stackoom
  简体   繁体   中英

Github Jenkins webhook security problems

 原文  2017-03-22 10:37:35       github/ jenkins

Question

I've been using Github Jenkins webhook for a while with no problem. I have my Jenkins running behind a Nginx proxy and the only security installed was the nginx htpasswd. So my Github webhook looked like this:

https://user:pass@jenkins.blablabla.biz/job/script/buildWithParameters

Being user and pass the credentials from htpasswd file.

Right now I'm trying to add users to my Jenkins and I activated matrix based security to it with the option to register and login to Jenkins. The server works perfect initially asking for nginx credentials and jenkins login second.

I created a github user in Jenkins and I generated a token for him. Now I changed my Github webhook to use the new Jenkins github user credentials:

https://github:token@jenkins.blablabla.biz/job/script/buildWithParameters

As long as I know this should work. But it does not. I think that the problem here is having the two security systems activated (nginx htpasswd and jenkins login). But I want both.

Do I have to use the two credentials in my webhook? How can I do that?

When I use nginx credential Github receives this response from jenkins when webhook is triggered:

Authentication required You are authenticated as: anonymous Groups that you are in: Permission you need to have (but didn't): hudson.model.Hudson.Read ... which is implied by: hudson.security.Permission.GenericRead ... which is implied by: hudson.model.Hudson.Administer

And when I use jenkins credential Github receives this response from jenkins when webhook is triggered:

401 Authorization Required

401 Authorization Required

nginx/1.11.10

2 answers

solution1
 1  2017-07-13 00:41:40

You can disable basic auth in you nginx.conf for one url: 

location /github-webhook/ {
  auth_basic            "off";
  ...
}

location / {
  auth_basic            "Restricted";
  auth_basic_user_file  /etc/nginx/.htpasswd;
  ...
}

solution2
 0 ACCPTED  2017-04-19 07:09:51

Finally I decided to shut down the Nginx Http based security and rely only on the jenkins security. Now my jenkins server is visible from anywhere. I changed the format of the Github jenkins webhook in order to use the Jenkins token root plugin: https://wiki.jenkins-ci.org/display/JENKINS/Build+Token+Root+Plugin

I didn't find a way to use both authentication methods. The idea was to ask for an extra pass (http based) If someone tried to access from outside the office.

That's all.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Jenkins / Github webhook jenkins github webhook error Github jenkins webhook integration failed Jenkins GitHub Webhook not triggering build Jenkins not triggered by github-webhook Jenkins and GitHub webhook: HTTP 403 GitHub Webhook not triggering the Jenkins Pipeline Github webhook no longer triggering Jenkins builds Jenkins not building after push, but Github webhook is working Jenkins freestyle project not getting triggered by github webhook
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM