How the connection flow works between client controllers and the OC instance?

Article ID:209168848
1 minute readKnowledge base

Issue

Don’t know how the connection flow works between client controllers and the OC instance

Environment

CloudBees Jenkins Operations Center

Resolution

The connection flow is as follows:

  1. Client controller sends HEAD request to CJOC root URL

  2. Client controller parses HEAD response headers looking for X-Jenkins-CLI2-Portand optionally X-Jenkins-CLI-Host.

  3. Client controller initiates a TCP connection to the port specified in X-Jenkins-CLI2-Port against the host specified in X-Jenkins-CLI-Host (or the host from the CJOC root URL if the X-Jenkins-CLI-Host header is absent)

So if you want a minimal gateway between CJOC and Client controllers network you need to do the following:

  1. Configure haproxy to proxy HEAD requests against the root URL of CJOC only from Client controller [or fake the response by providing the X-Jenkins, X-Jenkins-CLI2-Port(and optionally X-Jenkins-CLI-Host) headers with a 200 or 403 response code]

  2. Configure haproxy with mode TCP to proxy the JNLP/CLI2 port from hosts in Client controller to CJOC only

  3. Configure DNS in Client controller to resolve the CJOC hostname as the host running haproxy

This article is part of our Knowledge Base and is provided for guidance-based purposes only. The solutions or workarounds described here are not officially supported by CloudBees and may not be applicable in all environments. Use at your own discretion, and test changes in a safe environment before applying them to production systems.