Jenkins 和 GitHub 网络钩子:HTTP 403
[英]Jenkins and GitHub webhook: HTTP 403
问题描述
I have a GitHub repository which I would like to have notify Jenkins of new commits via a post-receive hook.
我有一个 GitHub 存储库,我想通过 post-receive hook 通知 Jenkins 新的提交。 I've installed the GitHub plugin into Jenkins and have allowed for Jenkins to manage it's own hook URLs.我已经在 Jenkins 中安装了 GitHub 插件,并允许 Jenkins 管理它自己的钩子 URL。 The project has the correct git repository URL and is instructed to "Build when a change is pushed to GitHub".该项目具有正确的 git 存储库 URL,并指示“将更改推送到 GitHub 时构建”。 When I have GitHub send a test payload I find this in the nginx webserver that front's Jenkins:当我让 GitHub 发送一个测试负载时,我在前面的 Jenkins 的 nginx 网络服务器中找到了这个:
207.97.227.233 - - [15/Sep/2011:07:36:51 +0000] "POST /github-webhook/ HTTP/1.1" 403 561 "-" "-"
I was running SSL so I disabled it to no effect.我正在运行 SSL,所以我禁用了它没有任何效果。 Do I need to provide special permissions to an anonymous user in the permissions matrix?我是否需要为权限矩阵中的匿名用户提供特殊权限?
Please forgive the lack of configuration files: I'm happy to share those that might exist but I don't know what might be useful to share.请原谅缺少配置文件:我很高兴分享那些可能存在但我不知道分享可能有用的内容。
4 个解决方案
解决方案1
38 已采纳 2011-09-15 13:19:47
As I don't allow anonymous access, it turns out I needed to create a specific user for GitHub pushes and to grant it Overall read, Job create and Job read.由于我不允许匿名访问,因此我需要为 GitHub 推送创建一个特定用户并授予它整体读取、作业创建和作业读取。 It was also necessary to bundle the authentication into the webhook URL, like so:还需要将身份验证捆绑到 webhook URL 中,如下所示:
https://foo:password@jenkins.example.com/github-webhook/
解决方案2
3 2018-08-24 15:25:15
As previously mentioned Jenkins does not allow anonymous access (you don't want people to trigger builds for you!).如前所述,Jenkins 不允许匿名访问(您不希望人们为您触发构建!)。 Adding a username and password in the clear is not the best solution.以明文形式添加用户名和密码并不是最好的解决方案。
1) If your Jenkins is behind a VPN, you need to make sure that your Jenkins webhooks URL are exposed 1) 如果您的 Jenkins 在 VPN 后面,您需要确保您的 Jenkins webhooks URL 是公开的
2) In the GitHub plugin configuration add the correct accessible Jenkins webhook URL( https://jenkins.example.com/github-webhook/ ) in Override Hook URL 2) 在 GitHub 插件配置中,在Override Hook URL添加正确的可访问 Jenkins webhook URL( https://jenkins.example.com/github-webhook/ )
3) Add a secret in the Shared secret section (preferably a long random string). 3) 在Shared secret部分添加一个 secret(最好是长随机字符串)。 This would be a token sent from Jenkins to GitHub and vice versa for authentication.这将是从 Jenkins 发送到 GitHub 的令牌,反之亦然,用于身份验证。 This should be different from the GitHub Server Credentials!这应该与 GitHub 服务器凭据不同!
4) Make sure the user has owner access to add webhooks to your GitHub repos 4) 确保用户拥有将 webhooks 添加到您的 GitHub 存储库的所有者访问权限
5) Don't forget to re-register the webhooks after this 5)不要忘记在此之后重新注册网络钩子
解决方案3
3 2019-12-08 21:58:02
From Github's instructions ("Configuring global authentication", the first section),从Github 的说明(“配置全局身份验证”,第一部分),
1. Create a user in Jenkins which has, at a minimum, Job/Build permissions
2. Log in as that user (this is required even if you are a Jenkins admin user), then click on the user's name in the top right corner of the page
3. Click 'Configure,' then 'Show API Token...', and note/copy the User ID and API Token.
4. In GitLab, when you create webhooks to trigger Jenkins jobs, use this format for the URL and do not enter anything for 'Secret Token': http://USERID:APITOKEN@JENKINS_URL/project/YOUR_JOB
In my case I used http://USERID:APITOKEN@myIPaddress:808/ and no project/YOUR_JOB就我而言,我使用了http://USERID:APITOKEN@myIPaddress:808/而没有project/YOUR_JOB
解决方案4
1 2017-04-21 06:31:21
https://username:password@jenkins.example.com/github-webhook/ worked for me but the password has to be encoded for the payload to work. https://username:password@jenkins.example.com/github-webhook/为我工作,但必须对密码进行编码才能使有效负载工作。 My github was not able to contact jenkins due to nginx authorisation but passing username and encoded password worked!由于 nginx 授权,我的 github 无法联系 jenkins,但传递用户名和编码密码有效!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.