How the connection flow works between client masters and the OC instance?

Issue

Don’t know how the connection flow works between client masters and the OC instance

Environment

CloudBees Jenkins Operations Center

Resolution

The connection flow is as follows:

  1. Client master sends HEAD request to CJOC root URL
  2. Client master parses HEAD response headers looking for X-Jenkins-CLI2-Portand optionally X-Jenkins-CLI-Host.
  3. Client master initiates a TCP connection to the port specified in X-Jenkins-CLI2-Port against the host specified in X-Jenkins-CLI-Host (or the host from the CJOC root URL if the X-Jenkins-CLI-Host header is absent)

So if you want a minimal gateway between CJOC and Client masters network you need to do the following:

  1. Configure haproxy to proxy HEAD requests against the root URL of CJOC only from Client master [or fake the response by providing the X-Jenkins, X-Jenkins-CLI2-Port(and optionally X-Jenkins-CLI-Host) headers with a 200 or 403 response code]
  2. Configure haproxy with mode TCP to proxy the JNLP/CLI2 port from hosts in Client master to CJOC only
  3. Configure DNS in Client master to resolve the CJOC hostname as the host running haproxy
Was this article helpful?
0 out of 0 found this helpful

Have more questions?

0 Comments

Please sign in to leave a comment.