Cannot connect build agent to TeamCity behind nginx proxy

Hi,

I have a teamcity behind nginx proxy and my configuration is the following:

Nginx:
teamcity_http.conf

server {

  listen                *:80;

  server_name           teamcity.example.com;

  proxy_set_header        Host $host;

  access_log            /var/log/nginx/teamcity_http.access.log;

  error_log             /var/log/nginx/teamcity_http.error.log;

  location / {

    return 301 https://$host$request_uri;

  }

}

teamcity_https.conf

server {

  listen       *:443 ssl;

  server_name  teamcity.example.com ;

  ssl on;

  ssl_certificate           /etc/nginx/teamcity_https.crt;

  ssl_certificate_key       /etc/nginx/teamcity_https.key;

  ssl_session_cache         shared:SSL:10m;

  ssl_session_timeout       5m;

  ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;

  ssl_ciphers               HIGH:!aNULL:!MD5;

  ssl_prefer_server_ciphers on;

  ssl_stapling              on;

  ssl_trusted_certificate   /etc/nginx/teamcity_https.trusted.crt;

  resolver                  8.8.8.8;

  access_log            /var/log/nginx/ssl-teamcity_https.access.log;

  error_log             /var/log/nginx/ssl-teamcity_https.error.log;

  proxy_set_header        Host $host;

  proxy_set_header        X-Real-IP $remote_addr;

  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

  proxy_set_header        X-Forwarded-Proto $scheme;

  add_header              Strict-Transport-Security max-age=15552000;

  location / {

    proxy_redirect http:// https://;

    proxy_pass          http://teamcity;

    proxy_read_timeout  90;

  }

}

TeamCIty itself is listening on 127.0.0.1:8111

I can connect to the TeamCity via Web browser, but Agent fails with the 504 error.

What am I doing wrong?

4 comments
Comment actions Permalink

Hey Ilya,

What does the "teamcity" upstream look like?  Is this linux or windows?  The upstream should look like the following (in the config):

    upstream teamcity {
        server 127.0.0.1:8111;
    }

0
Comment actions Permalink

Hi Bill,

This is linux, the upstream is:

upstream teamcity {

  server     127.0.0.1:8111  fail_timeout=10s;

}

The only record I see nginx's access log is:

[08/Jan/2015:06:29:35 -0500] "POST /RPC2 HTTP/1.1" 504 182 "-" "TeamCity Agent"

And in the error log:

[error] 969#0: *14613 upstream timed out (110: Connection timed out) while reading response header from upstream, client: X.X.X.X, server: teamcity.example.com, request: "POST /RPC2 HTTP/1.1", upstream: "http://127.0.0.1:8111/RPC2", host: "teamcity.example.com"

0
Comment actions Permalink

Upgrading to 9.0.1 didn't help.

0
Comment actions Permalink

Hi Ilya,

It is not possible to set up such configuration in TeamCity now. There should be two connections established: server-agent and agent-server. In the current TeamCity implementation it is not possible to configure server to connect to agent through proxy. Please watch/vote for the related feature request - https://youtrack.jetbrains.com/issue/TW-12443.
At the same time we do not recommend to configure agent to connect to server through proxy. The connection from agent to server is not secure, because HTTP protocol is used (please see this section). And usually it is not necessary to access agent from the Internet. We would recommend to configure VPN tunnel between agent and server.

0

Please sign in to leave a comment.