Issue
Don’t know how the connection flow works between client masters and the OC instance
Environment
CloudBees Jenkins Operations Center
Resolution
The connection flow is as follows:
- Client master sends HEAD request to CJOC root URL
- Client master parses HEAD response headers looking for
X-Jenkins-CLI2-Port
and optionallyX-Jenkins-CLI-Host
. - Client master initiates a TCP connection to the port specified in
X-Jenkins-CLI2-Port
against the host specified inX-Jenkins-CLI-Host
(or the host from the CJOC root URL if theX-Jenkins-CLI-Host
header is absent)
So if you want a minimal gateway between CJOC and Client masters network you need to do the following:
- Configure haproxy to proxy HEAD requests against the root URL of CJOC only from Client master [or fake the response by providing the
X-Jenkins
,X-Jenkins-CLI2-Port
(and optionallyX-Jenkins-CLI-Host
) headers with a 200 or 403 response code] - Configure haproxy with mode TCP to proxy the JNLP/CLI2 port from hosts in Client master to CJOC only
- Configure DNS in Client master to resolve the CJOC hostname as the host running haproxy
0 Comments