Goals Link to heading
- Setup a Jenkins instance
- Configure Nginx reverse proxy
- Setup SSL
Step 1 - Install JDK Link to heading
sudo apt update
sudo apt install default-jdk
Step 2 - Add the GPG keys Link to heading
wget -q -O - https://pkg.jenkins.io/debian/jenkins.io.key | sudo apt-key add -
sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'
Step 3 - Install the package Link to heading
sudo apt update
sudo apt install jenkins
Step 4 - Start and enable Link to heading
sudo systemctl enable jenkins
sudo systemctl start jenkins
Step 5 - Setting up Link to heading
Visit server-ip:8080
Jenkins generates a random password by default. Get the password:
sudo cat /var/lib/jenkins/secrets/initialAdminPassword
Paste this password into the field
Step 6 - Installing plugins Link to heading
At this point, you would want to install the plugins you need. To get started I would suggest to just install the suggested plugins
Step 7 - Create the admin user Link to heading
You know how to fill a form. Create a user. From there it is pretty straight forward
Step 8 - Configuring Nginx reverse proxy Link to heading
Install Nginx Link to heading
sudo apt update
sudo apt install nginx
Create /etc/nginx/sites-enabled/jenkins.devops.esc.sh
Link to heading
Change the domain name obviously
server {
listen 80;
server_name jenkins.devops.esc.sh;
location / {
include /etc/nginx/proxy_params;
proxy_pass http://localhost:8080;
proxy_read_timeout 60s;
# Fix the "It appears that your reverse proxy set up is broken" error.
# Make sure the domain name is correct
proxy_redirect http://localhost:8080 https://jenkins.devops.esc.sh;
}
}
Verify the config and restart nginx Link to heading
nginx -t
sudo systemctl restart nginx
Fix if any syntax error
Step 9 - Change Jenkins bind address Link to heading
By default Jenkins listens on all network interfaces. But we need to disable it because we are using Nginx as a reverse proxy and there is no reason for Jenkins to be exposed to other network interfaces.
We can change this by editing
/etc/default/jenkins
Locate the line starting with JENKINS_ARGS (It’s usually the last line) and append
--httpListenAddress=127.0.0.1
So that the line resembles
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1"
Restart Jenkins
sudo systemctl restart jenkins
Make sure it is running fine
sudo systemctl status jenkins
Jenkins should load now, but on http only.
Step 9 - Configuring SSL Link to heading
There is a dedicated document for fetching and configuring SSL with Nginx with all the necessary documents. Go HERE
Come back here after that.
Make sure you have the certificate and key in location
root@jenkins-server:~# ls -l /etc/letsencrypt/live/jenkins.devops.esc.sh/
total 4
lrwxrwxrwx 1 root root 45 Sep 27 07:52 cert.pem -> ../../archive/jenkins.devops.esc.sh/cert1.pem
lrwxrwxrwx 1 root root 46 Sep 27 07:52 chain.pem -> ../../archive/jenkins.devops.esc.sh/chain1.pem
lrwxrwxrwx 1 root root 50 Sep 27 07:52 fullchain.pem -> ../../archive/jenkins.devops.esc.sh/fullchain1.pem
lrwxrwxrwx 1 root root 48 Sep 27 07:52 privkey.pem -> ../../archive/jenkins.devops.esc.sh/privkey1.pem
-rw-r--r-- 1 root root 692 Sep 27 07:52 README
root@jenkins-server:~#
Update the nginx config to look like this
server {
listen 80;
server_name jenkins.devops.esc.sh;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name jenkins.devops.esc.sh;
ssl_certificate /etc/letsencrypt/live/jenkins.devops.esc.sh/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jenkins.devops.esc.sh/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
include /etc/nginx/proxy_params;
proxy_pass http://localhost:8080;
proxy_read_timeout 60s;
# Fix the "It appears that your reverse proxy set up is broken" error.
# Make sure the domain name is correct
proxy_redirect http://localhost:8080 https://jenkins.devops.esc.sh;
}
}
Make sure nginx is alright nginx -t
Reload Nginx
sudo systemctl reload nginx
And that is pretty much it, Jenkins is up and ready with a freshly configured sweet sweet green padlocked SSL certificate