Setting Up Jenkins CI 2.60.1 LTS on IIS 10 behind a reverse proxy on Windows Server 2016

Recently, I setup Jenkins behind IIS using a reverse proxy.  Thought I would document the process for other people as well as for my future reference.

For this tutorial, I have spin up a new windows server 2016 instance on Google Cloud Platform with a trial account. You can register for a free trial. Google offers you $300 for 12 months. Check it out.

The whole process is quite straight forward, the tricky part is IIS reverse proxy configuration and a small tweak in Jenkins.

We will follow below process:

  1. Install Jenkins.
  2. Configure Jenkins for reverse proxy.
  3. Configure IIS reverse proxy for Jenkins.

Install Jenkins:

Download and install Jenkins from Jenkins.io

Go Through the whole installation shebang.

TIP: if you can’t download anything in IE on Server, you will need to turn off “IE Enhanced Security Configuration” to download Chrome/Jenkins.

Configure Jenkins for reverse proxy

Head to  “Manage Jenkins” ->”Configure Global Security” -> “Crumbs”  and check “Enable Proxy Compatibility”.

Enable Jenkins Proxy Compability

Enable Jenkins Proxy Compatibility

This is very important if you don’t set it you will get errors like this below.

No valid crumb was included in the request

No valid crumb was included in the request

No valid crumb was included in the request

 

Configure IIS reverse proxy for Jenkins

If you have spin up a new VM, you will see the IIS welcome page. Jenkins can be found at localhost:8080. What we will do is setup a reverse proxy so that all the traffic from localhost (or actual IP/site) is forwarded to localhost:8080. So IIS’s main site will be Jenkins. You can also do the same with a sub-domain. The process is the same.

We will need URL Rewrite extension to setup reverse proxy. If you don’t have it install it from https://www.iis.net/downloads/microsoft/url-rewrite

Once installed, click on the site you want to set reverse proxy for. We will select “Default Web Site” for our demo. Under the Features View ( Bottom) on the right side double click on “Url Rewrite”

IIS-Features View-Url Rewrite

IIS-Features View-Url Rewrite

Click Add Rule(s) from Actions pane on right side. And window will pop-up and you will see “Reverse Proxy” option under “Inbound and Outbound Rules”.

Reverse Proxy Rule

Reverse Proxy Rule

Double click on it. A new window will pop-up asking you to install ARR ( Application Request Routing) if not installed. Click Yes. Go to ARR homepage and install the extension.

Install ARR - Application Request Routing

Install ARR – Application Request Routing

Setup up a reverse proxy rule like below. You can replace localhost with an actual domain name.

Try it out now.

HTTP Error 500.52 - URL Rewrite Module Error.

HTTP Error 500.52 – URL Rewrite Module Error. Outbound rewrite rules cannot be applied when the content of the HTTP response is encoded (“gzip”).

Oops. Something is not quite right. This is because reverse proxy cannot handle HTTP compression.

We need to disable compression. You can disable compression for dynamic and static content from “Compression” feature of IIS. But that won’t resolve the issue.

Disable Compression for Statice and Dynamic Contents

Disable Compression for Statice and Dynamic Contents

I tried lots of different ways but only this MSDN Blog post helped in the end.

From the post above:

There are two ways to work around this: either you turn off compression on the backend server that is delivering the HTTP responses (which may or may not be possible, depending on your configuration), or we attempt to indicate to the backend server the client does not accept compressed responses by removing the header when the request comes into the IIS reverse proxy and by placing it back when the response leaves the IIS server.

So if you can switch off in Jenkins somehow, you are good to go. But I was not able to do so and followed the second option provided in MSDN blog post above.

Ok, let’s do the second option.

We will need to add two server variable: HTTP_ACCEPT_ENCODING and HTTP_X_ORIGINAL_ACCEPT_ENCODING in Allow Server Variables. without Adding them here, IIS won’t modify them for you.

Go to URL Rewrite Module -> Actions Pane on right -> View Server Variables -> Add. And add the two above.

Allowed-Server-Variables

Allowed-Server-Variables

Next, we will create an inbound rule to remove HTTP_ACCEPT_ENCONDING and later a new outbound rule to pass the original Accept-Encoding value back.

Go Back to Url Rewrite module ( click on Back to rules in Actions pane ).

You will see two sections: top – Inbound rules and bottom – Outbound rules.

Edit the Reverse proxy Inbound rule we created before. You can find the “Edit” under Inbound rules section.

Under the server variables panel ( It will not be expanded and is easy to miss). Click Add. Set Variable name and Value as shown in the screenshot. We are just copying HTTP_ACCEPT_ENCONDING into HTTP_X_ORIGINAL_ACCEPT_ENCODING. Notice the curly braces in the value field.

Inbound Rule - Add Server Variable

Inbound Rule – Add Server Variable

Add another Variable for HTTP_ACCEPT_ENCODING and set its value to any string you like.  It won’t allow you to add an empty value. Later we will open web.config and change it to empty string.

Variable: HTTP_ACCEPT_ENCODING , value: dummy

 

Let’s write the outbound rule now which is to give HTTP_ACCEPT_ENCODING its original value back.

Create a new Outbound “Blank rule”.

Outbound Rule - Add new rule

Outbound Rule – Add new rule

Name it whatever you like. Under PreCondition DropDown select “New Pre Condition”. Name it, Use “Regular expression”and Logical Grouping as “Match All” then click Add. In the new windows  use “{HTTP_X_ORIGINAL_ACCEPT_ENCODING}” as Condition Input, and Pattern as ‘.+’

Configure PreCondition for rule

Configure PreCondition for rule

Once done, go back to the newly created rule. Under “Match” Panel, Change Matching Scope to “Server Variable”. Change Variable Name to “HTTP_ACCEPT_ENCODING” and pattern to ‘^(.*)’.

Under Action Panel choose Action type as “Rewrite” and Value as {HTTP_X_ORIGINAL_ACCEPT_ENCODING} and tick “Replace existing server variable value”.

Configure Outbound rule

Configure Outbound rule

That’s all for the rules.

One last change: Let’s modify that dummy value that we used for “HTTP_ACCEPT_ENCODING” to empty string. Open up your web.config under wwwroot. By default it’s inside: C:\inetpub\wwwroot

And Change dummy to empty string.

Jenkins on server

Note: This step should be at the end as each change you do with inbound/outbound rule rewrites web.config.

And test it out.

Jenkins on server

Jenkins accessible via public ip

Jenkins accessible via public ip

Jenkins accessible via public ip

 

Sandeep

a dev, an amateur photographer and a father

 

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: