update from sparkleup

This commit is contained in:
Madison Scott-Clary 2022-06-14 12:30:35 -07:00
parent 365cd69108
commit 0c12696503
1 changed files with 44 additions and 81 deletions

View File

@ -18,114 +18,81 @@
<p>You can install Jenkins later in this tutorial, if you don&rsquo;t have it installed yet.</p>
<h2 id="prerequisites">Prerequisites</h2>
<p>This guide assumes that you are using Ubuntu 22.04. Before you begin, you should have a non-<strong>root</strong> user account with <code>sudo</code> privileges set up on your system. You can learn how to do this by following the <a href="https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-22-04">Ubuntu 22.04 initial server setup tutorial</a>. You will also need the Nginx server installed and hosting your domain. You can learn how to do this with the <a href="https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-22-04">How To Install Nginx on Ubuntu 22.04 tutorial</a>.</p>
<p>Additionally, having your Jenkins instance secured by SSL is very important. If is visible on the internet, you can secure it with Let&rsquo;s Encrypt. You can learn how to do this with the <a href="https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-22-04">How to Secure Nginx with Let&rsquo;s Encrypt on Ubuntu 22.04 tutorial</a>.</p>
<p>Additionally, having your Jenkins instance secured by SSL is very important. If is visible on the internet, you can secure it with Let&rsquo;s Encrypt. You can learn how to do this with the <a href="https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-22-04">How to Secure Nginx with Let&rsquo;s Encrypt on Ubuntu 22.04 tutorial</a>.
As stated previously, this tutorial assumes that Jenkins is already installed. <a href="https://www.digitalocean.com/community/tutorials/how-to-install-and-use-jenkins-on-ubuntu-12-04">This tutorial</a> will show you how to install Jenkins if necessary. You will probably need to switch to the root user for that article.</p>
<h2 id="step-1-configure-nginx">Step 1 — Configure Nginx</h2>
<p>Nginx has become a favorite web server for its speed and flexibility in recent years, which makes it an idea choice for our application.</p>
<h3 id="get-a-certificate">Get a Certificate</h3>
<p>Next, you will need to purchase or create an SSL certificate. These commands are for a self-signed certificate, but you should get an officially <a href="https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs">signed certificate</a> if you want to avoid browser warnings.</p>
<p>Move into the proper directory and generate a certificate:</p>
<div class="codehilite"><pre><span></span><code>cd /etc/nginx
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/cert.key -out /etc/nginx/cert.crt
</code></pre></div>
<p>You will be prompted to enter some information about the certificate. You can fill this out however you&rsquo;d like; just be aware the information will be visible in the certificate properties. We&rsquo;ve set the number of bits to 2048 since that&rsquo;s the minimum needed to get it signed by a CA. If you want to get the certificate signed, you will need to create a CSR.</p>
<h3 id="edit-the-configuration">Edit the Configuration</h3>
<p>Next you will need to edit the default Nginx configuration file.</p>
<div class="codehilite"><pre><span></span><code>sudo nano /etc/nginx/sites-enabled/default
</code></pre></div>
<p>Here is what the final configuration might look like; the sections are broken down and briefly explained below. You can update or replace the existing config file, although you may want to make a quick copy first.</p>
<div class="codehilite"><pre><span></span><code><span class="n">server</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">listen</span><span class="w"> </span><span class="mi">80</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="mi">301</span><span class="w"> </span><span class="n">https</span><span class="p">:</span><span class="o">//$</span><span class="n">host</span><span class="o">$</span><span class="n">request_uri</span><span class="p">;</span><span class="w"></span>
<div class="codehilite"><pre><span></span><code><span class="k">server</span><span class="w"> </span><span class="p">{</span><span class="kn">23</span><span class="w"></span>
<span class="w"> </span><span class="s">listen</span><span class="w"> </span><span class="mi">80</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">return</span><span class="w"> </span><span class="mi">301</span><span class="w"> </span><span class="s">https://</span><span class="nv">$host$request_uri</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="n">server</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="k">server</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">listen</span><span class="w"> </span><span class="mi">443</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">server_name</span><span class="w"> </span><span class="o">&lt;^&gt;</span><span class="n">jenkins</span><span class="o">.</span><span class="n">domain</span><span class="o">.</span><span class="n">com</span><span class="o">&lt;^&gt;</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">listen</span><span class="w"> </span><span class="mi">443</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">server_name</span><span class="w"> </span><span class="s">&lt;^&gt;jenkins.domain.com&lt;^&gt;</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">ssl_certificate</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">cert</span><span class="o">.</span><span class="n">crt</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">ssl_certificate_key</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">cert</span><span class="o">.