反向代理-鱿鱼

表的内容

在你想要一个用户友好的url访问Jenkins(不是端口8080)的情况下,在Squid后面运行Jenkins可能是有必威国际有限公司意义的,这样你就可以在端口80或443上访问Jenkins。本节将讨论实现此目的的一些方法。

鱿鱼2.6

使用鱿鱼2.6:

acl所有src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl经理原型cache_object acl to_localhost dst 127.0.0.0/8 acl valid_dst dstdomain .YOUR_DOMAIN ci cache_replacement_policy堆LFUDA memory_replacement_policy堆GDSF cache_dir ufs /var/spool/squid 512 16 256 cache_mem 512 MB maximum_object_size 12000 KB # # http - > https定向# #别忘了更新“詹金斯URL”https://ci.YOUR_DOMAIN/configure acl httpP必威国际有限公司ort myport 80 # http_access否认httpPort # deny_infohttps://ci.YOUR_DOMAIN/ httpPort cache_peer localhost parent 8080 0 originserver name=myAccel coredump_dir /var/spool/squid hierarchy_stoplist cgi-bin http_access allow localhost http_access allow manager localhost http_access allow valid_dst http_access deny all http_access deny manager ## mkdir /etc/squid/ssl/ && cd /etc/squid/ssl/ ## to generate your self-signed certificate ## openssl genrsa -out jenkins.key 1024 ## openssl req -new -key jenkins.key -x509 -out jenkins.crt -days 999 http_port 80 vhost #https_port 443 cert=/etc/squid/ssl/jenkins.crt key=/etc/squid/ssl/jenkins.key vhost http_reply_access allow all icp_access allow all refresh_pattern -i \.jp(e?g|gif|png|ico) 300 20% 600 override-expire # Combine following THREE LINES into a SINGLE LINE for Squid logformat combined %>a %ui %un \[%tl\] "%rm %ru HTTP/%rv" %Hs %h" "%{User-Agent}>h" %Ss:%Sh strip_query_terms off access_log /var/log/squid/access.log combined visible_hostname ci.YOUR_DOMAIN

这里假设您在本地主机端口8080上运行Jenkins必威国际有限公司。但是你可以把它放在另一个服务器/不同的端口上(调整从cache_peer开始的行)

当然,用你的域替换YOUR_DOMAIN。

使用ssl

删除一个级别的评论

sed s / ^ # / / /etc/squid/squid.conf

注意:如果你使用了swarm客户端插件,节点可能会报告:

由:sun.security.validator. validatoreexception: PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法在sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191) at sun.security.validator.Validator.validate(Validator.java:218) at c.s.n.s.i.s.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126) at c.s.n.s.i.s.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209) at sun.security. Validator.java:191c.s.n.s.i.s.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249) at c.s.n.s.i.s.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)…13 more原因:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效认证路径

你也许可以用-noCertificateCheck参数agent.jar.这将禁用来自代理的服务器证书检查。



这个页面有帮助吗?

请通过此提交您对此页的反馈快速形成

或者,如果您不想填写快速表单,您可以简单地说明您是否认为此页面有帮助?


看到现有的反馈在这里

Baidu