Configure a reverse proxy server to use with GoCD server

It is sometimes useful to front GoCD with a proxy server. In this section, we give you some tips and examples on how to achieve this.

GoCD with Apache

An example of how to configure GoCD with Apache is shown below.

Assumptions:

  • You have Apache with mod_proxy installed
  • The Apache server sits on the same machine as the GoCD server (localhost)
  1. Listen nnn.nnn.nnn.nnn:80
  2. NameVirtualHost nnn.nnn.nnn.nnn:80
  3. <VirtualHost nnn.nnn.nnn.nnn:80>
  4. ServerName go.yourdomain.com
  5. DocumentRoot /var/www/html
  6. <IfVersion >= 2.4>
  7. ProxyPass / ws://localhost:8153/
  8. ProxyPassReverse / ws://localhost:8153/
  9. </IfVersion>
  10. <IfVersion < 2.4>
  11. ProxyPass / http://localhost:8153/
  12. ProxyPassReverse / http://localhost:8153/
  13. </IfVersion>
  14. ProxyPreserveHost On
  15. </VirtualHost>

If you’re additionally using SSL (highly recommended), you may use the following snippet -

  1. Listen nnn.nnn.nnn.nnn:80
  2. NameVirtualHost nnn.nnn.nnn.nnn:80
  3. <VirtualHost nnn.nnn.nnn.nnn:80>
  4. ServerName gocd.example.com
  5. # Redirect any http requests to https
  6. RewriteEngine On
  7. RewriteRule ^/(.*)$ https://%{SERVER_NAME}/$1 [R=permanent,L]
  8. </VirtualHost>
  9. <VirtualHost nnn.nnn.nnn.nnn:443>
  10. ServerName gocd.example.com
  11. # Proxy everything over to the GoCD server
  12. ProxyPass / http://localhost:8153/
  13. ProxyPassReverse / http://localhost:8153/
  14. ProxyPreserveHost On
  15. RequestHeader set X-Forwarded-Proto "https"
  16. <Location />
  17. Order allow,deny
  18. Allow from all
  19. </Location>
  20. # SSL configuration
  21. SSLEngine on
  22. SSLCertificateFile /etc/pki/tls/certs/gocd.example.com.pem
  23. SSLCertificateKeyFile /etc/pki/tls/private/gocd.example.com.key
  24. SSLCertificateChainFile /etc/pki/tls/certs/gocd.example.com.pem.chained.pem
  25. </VirtualHost>

GoCD with NGINX

  1. server {
  2. # Redirect any http requests to https
  3. listen 80;
  4. server_name gocd.example.com;
  5. return 301 https://gocd.example.com$request_uri;
  6. }
  7. map $http_upgrade $connection_upgrade {
  8. default upgrade;
  9. '' close;
  10. }
  11. server {
  12. listen 443 ssl;
  13. server_name gocd.example.com;
  14. ssl_certificate /etc/pki/tls/certs/gocd.example.com.chained.pem;
  15. ssl_certificate_key /etc/pki/tls/private/gocd.example.com.key;
  16. # Proxy everything over to the GoCD server
  17. location / {
  18. proxy_set_header Host $host;
  19. proxy_set_header X-Real-IP $remote_addr;
  20. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  21. proxy_set_header X-Forwarded-Proto $scheme;
  22. proxy_http_version 1.1;
  23. proxy_set_header Upgrade $http_upgrade;
  24. proxy_set_header Connection $connection_upgrade;
  25. proxy_pass http://localhost:8153/;
  26. # To be able to upload artifacts larger than default size of 1mb, ensure that you set this up to a large value.
  27. # setting to `0` will disable checking for body size.
  28. # See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
  29. client_max_body_size 10000m;
  30. }
  31. }

Also see…