[JENKINS-63943] Nginx reverse proxy is reported as not working, yet it is configured as the documentation suggests

A message appears on /jenkins/manage. It says.

It appears that your reverse proxy set up is broken.

I think the documentation is missing something, or the message is appearing even when the proxy is configured or I am missing something completely obvious.

Looking at the documentation, configuration and examples the proxy seems to be configured correctly. Everything seems to be working correctly. Scripts and images are loaded. Yet the message still appears. So I am not sure if this is something to do with the documentation or the message is not detecting the reverse proxy.

I am using Nginx to redirect https://host.example.com/jenkins internally to the http://localhost:8080/jenkins.

It is https to http

Here is the Nginx configuration

server_name host.example.com;
 listen 443 ssl;
....
   location ^~ /jenkins/ {# Convert inbound WAN requests for https://domain.tld/jenkins/ to 

# local network requests for http://10.0.0.100:8080/jenkins/
proxy_pass http://localhost:8080/jenkins/;

# Rewrite HTTPS requests from WAN to HTTP requests on LAN
proxy_redirect http:// https://;

# proxy_redirect default;       
proxy_http_version 1.1;

# The following settings from https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx
sendfile off;

proxy_set_header   Host     $host:$server_port;
proxy_set_header   X-Real-IP$remote_addr;
proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
proxy_set_header   X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;#this is the maximum upload size

client_max_body_size       200m;
client_body_buffer_size    128k;proxy_connect_timeout      90;

proxy_send_timeout 90;
proxy_read_timeout 90;proxy_buffer_size  4k;
proxy_buffers      4 32k;
proxy_busy_buffers_size    64k;
proxy_temp_file_write_size 64k;
   }

The page https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-with-jenkins/#jenkins-says-my-reverse-proxy-setup-is-broken

- has the text "Be sure to set the X-Forwarded-Proto header if your reverse proxy is accessed via HTTPS and then Jenkins itself is accessed via HTTP i.e. proxying HTTPS to HTTP." We have set X-Forwarded-Proto as seen in the configuration.

There is a link to configuration examples that point to https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-with-jenkins/#configuration-examples

where there is an example of nginx

https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-with-jenkins/#running-jenkins-behind-nginx

contains a link to an configuration example

There the configuration is

proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_max_temp_file_size 0;

So it is the same configuration

In the mean time when searching on the subject you see https://wiki.jenkins.io/display/JENKINS/Jenkins+behind+an+nginx+reverse+proxy

In this article there is a configuration example that is

{{}}

  # Convert inbound WAN requests }}{{for https://domain.tld/jenkins/ to 
         # local network requests }}{{for http://10.0.0.100:8080/jenkins/
         proxy_pass http://10.0.0.100:8080/jenkins/;
          
         # Rewrite HTTPS requests from WAN to HTTP requests on LAN
         proxy_redirect http:// https://;
  
         # The following settings from https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx
         sendfile off;
  
         proxy_set_header   Host             $host:$server_port;
         proxy_set_header   X-Real-IP        $remote_addr;
         proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
         proxy_max_temp_file_size }}{{0;

There is a difference in the

proxy_set_header   Host             $host:$server_port;

and also the second example is not for https but they show what the configuration should be.

Jenkins is running on the machine as

111842 ? S 0:00 /usr/bin/daemon --name=jenkins --inherit --env=JENKINS_HOME=/var/lib/jenkins --output=/var/log/jenkins/jenkins.log --pidfile=/var/run/jenkins/jenkins.pid – /usr/bin/java -Djava.awt.headless=true -Dmail.smtp.starttls.enable=true -Dmail.smtps.ssl.protocols=TLS1.1,TLSv1.2 -Dhttps.protocols=TLSv1.2 -Xmx4g -Dhudson.model.DirectoryBrowserSupport.CSP=sandbox allow-scripts; style-src 'unsafe-inline' *;script-src 'unsafe-inline' 'unsafe-eval' *; -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --prefix=/jenkins -Dhudson.model.DirectoryBrowserSupport.CSP=sandbox allow-scripts; style-src 'unsafe-inline' *;script-src 'unsafe-inline' *;
 111843 ? Sl 2:35 /usr/bin/java -Djava.awt.headless=true -Dmail.smtp.starttls.enable=true -Dmail.smtps.ssl.protocols=TLS1.1,TLSv1.2 -Dhttps.protocols=TLSv1.2 -Xmx4g -Dhudson.model.DirectoryBrowserSupport.CSP=sandbox allow-scripts; style-src 'unsafe-inline' *;script-src 'unsafe-inline' 'unsafe-eval' *; -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --prefix=/jenkins -Dhudson.model.DirectoryBrowserSupport.CSP=sandbox allow-scripts; style-src 'unsafe-inline' *;script-src 'unsafe-inline' *;

What I do not understand is why am I still seeing the "It appears that your reverse proxy set up is broken."as everything seems to be configured correctly.

Originally reported by kmitov, imported from: Nginx reverse proxy is reported as not working, yet it is configured as the documentation suggests

status: Open
priority: Minor
resolution: Unresolved
imported: 2022/01/10

timja / jenkins-gh-issues-poc-06-18

[JENKINS-63943] Nginx reverse proxy is reported as not working, yet it is configured as the documentation suggests #1251