Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-73720

Jenkins Resource Root URL not working (404) with Project-based matrix auth

    • Icon: Bug Bug
    • Resolution: Not A Defect
    • Icon: Critical Critical
    • None

      Running Jenkins on dedicated machine, with SSL provided by Haproxy.

      Jenkins runs inside internal network, with URL https://jenkins.company.com , https://jenkins-static.company.com is set up to point to the same machine.

      Haproxy settings as from jenkins tutorial (disabling haproxy and switching to direct HTTP does not solve the issue).

      When setting up Resource Root URL using "Manage Jenkins >> System", all artifacts URL are converted to https://jenkins-static.company.com/static-files/TOKEN/FILE_PATH but trying to open the link always leads to "Oops!" 404 page.

      I was unable to find any related information in the logs, but maybe I do not know where to look.

      I have no idea what might be wrong, maybe GitLab OAuth plugin results in invalid user names and then tokens?

          [JENKINS-73720] Jenkins Resource Root URL not working (404) with Project-based matrix auth

          Konrad Grochowski created issue -
          Konrad Grochowski made changes -
          Priority Original: Minor [ 4 ] New: Major [ 3 ]

          Konrad Grochowski added a comment - https://stackoverflow.com/questions/78949400/jenkins-resource-root-url-not-working-always-returning-404

          I've found possible culprit - to make Resource URL work I had to add "Job/Read" permission to "Authenticated Users" in global settings for Project-based Matrix Authorization Strategy. But this breaks the security of my Jenkins instance, so this solution can't be applied.

          Konrad Grochowski added a comment - I've found possible culprit - to make Resource URL work I had to add "Job/Read" permission to "Authenticated Users" in global settings for Project-based Matrix Authorization Strategy. But this breaks the security of my Jenkins instance, so this solution can't be applied.
          Konrad Grochowski made changes -
          Component/s New: matrix-auth-plugin [ 18131 ]
          Konrad Grochowski made changes -
          Priority Original: Major [ 3 ] New: Critical [ 2 ]
          Konrad Grochowski made changes -
          Summary Original: Resource Root URL not working - always returning 404 New: Jenkins Resource Root URL not working (404) with Project-based matrix auth
          Konrad Grochowski made changes -
          Link New: This issue relates to JENKINS-63296 [ JENKINS-63296 ]

          More findings - if instead of "Job/Read" I set only "Job/Discover" I get 403 instead of 404

          Konrad Grochowski added a comment - More findings - if instead of "Job/Read" I set only "Job/Discover" I get 403 instead of 404

          Seems this was by intention (JENKINS-72636). The 2.462.3 adds a option to workaround it. Knowing the reason I could fix it by adding

             RequestHeader unset Authorization
          

          to our Apache reverse proxy config.

          Andreas Mandel added a comment - Seems this was by intention ( JENKINS-72636 ). The 2.462.3 adds a option to workaround it. Knowing the reason I could fix it by adding RequestHeader unset Authorization to our Apache reverse proxy config.
          Andreas Mandel made changes -
          Link New: This issue is caused by JENKINS-72636 [ JENKINS-72636 ]

            Unassigned Unassigned
            hcorg Konrad Grochowski
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: