-
Bug
-
Resolution: Fixed
-
Blocker
-
Jenkins 2.261 and 2.262
-
-
Jenkins 2.263
Updating to 2.261 and even 2.262 the URL for some links are injecting the port number ":80" which in our instance is invalid. This prevents pages from loading. For example the "search" at top of screen when finding a job and trying to go to the job will change the URL from "https://jenkins.company.com/" to "https://jenkins.company.com:80/job/jobname/". This makes pages not render properly and user needs to remove ":80" from URL to continue.
Another instance is clicking Manage Jenkins -> Manage Plugins goes from "https://jenkins.company.com/manage" to "https://jenkins.company.com:80/pluginManager/".
These are just a couple of instances but have run into more. I couldn't easily identity what change in 2.261 that affected this behavior.
- is duplicated by
-
JENKINS-63961 Reverse proxy set up is broken on Windows, as a service, with no IIS or other reverse proxy
-
- Closed
-
- relates to
-
JENKINS-64035 Upgrade Jetty to 9.4.33
-
- Closed
-
- links to
This only seems to occur when Jenkins is being accessed (a) over HTTPS and (b) on port 443.
This can be reproduced quite easily without nginx. I use iptables to forward 443 to 8443, but even that isn't required if Jenkins is allowed to bind to 443, e.g. by doing:
sudo sysctl -w net.ipv4.ip_unprivileged_port_start=443
Then:
java -jar jenkins.war --httpPort=-1 --httpsPort=443
will start it up listening on port 443 (no nginx, no iptables redirect).
The problem seems to originate in org.eclipse.jetty.server.ForwardedRequestCustomizer.customize. It's trying to figure out what the real protocol/host/port are. proto starts off set to "http" and never changes to "https". port is temporarily set to 0 (the HttpURI object contains 0, since it isn't specified in a URL like "https://machinename/"). Finally with port set to 0 and proto still "http" it decides to use the default port for HTTP - 80. The port number in the request is set to this value.
This doesn't seem to cause problems except if Jenkins needs to send a redirect - this is why "Manage Plugins" is broken. The URL requested when you click that is /pluginManager (no trailing slash). Jenkins redirects to /pluginManager/ (with a trailing slash), but the URL sent back to the browser will include the now-incorrect port number from the request.