Cannot authenticate behind the proxy - connection refused

[MartinHajducik]

Hi All,

Recently we have installed Google Kubernetes Engine plugin into Jenkins which is using Google Oauth plugin for authentication against google. We are behind quite restrictive firewall and despite the fact we have whitelisted googleapis.com and accounts.google.com , we are getting connection refused in stack trace.

Is there any list of endpoints which should be whitelisted to access google services ?

Thank you
regards
Martin

[MartinHajducik]

Finally I found workaround ! it seems that Jenkins as such by default does not use/respect system proxy. So even when you define environmental variable http_proxy or https_proxy it will not work . So Manage Jenkins / manage PLugins / advanced - this proxy configuration seems to work only for plugins installation + maybe only some of the plugins are able to use it ....depends

As I am using docker for simulation of this issue in my case trick was to run jenkins using options to inject environmentable variables of http_proxy + https_proxy and java.net.useSystemProxies=true

docker run -p 8080:8080 -p 50000:50000 -e http_proxy=http://10.0.75.1:8888/ -e https_proxy=http://10.0.75.1:8888/ --env JAVA_OPTS="-Djava.net.useSystemProxies=true" -v C:\Users\NTB\Desktop\docker\jenkins:/var/jenkins_home martinjenkins

Since then I was able to see in Fiddler that finally when Service Account Credentials option was selected , traffic went trough proxy and logged by Fiddler .

Hope that this will help someone.
Martin

[MartinHajducik]

HI All,

Would be possible to update this plugin so we can define proxy for it ? For example in Configure System (Global settings) . Thanks Martin

[stephenashank]

Can you clarify what you mean by a proxy for the plugin? Do you mean allow the proxy to be used by the plugin without defining JAVA_OPTS? Or would you like to define a proxy separate from the system proxy for that Google OAuth credential entry?

[MartinHajducik]

Can you clarify what you mean by a proxy for the plugin? Do you mean allow the proxy to be used by the plugin without defining JAVA_OPTS? Or would you like to define a proxy separate from the system proxy for that Google OAuth credential entry?

Probably second option would be better "to define a proxy separate from the system proxy for that Google OAuth credential entry"

[xxxvodnikxxx]

Hi, @stephenashank ,
let me clarify a little bit
it is done like proxy is setup via environment variable in jenkins global configuration
and plugin is probably ignoring this setting, so only the current possible way seems to be to pass proxy setup directly into java options per jenkins

For me, that makes sense to take a look for global = environment = variables as well,
but maybe possibility to override proxy by "local plugin setup" an be also beneficial, guess it doesnt matter at all in which way it will be developed.

Thank you so much.

[rachely3n]

Have you tried: https://wiki.jenkins.io/display/JENKINS/JenkinsBehindProxy

Manage Jenkins > Manage Plugins > Advanced.

I'm trying to understand the issue at hand here, so I need to know if the above link will solve your issues or if this is more complex.

[xxxvodnikxxx]

Have you tried: https://wiki.jenkins.io/display/JENKINS/JenkinsBehindProxy

Manage Jenkins > Manage Plugins > Advanced.

I'm trying to understand the issue at hand here, so I need to know if the above link will solve your issues or if this is more complex.

Hi, @rachely3n , yes, we tried, but from my understanding, this settings is being taken only for plugins update, but we have actually same proxy setup over there as well.
Except that we are usign proxy setup as env variable, as mentioned, via jenkins global settings

• https://jenkins.URL/configure
  https_proxy .. and no_proxy ..

All the jobs, and as well other plugins are accepting this setup (on proxy we have opened some several external URLs), but this plugin seems to have an issue once the job is being configured in jenkins, its failing due connection (which is whitelisted on proxy), as mentioned, only way, how google oauth is accepting proxy setup is to pass proxy setup into java opts directly
(via JENKINS_JAVA_OPTIONS, as -Dhttps.proxyHost, ,-Dhttps.proxyPort, -Dhttp.proxyHost, -Dhttp.proxyPort, -Dhttp.nonProxyHosts and -Dhttps.nonProxyHosts)
Then external links are working as expected