GitLab

During last upgrade (#17730 (closed)), a change in how JNLP in Jenkins controller makes URLs available to agents forced us to make several changes to our setup:

• Configure lizard's firewall to NAT incoming traffic to ports 80/443 from agents to the www VM.
• Configure unauthenticated non-public ports in www.lizard (1180 and 11443) to handle TLS and reverse-proxy to jenkins VM.
• Use a fixed port 42585 for agents connecting to controller (instead of default Jenkins config of choosing a random port each time it starts).
• Configure lizards firewall to NAT incoming traffic to port 42585 from agents to the jenkins VM.

Note: port 80 can probably be removed from the setup above, as agents are connecting directly to 443.

This is a complicated setup and needs to be properly Puppetized and documented.

If we do #17798 first, then we have to adapt this issue accordingly.