Thursday, November 10, 2016

Putting Jenkins behind auth_basic Nginx reverse proxy

We have all been there and done that. And a simple Nginx reverse proxy with basic password authentication is no different. But what about putting Jenkins behind the reverse proxy?

What? So you're saying Jenkins changes the whole alchemy? Yeah boy. Jenkins and similar Tomcat Java based web apps that have their own authorization mechanism need to be treated differently behind a proxy. In fact you have to instruct them beforehand by adding the following header in your proxy block:

proxy_set_header Authorization "";

The whole nginx config may then look something like this:

server {
    listen 80;


    access_log /var/log/nginx/jenkins_access.log;
    error_log  /var/log/nginx/jenkins_error.log;

    location / {
      proxy_pass http://localhost:8080;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $host;
      proxy_set_header Authorization "";

      auth_basic "Restricted Content";
      auth_basic_user_file "/etc/nginx/.htpasswd";