Configure a reverse proxy server to use with GoCD server

It is sometimes useful to front GoCD with a proxy server. In this section, we give you some tips and examples on how to achieve this.

GoCD with Apache

An example of how to configure GoCD with Apache is shown below.

Assumptions:

  • You have Apache with mod_proxy installed
  • The Apache server sits on the same machine as the GoCD server (localhost)
  1. Listen nnn.nnn.nnn.nnn:80
  2. NameVirtualHost nnn.nnn.nnn.nnn:80
  4. <VirtualHost nnn.nnn.nnn.nnn:80>
  5.   ServerName go.yourdomain.com
  6.   DocumentRoot /var/www/html
  8.   <IfVersion >= 2.4>
  9.     ProxyPass         /  ws://localhost:8153/
  10.     ProxyPassReverse  /  ws://localhost:8153/
  11.   </IfVersion>
  13.   <IfVersion < 2.4>
  14.     ProxyPass         /  http://localhost:8153/
  15.     ProxyPassReverse  /  http://localhost:8153/
  16.   </IfVersion>
  18.   ProxyPreserveHost On
  19. </VirtualHost>

If you’re additionally using SSL (highly recommended), you may use the following snippet -

  1. Listen nnn.nnn.nnn.nnn:80
  2. NameVirtualHost nnn.nnn.nnn.nnn:80
  4. <VirtualHost nnn.nnn.nnn.nnn:80>
  5.   ServerName gocd.example.com
  7.   # Redirect any http requests to https
  8.   RewriteEngine On
  9.   RewriteRule ^/(.*)$ https://%{SERVER_NAME}/$1 [R=permanent,L]
  10. </VirtualHost>
  12. <VirtualHost nnn.nnn.nnn.nnn:443>
  13.   ServerName gocd.example.com
  15.   # Proxy everything over to the GoCD server
  16.   ProxyPass         /  http://localhost:8153/
  17.   ProxyPassReverse  /  http://localhost:8153/
  18.   ProxyPreserveHost On
  19.   RequestHeader set X-Forwarded-Proto "https"
  21.   <Location />
  22.     Order allow,deny
  23.     Allow from all
  24.   </Location>
  26.   # SSL configuration
  27.   SSLEngine on
  29.   SSLCertificateFile /etc/pki/tls/certs/gocd.example.com.pem
  30.   SSLCertificateKeyFile /etc/pki/tls/private/gocd.example.com.key
  31.   SSLCertificateChainFile /etc/pki/tls/certs/gocd.example.com.pem.chained.pem
  32. </VirtualHost>

GoCD with NGINX

  1. server {
  2.   # Redirect any http requests to https
  3.   listen         80;
  4.   server_name    gocd.example.com;
  5.   return 301     https://gocd.example.com$request_uri;
  6. }
  8. map $http_upgrade $connection_upgrade {
  9.   default upgrade;
  10.   '' close;
  11. }
  13. server {
  14.   listen                    443 ssl;
  15.   server_name               gocd.example.com;
  17.   ssl_certificate           /etc/pki/tls/certs/gocd.example.com.chained.pem;
  18.   ssl_certificate_key       /etc/pki/tls/private/gocd.example.com.key;
  20.   # Proxy everything over to the GoCD server
  21.   location / {
  22.     proxy_set_header        Host            $host;
  23.     proxy_set_header        X-Real-IP       $remote_addr;
  24.     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  25.     proxy_set_header        X-Forwarded-Proto $scheme;
  26.     proxy_http_version      1.1;
  27.     proxy_set_header        Upgrade $http_upgrade;
  28.     proxy_set_header        Connection $connection_upgrade;
  29.     proxy_pass              http://localhost:8153/;
  31.     # To be able to upload artifacts larger than default size of 1mb, ensure that you set this up to a large value.
  32.     # setting to `0` will disable checking for body size.
  33.     # See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
  34.     client_max_body_size  10000m;
  35.   }
  36. }

Also see…