How the connection flow works between client masters and the OC instance?


Don’t know how the connection flow works between client masters and the OC instance


CloudBees Jenkins Operations Center


The connection flow is as follows:

  1. Client master sends HEAD request to CJOC root URL
  2. Client master parses HEAD response headers looking for X-Jenkins-CLI2-Portand optionally X-Jenkins-CLI-Host.
  3. Client master initiates a TCP connection to the port specified in X-Jenkins-CLI2-Port against the host specified in X-Jenkins-CLI-Host (or the host from the CJOC root URL if the X-Jenkins-CLI-Host header is absent)

So if you want a minimal gateway between CJOC and Client masters network you need to do the following:

  1. Configure haproxy to proxy HEAD requests against the root URL of CJOC only from Client master [or fake the response by providing the X-Jenkins, X-Jenkins-CLI2-Port(and optionally X-Jenkins-CLI-Host) headers with a 200 or 403 response code]
  2. Configure haproxy with mode TCP to proxy the JNLP/CLI2 port from hosts in Client master to CJOC only
  3. Configure DNS in Client master to resolve the CJOC hostname as the host running haproxy

Have more questions?


Please sign in to leave a comment.