Firewall settings for webhook towards Jenkins #24684
-
Hello, If been trying to setup webhooks to automate jenkins builds since few ‘days’ (not continuously of course) but miserably failed. Environment: Debian 10.11 My jenkins server resides behind an nginx reverse proxy (a 2nd physical host) which serves as the SSL frontend so it’s used to do a portforwarding of the SSL port towards default 8080 port. On the nginx server/reverse proxy I have a firewall setup which blocks everything except for IP’s that I allow. I have found the meta page (https://api.github.com/meta) and added the subnets from the “hooks” section with no limitation on port or protocol. EDIT added ufw status numbered ouput:
I am most confident that someone here has already put in place the same setup, so if he/she can shed some light or give a hint I would be most grateful. Yes read about things like smee.io but I don’t want to add another hop for something this trivial. kind regards, |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
The issue in the end was in the rule hierarchy. As mentioned my nginx server blocks everything (DROP) based on CIDR zone list I fetch from the internet. Anyway the extra rules I added as mentioned in the opening post where applied AFTER I already dropped the packages… so they never made it in obviously. All works well now. |
Beta Was this translation helpful? Give feedback.
The issue in the end was in the rule hierarchy.
As mentioned my nginx server blocks everything (DROP) based on CIDR zone list I fetch from the internet.
A bash script weekly updates the before.rules accordingly together with fail2ban etc…
Anyway the extra rules I added as mentioned in the opening post where applied AFTER I already dropped the packages… so they never made it in obviously.
Adapted my bash script to skip the creation of the DROP rule for the IP’s delivered by the Github API.
All works well now.