apache - 如何在 ubuntu 18.04 服务器的 apache2 下使用 SSL 保护 Jenkins 端口 8080？

Question

我已经能够成功安装和配置 Apache2 服务器以在 HTTPS 上提供服务。我一直在让 Jenkins 使用相同的 SSL 证书并在安全端口 443 上运行时遇到问题。这是我的配置，请提供任何帮助。谢谢。

我的服务器当前服务于静态 WordPress 站点，该站点在 https 端口 80 或 443 上成功启动。我还让 Jenkins 在服务器路由上成功服务，但端口为 8080。

有什么方法可以让 Jenkins 直接在 Apache2 服务器下提供服务，比如 jenkins.server.com/jenkins 而不是 jenkins.server.com:8080？

    <VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerName jenkins.server.com
        ServerAlias www.jenkins.server.com
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        <Directory /var/www/html>
            Options +FollowSymlinks
            AllowOverride All
            Require all granted
        </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =jenkins.server.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>

        SSLEngine on
        SSLProxyEngine on

        # SSL certificate and keys. Edit paths to whereever your SSL files are located
        SSLCertificateFile /etc/letsencrypt/live/jenkins.server.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/jenkins.server.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf

        ProxyRequests Off
        ProxyPreserveHost On
        RewriteEngine On
        RequestHeader set X-Forwarded-Proto "https"
        AllowEncodedSlashes NoDecode

        ProxyPass / http://jenkins.server.com:8080 nocanon
        ProxyPreserveHost On
        RewriteEngine On
        RequestHeader set X-Forwarded-Proto "https"
        AllowEncodedSlashes NoDecode

        ProxyPass / http://jenkins.server.com:8080 nocanon
        ProxyPassReverse / http://jenkins.server.com:8080

        <Proxy http://jenkins.server.com:8080/*>
                Order deny,allow
                Allow from all
        </Proxy>

</VirtualHost>

Answer 1

我能够通过在/etc/apache2/sites-available/000-default-le-ssl.conf 下修改 Apache2 生成的名为 000-default-le-ssl.conf 的文件来解决这个问题 此文件是自动生成的，我修改了代理设置。

我还必须维护“localhost”而不是 jenkins.server.com，即使 localhost 不会在浏览器中启动 Jenkins。

这是我更新后的工作文件...

<IfModule mod_ssl.c>
<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerName jenkins.server.com
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

        ProxyPass         /jenkins  http://localhost:8080/jenkins nocanon
        ProxyPassReverse  /jenkins  http://localhost:8080/jenkins
        ProxyRequests     Off
        AllowEncodedSlashes NoDecode
        RequestHeader set X-Forwarded-Proto "https"
        RequestHeader set X-Forwarded-Port "443"

        # Local reverse proxy authorization override
        # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu)
        <Proxy http://localhost:8080/jenkins*>
          Order deny,allow
          Allow from all
        </Proxy>

SSLCertificateFile /etc/letsencrypt/live/jenkins.server.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/jenkins.server.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>