Jenkins 和 GitHub Webhook:HTTP 403
我有一个 GitHub 存储库,我想通过 post-receive 挂钩通知 Jenkins 有新提交。我已将 GitHub 插件安装到 Jenkins 中,并允许 Jenkins 管理它自己的挂钩 URL。该项目具有正确的 git 存储库 URL,并被指示“将更改推送到 GitHub 时构建”。当我让 GitHub 发送测试有效负载时,我在 Jenkins 前面的 nginx Web 服务器中发现了这一点:
207.97.227.233 - - [15/Sep/2011:07:36:51 +0000] "POST /github-webhook/ HTTP/1.1" 403 561 "-" "-"
我正在运行 SSL,所以我禁用了它,但没有效果。我是否需要在权限矩阵中向匿名用户提供特殊权限?
请原谅缺少配置文件:我很高兴分享可能存在的配置文件,但我不知道分享哪些可能有用。
I have a GitHub repository which I would like to have notify Jenkins of new commits via a post-receive hook. I've installed the GitHub plugin into Jenkins and have allowed for Jenkins to manage it's own hook URLs. The project has the correct git repository URL and is instructed to "Build when a change is pushed to GitHub". When I have GitHub send a test payload I find this in the nginx webserver that front's Jenkins:
207.97.227.233 - - [15/Sep/2011:07:36:51 +0000] "POST /github-webhook/ HTTP/1.1" 403 561 "-" "-"
I was running SSL so I disabled it to no effect. Do I need to provide special permissions to an anonymous user in the permissions matrix?
Please forgive the lack of configuration files: I'm happy to share those that might exist but I don't know what might be useful to share.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
由于我不允许匿名访问,所以我需要为 GitHub 推送创建一个特定用户,并授予其总体读取、作业创建和作业读取权限。还需要将身份验证捆绑到 webhook URL 中,如下所示:
As I don't allow anonymous access, it turns out I needed to create a specific user for GitHub pushes and to grant it Overall read, Job create and Job read. It was also necessary to bundle the authentication into the webhook URL, like so:
来自 Github 的说明(“配置全局身份验证”,第一部分),
就我而言,我使用了
http://USERID:APITOKEN@myIPaddress:808/
而没有project/YOUR_JOB
From Github's instructions ("Configuring global authentication", the first section),
In my case I used
http://USERID:APITOKEN@myIPaddress:808/
and noproject/YOUR_JOB
正如前面提到的,Jenkins 不允许匿名访问(您不希望人们为您触发构建!)。以明文形式添加用户名和密码并不是最好的解决方案。
1) 如果您的 Jenkins 位于 VPN 之后,您需要确保您的 Jenkins Webhooks URL 已公开
2) 在 GitHub 插件配置中添加正确的可访问 Jenkins Webhook URL(https://jenkins.example.com/github-webhook/) 在
覆盖 Hook URL
3)在
共享密钥
部分添加一个密钥(最好是一个长随机字符串)。这将是从 Jenkins 发送到 GitHub 的令牌,反之亦然,用于身份验证。这应该与 GitHub 服务器凭证不同!4) 确保用户拥有将 Webhooks 添加到您的 GitHub 存储库的所有者访问权限
5) 不要忘记在此之后重新注册 Webhooks
As previously mentioned Jenkins does not allow anonymous access (you don't want people to trigger builds for you!). Adding a username and password in the clear is not the best solution.
1) If your Jenkins is behind a VPN, you need to make sure that your Jenkins webhooks URL are exposed
2) In the GitHub plugin configuration add the correct accessible Jenkins webhook URL(https://jenkins.example.com/github-webhook/) in
Override Hook URL
3) Add a secret in the
Shared secret
section (preferably a long random string). This would be a token sent from Jenkins to GitHub and vice versa for authentication. This should be different from the GitHub Server Credentials!4) Make sure the user has owner access to add webhooks to your GitHub repos
5) Don't forget to re-register the webhooks after this
https://用户名:[email protected]/github-webhook/
为我工作,但必须对密码进行编码才能使有效负载工作。由于 nginx 授权,我的 github 无法联系 jenkins,但传递用户名和编码密码有效!https://username:[email protected]/github-webhook/
worked for me but the password has to be encoded for the payload to work. My github was not able to contact jenkins due to nginx authorisation but passing username and encoded password worked!