How the connection flow works between client controllers and the OC instance?

Article ID:209168848
1 minute readKnowledge base

Issue

Don’t know how the connection flow works between client controllers and the OC instance

Environment

CloudBees Jenkins Operations Center

Resolution

The connection flow is as follows:

  1. Client controller sends HEAD request to CJOC root URL

  2. Client controller parses HEAD response headers looking for X-Jenkins-CLI2-Portand optionally X-Jenkins-CLI-Host.

  3. Client controller initiates a TCP connection to the port specified in X-Jenkins-CLI2-Port against the host specified in X-Jenkins-CLI-Host (or the host from the CJOC root URL if the X-Jenkins-CLI-Host header is absent)

So if you want a minimal gateway between CJOC and Client controllers network you need to do the following:

  1. Configure haproxy to proxy HEAD requests against the root URL of CJOC only from Client controller [or fake the response by providing the X-Jenkins, X-Jenkins-CLI2-Port(and optionally X-Jenkins-CLI-Host) headers with a 200 or 403 response code]

  2. Configure haproxy with mode TCP to proxy the JNLP/CLI2 port from hosts in Client controller to CJOC only

  3. Configure DNS in Client controller to resolve the CJOC hostname as the host running haproxy