[Jenkins-infra] secured jenkins mirrors

Greg Swift greg.swift at RACKSPACE.COM
Mon Jul 2 19:51:10 UTC 2018


hey... hows that migration to azure with end to end encryption going?
we are still getting directed to download artifacts over port 80 :(

-greg


On Tue, 2017-06-13 at 15:14 -0700, R. Tyler Croy wrote:
> (replies inline)
> 
> On Mon, 12 Jun 2017, Greg Swift wrote:
> 
> > Hey all.
> > 
> > I work at Rackspace and as we are building out our newest
> > environments
> > we've started blocking port 80 explicitly.  The Jenkins systems in
> > that
> > environment are failing on downloading plugins due to a 302
> > redirect
> > from https to http.  I'd rather avoid having to open an exception
> > for
> > downloading updates and plugins from the Jenkins mirrors. 
> > 
> > So the url:
> > 
> > https://updates.jenkins-ci.org/download/plugins/htmlpublisher/lates
> > t/ht
> > mlpublisher.hpi
> > 
> > redirects to http://mirrors.jenkins-ci.org/plugins/htmlpublisher/la
> > test
> > /htmlpublisher.hpi
> > 
> > which may redirect out to any number of non-ssl'd mirrors.
> > 
> > If i add https:// to the mirrors.jenkins-ci I get a cert mismatch
> > with
> > pkgs.jenkins.io which seems to only do platform specific package
> > repos.
> > 
> > So I guess my question is, is it possible for the secured
> > pkgs.jenkins.io to also have the plugins and update center
> > packages? Or
> > can we go about mirroring the content to Rackspace's internal
> > mirrors?
> > 
> > Rackspace runs a set of mirrors both internally and for our
> > customers[1]. Our preference for running a mirror is to use rsync,
> > but
> > looking through your documentation i did not see any rsync links,
> > so I
> > wanted to reach out and discuss this with y'all.  
> 
> 
> We do have an rsync option, for secondary mirrors, but that's not
> over SSL
> either :P
> 
> 
> 
> We're in the process of moving distribution into Azure storage, which
> would
> then be end-to-end SSL (core releases from https://pkg.jenkins.io
> currently get
> redirected through Azure).
> 
> 
> 
> 
> - R. Tyler Croy
> 
> ------------------------------------------------------
>      Code: <https://github.com/rtyler>
>   Chatter: <https://twitter.com/agentdero>
>      xmpp: rtyler at jabber.org
> 
>   % gpg --keyserver keys.gnupg.net --recv-key 1426C7DC3F51E16F
> ------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.jenkins-ci.org/pipermail/jenkins-infra/attachments/20180702/d575e23f/attachment.asc>


More information about the Jenkins-infra mailing list