credentials 1.4
purge-job-history 1.1
resource-disposer 0.10
run-condition 1.0
scm-api 2.2.7
script-security 1.44
ssh-credentials 1.13
ssh-slaves 1.26
structs 1.14
subversion 2.11.0
timestamper 1.8.10
token-macro 2.5
windows-slaves 1.3.1
workflow-aggregator 2.5
workflow-api 2.28
workflow-basic-steps 2.9
workflow-cps 2.53
workflow-cps-global-lib 2.9
workflow-durable-task-step 2.19
workflow-job 2.21
workflow-multibranch 2.19
workflow-scm-step 2.6
workflow-step-api 2.15
workflow-support 2.18
ws-cleanup 0.34------------------------------------------------------------------------------------------------------------------- System Properties: ------------------------------------------------------------------------------------------------------------------- java.runtime.name Java(TM) SE Runtime Environment java.runtime.version 1.8.0_171-b11 java.security.debug access:stack java.specification.name Java Platform API Specification java.specification.vendor Oracle Corporation java.specification.version 1.8 java.vendor Oracle Corporation java.vendor.url http://java.oracle.com/ java.vendor.url.bug http://bugreport.sun.com/bugreport/ java.version 1.8.0_171 java.vm.info mixed mode java.vm.name Java HotSpot(TM) 64-Bit Server VM java.vm.specification.name Java Virtual Machine Specification java.vm.specification.vendor Oracle Corporation java.vm.specification.version 1.8 java.vm.vendor Oracle Corporation java.vm.version 25.171-b11 jetty.git.hash 82b8fb23f757335bb3329d540ce37a2a2615f0a8 os.arch amd64 os.name Linux os.version 4.4.0-128-generic ------------------------------------------------------------------------------------------------------------------- Plugins: ------------------------------------------------------------------------------------------------------------------- ace-editor 1.1 ant 1.8 antisamy-markup-formatter 1.5 apache-httpcomponents-client-4-api 4.5.5-3.0 authentication-tokens 1.3 bouncycastle-api 2.16.3 branch-api 2.0.20 build-timeout 1.19 cloudbees-folder 6.5 command-launcher 1.2 conditional-buildstep 1.3.6 credentials 2.1.16 credentials-binding 1.16 display-url-api 2.2.0 docker-commons 1.13 docker-workflow 1.17 durable-task 1.22 email-ext 2.62 external-monitor-job 1.7 git 3.9.1 git-client 2.7.2 git-server 1.7 github 1.29.1 github-api 1.92 github-branch-source 2.3.6 github-organization-folder 1.6 gradle 1.28 handlebars 1.1.1 icon-shim 2.0.3 jackson2-api 2.8.11.3 javadoc 1.4 jdk-tool 1.1 jquery-detached 1.2.1 jsch 0.1.54.2 junit 1.24 ldap 1.20 mailer 1.21 mapdb-api 1.0.9.0 matrix-auth 2.2 matrix-project 1.13 maven-plugin 3.1.2 momentjs 1.1.1 pam-auth 1.3 parameterized-trigger 2.35.2 pipeline-build-step 2.7 pipeline-github-lib 1.0 pipeline-graph-analysis 1.6 pipeline-input-step 2.8 pipeline-milestone-step 1.3.1 pipeline-model-api 1.3 pipeline-model-declarative-agent 1.1.1 pipeline-model-definition 1.3 pipeline-model-extensions 1.3 pipeline-rest-api 2.10 pipeline-stage-step 2.3 pipeline-stage-tags-metadata 1.3 pipeline-stage-view 2.10 plain-credentials 1.4 purge-job-history 1.1 resource-disposer 0.10 run-condition 1.0 scm-api 2.2.7 script-security 1.44 ssh-credentials 1.13 ssh-slaves 1.26 structs 1.14 subversion 2.11.0 timestamper 1.8.10 token-macro 2.5 windows-slaves 1.3.1 workflow-aggregator 2.5 workflow-api 2.28 workflow-basic-steps 2.9 workflow-cps 2.53 workflow-cps-global-lib 2.9 workflow-durable-task-step 2.19 workflow-job 2.21 workflow-multibranch 2.19 workflow-scm-step 2.6 workflow-step-api 2.15 workflow-support 2.18 ws-cleanup 0.34
We are trying to run jenkins using https as described here : https://wiki.jenkins.io/pages/viewpage.action?pageId=135468777
At first it appeared to work properly, but now the Jenkins web server is unresponsive. Https requests timeout, both when accessing the web pages through a browser and using the http API from other tools.
We tried taking out the https related java parameters and it appears to work with http only.
However, when using both http and https on different ports, Jenkins is unresponsive on both ports.
Jenkins does not appear to be running out of memory. It is running dozens of threads but they don't seem to be consuming much CPU time.
Looking at the thread dump does not seem to indicate a deadlock, at least some thread are still running.
Furthermore, we run builds every night and they appear to be running properly. However, since we use http requests to fetch the logs, we have little more then the build result to go on.
Outside of Jenkins, our build is not very stable but has comparable stability to what Jenkins seems to be reporting.
Update 1:
Jenkins version is 2.121.1
Update 2:
Looking at various logs. It appears that:
- Native Https was working on May 29, which is when we started using https instead of http.
- Jenkins was Upgraded from version 2.107.3 to version 2.121.1 on June 07.
- We observed that Jenkins was unresponsive on June 08.
Update 3:
After reverting Jenkins to version 2.107.3,
I can confirm that Native Https support was broken in version 2.121.1.
[JENKINS-52166] Jenkins unresponsive when using native https
The wiki page (https://wiki.jenkins.io/pages/viewpage.action?pageId=135468777) has been created in 2017 by jthornsen and then edited by jpi.
olamy danielbeck WDYT? Should actually support it? Or should we add a kind of disclaimer to the Wiki page ("available but not supported" or so).
Jeff Thornsen
added a comment - I wrote those instructions back when I was required to deploy Jenkins over HTTPS on Windows for one of my customers. This was on a network without internet access, and they forced me to use Windows, so I figured out a way to make the Jenkins embedded webserver listen over HTTPS on port 443 natively and documented it. Normally I would just deploy Jenkins on Linux and throw haproxy or nginx or apache httpd in front to handle the SSL.
AFAIK that server had no issues with the web service going down. It is likely running Jenkins LTS 2.60.3 or maybe something slightly earlier than that.
I do notice in the the Jenkins LTS Changelog that Jenkins LTS 2.73 introduced a new version of Winstone and again in 2.121.1 so it's possible the different Winstone/Jetty versions are causing the issue?
Jeff Thornsen
added a comment - I wrote those instructions back when I was required to deploy Jenkins over HTTPS on Windows for one of my customers. This was on a network without internet access, and they forced me to use Windows, so I figured out a way to make the Jenkins embedded webserver listen over HTTPS on port 443 natively and documented it. Normally I would just deploy Jenkins on Linux and throw haproxy or nginx or apache httpd in front to handle the SSL.
AFAIK that server had no issues with the web service going down. It is likely running Jenkins LTS 2.60.3 or maybe something slightly earlier than that.
I do notice in the the Jenkins LTS Changelog that Jenkins LTS 2.73 introduced a new version of Winstone and again in 2.121.1 so it's possible the different Winstone/Jetty versions are causing the issue? Thanks jthornsen!
Yes, it may be related to Jetty upgrades. That's why I CCed olamy. We do not have test automation for such configuration, so it's hard to say when particularly it became unstable (if it is a wide issue unrelated to the reporter's configuration).
Thierry Delisle
added a comment - I would like to add that using native HTTPS is much more convenient in our case.
We run Jenkins on a university network, therefore it seems to me that adding a proxy in front of Jenkins won't prevent insecure connections.
Thierry Delisle
added a comment - I would like to add that using native HTTPS is much more convenient in our case.
We run Jenkins on a university network, therefore it seems to me that adding a proxy in front of Jenkins won't prevent insecure connections. Thierry Delisle
added a comment - To add to jthornsen's hypothesis, it appears that the problem appear immediately after upgrading to 2.121.1, and was not present before.
We will try to revert to the previous version and see if the problem goes away.
Thierry Delisle
added a comment - To add to jthornsen 's hypothesis, it appears that the problem appear immediately after upgrading to 2.121.1, and was not present before.
We will try to revert to the previous version and see if the problem goes away. therefore it seems to me that adding a proxy in front of Jenkins won't prevent insecure connections
https://github.com/jenkinsci/winstone/#command-line-options has httpListenAddress, make that 127.0.0.1.
Ugh, I didn't know that we have documentation for it. I've always thought that we support HTTPS only via external services.
tdelisle which Jenkins version do you use?