Perhaps a hint, the Apache is TLS only.
I've tried to analyze what happens the time I press the sign in button with chrome see trace below.
2.205 (broken)
j_acegi_security_check:
General:
Request URL: https://fqdn.host.name/jenkins/j_acegi_security_check
Request Method: POST
Status Code: 302 Found
Remote Address: IP.AD.DR.ES:443
Referrer Policy: no-referrer-when-downgrade
Response Header:
Connection: Keep-Alive
Content-Length: 0
Date: Wed, 20 Nov 2019 09:33:02 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=5, max=100
Location: https://127.0.0.1/jenkins/
Server: Jetty(9.4.22.v20191022)
Set-Cookie: JSESSIONID.10db730a=node0173jclauyomxaxlnl8x11eypy2.node0; Path=/jenkins; Secure; HttpOnly
X-Content-Type-Options: nosniff
Request Header:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,de;q=0.8
Cache-Control: max-age=0
Connection: keep-alive
Content-Length: 71
Content-Type: application/x-www-form-urlencoded
Cookie: JSESSIONID.c0515192=node09fh3q2bodtxf6wgyy85sirkm7.node0; JSESSIONID.10db730a=node01pf20r2evzrjn7h09d2m3bk201.node0; screenResolution=1920x1200
DNT: 1
Host: fqdn.host.name
Origin: https://fqdn.host.name
Referer: https://fqdn.host.name/jenkins/login?from=%2Fjenkins%2F
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 ...
j_username: username
j_password: password
from: /jenkins/
Submit: Sign in
and with 2.204 (OK)
j_acegi_security_check:
General:
Request URL: https://fqdn.host.name/jenkins/j_acegi_security_check
Request Method: POST
Status Code: 302 Found
Remote Address: IP.AD.DR.ES:443
Referrer Policy: no-referrer-when-downgrade
Response Header:
Connection: Keep-Alive
Content-Length: 0
Date: Wed, 20 Nov 2019 09:47:27 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=5, max=100
Location: https://fqdn.host.name/jenkins/
Server: Jetty(9.4.z-SNAPSHOT)
Set-Cookie: JSESSIONID.e3d4d209=node01eapoart737kjzv2n9r5jqf6n1.node0;Path=/jenkins;Secure;HttpOnly
X-Content-Type-Options: nosniff
Request Header:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,de;q=0.8
Cache-Control: max-age=0
Connection: keep-alive
Content-Length: 71
Content-Type: application/x-www-form-urlencoded
Cookie: JSESSIONID.e3d4d209=node01deci271w2led1hqp8smatfa2j0.node0; screenResolution=1920x1200
DNT: 1
Host: fqdn.host.name
Origin: https://fqdn.host.name
Referer: https://fqdn.host.name/jenkins/login?from=%2Fjenkins%2F
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 ...
j_username: username
j_password: password
from: /jenkins/
Submit: Sign in
olamy is this likely a result of the upgrade to Jetty 9.4.22?