Visiting http://jenkins.gnupg.org/some/path returns 403. It'd be nice to
redirect the user to the respective https:// URL instead.
Description
Event Timeline
I do not understand your request. Do you mean we shall use HSTS and forced
redirection to https for jenkins?
I don't know about HSTS, but I'd love to see a forced redirect.
It seems Jenkins sometimes generates a redirect that strips the httpS off, e.g.
go to https://jenkins.gnupg.org/manage, click on [Manage Plugins] (the link
itself looks fine), but one is for some reason redirected to
http://jenkins.gnupg.org/pluginManager/.
jenkins is redirected from kerckhoffs to soro using pound features. Please
check out /etc/pound/pound.cfg on kerckhoffs. The jenkins server on soro is
running on a non-standard port - may be this is the reason for the wrong redirect.
I can't easily test this because I am living in the same network.
Regarding HSTS (HTTP Strict Transport Security): The Jenkins server needs to
generate that header
I added the following snippet to our pound configuration in the ListenHTTP
section for IPv4:
- Justus: Redirect all jenkins request to https. Service HeadRequire "Host:.*jenkins.gnupg.org" Redirect 301 "https://jenkins.gnupg.org" End
I hope I didn't break anything. Jenkins is much nicer to use now :)