Webhook to Jenkins fails with "Network Error"

Simon Symhoven July 29, 2022

Hi,

i am running a Jenkins Instance with Docker on a private Server (no firewall active, bute UFW running). I installed the plugin multibranch-scan-webhook-trigger and configured my job as described with token=commprom_angular_frontend. I can trigger the pipeline with the corresponding post method:

grafik.png

Everthing works fine.

I also configured the webhook in the corresponding bitbucket repository as follows:

grafik.png

But if i commit and push changes, every request will end up with a Network Error:

grafik.png

Details of this request:

grafik.png

The body of request looks fine.

Does anyone have an idea, why this happens? How can i have a deeper look into the logs of this requests?

Thanks a lot in advance and all the best!

Simon

2 answers

0 votes
Mateus T
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 4, 2022

Hi @Simon Symhoven!

403s when dispatching webhooks could either indicate that your authentication token is incorrect or Bitbucket is still not being able to connect to your instance! In order to make sure that your Webhooks are able to connect to your Jenkins instance, I'd advise making sure that all the IPs from the following documentation are whitelisted within your Jenkins server:

 

Cheers,

Mateus T

0 votes
Mateus T
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 2, 2022

Hi @Simon Symhoven

Thank you for reaching out to the Atlassian Community!

Checking the screenshots you have attached to this thread, I was able to run a few validation tests against your URL. I can see that this Jenkins instance is running with a self-signed certificate and, while trying to check the integrity of that certificate, I received the following error message:

Hostname Validation: FAILED - Certificate does NOT match server hostname

In this case, I believe that the Webhook calls are failing to reach your instance as Bitbucket is not able to trust that certificate. You can also edit your webhook and check the Skip certificate verification box as a validation test and, to workaround this issue while your certificate is being fixed by your internal teams.

Let us know if you have any questions about this. We will be here to help!

Thanks!

Mateus T

Simon Symhoven August 2, 2022

Hi @Mateus T

thanks a lot for your help! I will send this to our internal team and try to fix this issue on my side.

Meanwhile i tried to activate Skip certificate verification but the request fails again with 403:

grafik.png

All the best
Simon

Lukas Klinghammer August 31, 2022

Hello @Mateus T ,
I find myself in almost the exact same situation as Simon. The webhooks only work when the 'Skip certificate verification' box is ticked. When we want the webhooks to verify our certificate we get the same error as in the opener of this discussion:

image.png

Now the difference to the original post is that we don't use a self signed certificate. I'm able to connect to Jenkins with the valid certificate through the browser and I'm able to call the webhook from Postman. Could you check to see where the validation fails?

If this is not the correct place to ask such a question you can happily refer me to the correct spot to do so.

Mateus T
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 2, 2022

Hi @Lukas Klinghammer,

Checking your Jenkins URL against an SSL analyzer, I was able to see that your certificate does have some issues making it not compliant and causing Bitbucket to refuse the connection. These were the issues I got:

jenkins.abeel.eu:8443: FAILED - Not compliant.
* maximum_certificate_lifespan: Certificate life span is 393 days, should be less than 366.
* ciphers: Cipher suites {'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256'} are supported, but should be rejected.
* dh_param_size: DH parameter size is 1024, should be superior or equal to 2048.

In this case, I'd check with your certificate providers to fix the issues mentioned above.

Cheers,

Mateus T

Like Lukas Klinghammer likes this
Lukas Klinghammer September 5, 2022

Hey Mateus,

thanks for the input, we were able to resolve the issue on Friday. We were missing intermediate certificates in our Jenkins ssl setup.

 

Kind regards,

Lukas

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events