Use common-debian-service-https-redirect * jenkins.debian.org ServerName jenkins.debian.org ServerAdmin debian-admin@lists.debian.org Use common-debian-service-ssl jenkins.debian.org Use common-ssl-HSTS Use http-pkp-jenkins.debian.org SSLCACertificateFile /var/lib/dsa/sso/ca.crt SSLCARevocationCheck chain SSLCARevocationFile /var/lib/dsa/sso/ca.crl SSLVerifyClient optional SSLOptions +StdEnvVars UserDir disabled ErrorLog /var/log/apache2/jenkins.debian.org-error.log CustomLog /var/log/apache2/jenkins.debian.org-access.log privacy ServerSignature On RequestHeader unset X-Forwarded-User RequestHeader set X-Forwarded-User "%{SSL_CLIENT_S_DN_CN}e" env=SSL_CLIENT_S_DN_CN Order deny,allow Allow from all AllowEncodedSlashes NoDecode AuthName "Debian Jenkins" AuthType Digest AuthDigestProvider file AuthUserFile /srv/jenkins.debian.org/etc/htdigest Require valid-user RewriteEngine On # see the Apache documentation on why this has to be lookahead RewriteCond %{LA-U:REMOTE_USER} (.+) # this actually doesn't rewrite anything. what we do here is to set RU to the match above # "NS" prevents flooding the error log RewriteRule .* - [E=RU:%1,NS] RequestHeader set X-Forwarded-User %{RU}e ProxyPass http://127.0.0.1:8080/ retry=15 nocanon ProxyPassReverse http://127.0.0.1:8080/ ProxyPassReverse http://jenkins.debian.org/http-auth-jenkins/ ProxyPass / http://127.0.0.1:8080/ retry=15 nocanon ProxyPassReverse / http://127.0.0.1:8080/ ProxyPassReverse / http://jenkins.debian.org/ ProxyRequests Off ProxyPreserveHost on RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443"