[solved] Getting build agent to use HTTPS exclusively

I need my TeamCity server to be accessible only via HTTPS. It should be possible, but I'm having a very hard time. I followed these (and other) instructions, and I have the web server responding to HTTPS requests and redirecting HTTP to HTTPS: https://confluence.jetbrains.com/display/TCD8/Using+HTTPS+to+access+TeamCity+server

The next hurdle seems to be getting my build agents to never use plain HTTP to communicate with the server. When I disable HTTP access on the server, my build agents are no longer able to register with the server. I've seen two different conditions: when I disable redirecting (so the server simply doesn't respond to requests to port 80), the wrapper.log file on the agent has connection timeout exceptions. When I enable redirecting (so HTTP requests get "302 Found" responses redirecting to HTTPS), then I get repeated errors like the following:

INFO   | jvm 2    | 2015/02/10 19:33:03 | Registering on server http://[IP removed]
INFO   | jvm 2    | 2015/02/10 19:33:03 | Call http://[IP removed]/RPC2 buildServer.registerAgent3: org.apache.xmlrpc.XmlRpcClientException: Server returned incorrect status code: 302 Found

Basically, the agent is complaining about the "302 Found" response and failing to follow the redirect. I've seen one random comment on a random blog post by a guy who had this problem, and he was apparently able to edit some config file to make the agent go straight to the HTTPS URL, but I don't know what change he made. I see the buildAgent.properties file and others in BuildAgent\conf, but I don't think changes to it even have an effect in my case. My case may be complicated by the fact that my build agents are generated EC2 instances - not persistent machines - or that fact may not be relevant.

I don't assume this is a "bug" with TeamCity, but I can't figure out how to work around it after several days of trying. Furthermore, I don't fully understand the methods that the agent and server use to communicate. Can anyone point me in the right direction?

edit: I feel like, if the agent were respecting its buildAgent.properties file, then my change to make serverUrl point to the HTTPS URL with port 443 would be all I need. But this value is simply not used by the agent. Is there a bug that causes this sort of behavior?

another edit: Well, I'm kinda dumb. I didn't have the necessary admin permission ("System Administrator") to change the serverUrl in the global settings through the web interface. I changed that to specify HTTPS and port 443, then added the JVM parameters specified at the end of the page I linked above. I think it's working now. Hope this post helps someone eventually.

Please sign in to leave a comment.