upstream prematurely closed connection while reading response header from upstream

nginx https ssl jenkins

I am having issues setting up SSL for my Jenkins CI server. I use Jenkins behind nginx for a reverse proxy. I am getting these upstream prematurely closed connection while reading response header from upstream errors in my jenkins.error.log file. 

2014/09/30 13:01:49 [error] 4875#0: *1 upstream prematurely closed connection while reading response header from upstream, client: <MY IP ADDR>, server: jenkins.<SERVER URL>.com, request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:8080/favicon.ico", host: "jenkins.<SERVER URL>.com"
2014/09/30 13:01:50 [error] 4875#0: *1 upstream prematurely closed connection while reading response header from upstream, client: <MY IP ADDR>, server: jenkins.<SERVER URL>.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "jenkins.<SERVER URL>.com"

Jenkins is up and running. I am able to connect via https://<SERVER IP ADDR>:8080 (even though Chrome complains about the certificate). nginx gives me a 502 Bad Gateway message for the official url though.

sites-available configuration:

upstream jenkins {
    server 127.0.0.1:8080 fail_timeout=0;
}

server {
  listen 80;
  return 301 https://$host$request_uri;
}

server {
  listen 443;
  #listen [::]:443 default ipv6only=on;
  server_name jenkins.<SERVER URL>.com <SERVER IP ADDR>;

  ssl on;
  ssl_certificate /etc/nginx/ssl/jenkins.<SERVER URL>.com.chained.crt;
  ssl_certificate_key /etc/nginx/ssl/<SERVER URL>.com.key;

  access_log /etc/nginx/logs/jenkins.access.log;
  error_log /etc/nginx/logs/jenkins.error.log;

  location / {
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_redirect          http:// https://;
    proxy_pass              http://jenkins;
  }
}

Solution 1:

The issue was with Jenkins itself. We originally disabled the http port for Jenkins and only allowed https. Once we allowed http again, we only allowed requests from 127.0.0.1 and that solved our issues.

tl;dr: enable http port, only allow requests through 127.0.0.1

Related

Slow authentication on Fedora VM due to /var/run/dbus/system_bus_socket connect timeout
Adding virtual directory in IIS which points to shared path on another machine without AD
What is the advantage of using a NAT plus private sub-net on AWS vs a public sub-net with locked down security groups and ACL?
Devices with MAC's manufacturer section "00:FF:01"?
How do I script a change to the msmq storage location on Windows 2008 R2 server
Java on Linux insufficient memory even though there is plenty of available memory being used for caching
opendkim configuration not loading properly
Sending Subversion logs to Logstash
How to avoid duplication of add_header directives in nginx?
Is there no easy way to use the Hyper-V Manager remotely?
Getting journald to send email on certain events
Postfix - Pipe multiple recipient message as a single message