</span><span class="n">key</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">access_log</span><span class="w"> </span><span class="s">/var/log/nginx/jenkins.access.log</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">ssl</span><span class="w"> </span><span class="n">on</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">ssl_session_cache</span><span class="w"> </span><span class="n">builtin</span><span class="p">:</span><span class="mi">1000</span><span class="w"> </span><span class="n">shared</span><span class="p">:</span><span class="n">SSL</span><span class="p">:</span><span class="mi">10</span><span class="n">m</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">ssl_protocols</span><span class="w"> </span><span class="n">TLSv1</span><span class="w"> </span><span class="n">TLSv1</span><span class="o">.</span><span class="mi">1</span><span class="w"> </span><span class="n">TLSv1</span><span class="o">.</span><span class="mi">2</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">ssl_ciphers</span><span class="w"> </span><span class="n">HIGH</span><span class="p">:</span><span class="o">!</span><span class="n">aNULL</span><span class="p">:</span><span class="o">!</span><span class="n">eNULL</span><span class="p">:</span><span class="o">!</span><span class="n">EXPORT</span><span class="p">:</span><span class="o">!</span><span class="n">CAMELLIA</span><span class="p">:</span><span class="o">!</span><span class="n">DES</span><span class="p">:</span><span class="o">!</span><span class="n">MD5</span><span class="p">:</span><span class="o">!</span><span class="n">PSK</span><span class="p">:</span><span class="o">!</span><span class="n">RC4</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">ssl_prefer_server_ciphers</span><span class="w"> </span><span class="n">on</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">location</span><span class="w"> </span><span class="s">/</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">access_log</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="nb">log</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">jenkins</span><span class="o">.</span><span class="n">access</span><span class="o">.</span><span class="n">log</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">Host</span><span class="w"> </span><span class="nv">$host</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Real-IP</span><span class="w"> </span><span class="nv">$remote_addr</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-For</span><span class="w"> </span><span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-Proto</span><span class="w"> </span><span class="nv">$scheme</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">location</span><span class="w"> </span><span class="o">/</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="kn">proxy_pass</span><span class="w"> </span><span class="s">http://localhost:8080</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">proxy_read_timeout</span><span class="w"> </span><span class="mi">90</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">proxy_set_header</span><span class="w"> </span><span class="n">Host</span><span class="w"> </span><span class="o">$</span><span class="n">host</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">proxy_set_header</span><span class="w"> </span><span class="n">X</span><span class="o">-</span><span class="n">Real</span><span class="o">-</span><span class="n">IP</span><span class="w"> </span><span class="o">$</span><span class="n">remote_addr</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">proxy_set_header</span><span class="w"> </span><span class="n">X</span><span class="o">-</span><span class="n">Forwarded</span><span class="o">-</span><span class="n">For</span><span class="w"> </span><span class="o">$</span><span class="n">proxy_add_x_forwarded_for</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">proxy_set_header</span><span class="w"> </span><span class="n">X</span><span class="o">-</span><span class="n">Forwarded</span><span class="o">-</span><span class="n">Proto</span><span class="w"> </span><span class="o">$</span><span class="n">scheme</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="c1"># Fix the “It appears that your reverse proxy set up is broken&quot; error.</span><span class="w"></span>
<span class="w"> </span><span class="n">proxy_pass</span><span class="w"> </span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">localhost</span><span class="p">:</span><span class="mi">8080</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">proxy_read_timeout</span><span class="w"> </span><span class="mi">90</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">proxy_redirect</span><span class="w"> </span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">localhost</span><span class="p">:</span><span class="mi">8080</span><span class="w"> </span><span class="n">https</span><span class="p">:</span><span class="o">//&lt;^&gt;</span><span class="n">jenkins</span><span class="o">.</span><span class="n">domain</span><span class="o">.</span><span class="n">com</span><span class="o">&lt;^&gt;</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">proxy_redirect</span><span class="w"> </span><span class="s">http://localhost:8080</span><span class="w"> </span><span class="s">https://&lt;^&gt;jenkins.domain.com&lt;^&gt;</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="p">}</span><span class="w"></span>
<span class="w"> </span><span class="p">}</span><span class="w"></span>
<span class="w"> </span><span class="kn">...</span><span class="w"></span>
<span class="err">}</span><span class="w"></span>
</code></pre></div>
<p>In our configuration, the &lt;^&gt;cert.crt&lt;^&gt; and &lt;^&gt;cert.key&lt;^&gt; settings reflect the location where we created our SSL certificate. You will need to update the &lt;^&gt;server_name&lt;^&gt; and <code>proxy_redirect</code> lines with your own domain name. There is some additional Nginx magic going on as well that tells requests to be read by Nginx and rewritten on the response side to ensure the reverse proxy is working.</p>
<p>You will need to update the &lt;^&gt;server_name&lt;^&gt; and <code>proxy_redirect</code> lines with your own domain name. There is some additional Nginx magic going on as well that tells requests to be read by Nginx and rewritten on the response side to ensure the reverse proxy is working.</p>
<p>The first section tells the Nginx server to listen to any requests that come in on port 80 (default HTTP) and redirect them to HTTPS.</p>
<div class="codehilite"><pre><span></span><code><span class="o">...</span><span class="w"></span>
<span class="nt">server</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="err">listen</span><span class="w"> </span><span class="err">80</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">return</span><span class="w"> </span><span class="err">301</span><span class="w"> </span><span class="n">https</span><span class="p">:</span><span class="o">//</span><span class="err">$</span><span class="n">host</span><span class="err">$</span><span class="n">request_uri</span><span class="p">;</span><span class="w"></span>
<div class="codehilite"><pre><span></span><code><span class="k">...</span><span class="w"></span>
<span class="s">server</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="kn">listen</span><span class="w"> </span><span class="mi">80</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">return</span><span class="w"> </span><span class="mi">301</span><span class="w"> </span><span class="s">https://</span><span class="nv">$host$request_uri</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="o">...</span><span class="w"></span>
<span class="k">...</span><span class="w"></span>
</code></pre></div>
<p>Next we have the SSL settings. This is a good set of defaults but can definitely be expanded on. For more explanation, please read <a href="https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-nginx-for-ubuntu-14-04">this tutorial</a>.</p>
<div class="codehilite"><pre><span></span><code><span class="o">...</span><span class="w"></span>
<span class="w"> </span><span class="nt">listen</span><span class="w"> </span><span class="nt">443</span><span class="o">;</span><span class="w"></span>
<span class="w"> </span><span class="nt">server_name</span><span class="w"> </span><span class="o">&lt;^&gt;</span><span class="nt">jenkins</span><span class="p">.</span><span class="nc">domain</span><span class="p">.</span><span class="nc">com</span><span class="o">&lt;^&gt;;</span><span class="w"></span>
<p>After that, the proxying happens. It basically takes any incoming requests and proxies them to the Jenkins instance that is bound/listening to port 8080 on the local network interface. This is a slightly different situation, but <a href="https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-front-end-proxy-for-apache">this tutorial</a> has some good information about the Nginx proxy settings.</p>
<div class="codehilite"><pre><span></span><code><span class="k">...</span><span class="w"></span>
<span class="s">location</span><span class="w"> </span><span class="s">/</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="nt">ssl_certificate</span><span class="w"> </span><span class="o">/</span><span class="nt">etc</span><span class="o">/</span><span class="nt">nginx</span><span class="o">/</span><span class="nt">cert</span><span class="p">.</span><span class="nc">crt</span><span class="o">;</span><span class="w"></span>
<span class="w"> </span><span class="nt">ssl_certificate_key</span><span class="w"> </span><span class="o">/</span><span class="nt">etc</span><span class="o">/</span><span class="nt">nginx</span><span class="o">/</span><span class="nt">cert</span><span class="p">.</span><span class="nc">key</span><span class="o">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">Host</span><span class="w"> </span><span class="nv">$host</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Real-IP</span><span class="w"> </span><span class="nv">$remote_addr</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-For</span><span class="w"> </span><span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-Proto</span><span class="w"> </span><span class="nv">$scheme</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="nt">ssl</span><span class="w"> </span><span class="nt">on</span><span class="o">;</span><span class="w"></span>
<span class="w"> </span><span class="nt">ssl_session_cache</span><span class="w"> </span><span class="nt">builtin</span><span class="p">:</span><span class="nd">1000</span><span class="w"> </span><span class="nt">shared</span><span class="p">:</span><span class="nd">SSL</span><span class="p">:</span><span class="nd">10m</span><span class="o">;</span><span class="w"></span>
<span class="w"> </span><span class="nt">ssl_protocols</span><span class="w"> </span><span class="nt">TLSv1</span><span class="w"> </span><span class="nt">TLSv1</span><span class="p">.</span><span class="nc">1</span><span class="w"> </span><span class="nt">TLSv1</span><span class="p">.</span><span class="nc">2</span><span class="o">;</span><span class="w"></span>
<span class="w"> </span><span class="nt">ssl_ciphers</span><span class="w"> </span><span class="nt">HIGH</span><span class="o">:!</span><span class="nt">aNULL</span><span class="o">:!</span><span class="nt">eNULL</span><span class="o">:!</span><span class="nt">EXPORT</span><span class="o">:!</span><span class="nt">CAMELLIA</span><span class="o">:!</span><span class="nt">DES</span><span class="o">:!</span><span class="nt">MD5</span><span class="o">:!</span><span class="nt">PSK</span><span class="o">:!</span><span class="nt">RC4</span><span class="o">;</span><span class="w"></span>
<span class="w"> </span><span class="nt">ssl_prefer_server_ciphers</span><span class="w"> </span><span class="nt">on</span><span class="o">;</span><span class="w"></span>
<span class="w"> </span><span class="o">...</span><span class="w"></span>
</code></pre></div>
<span class="w"> </span><span class="kn">proxy_pass</span><span class="w"> </span><span class="s">http://localhost:8080</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">proxy_read_timeout</span><span class="w"> </span><span class="mi">90</span><span class="p">;</span><span class="w"></span>
<p>The final section is where the proxying happens. It basically takes any incoming requests and proxies them to the Jenkins instance that is bound/listening to port 8080 on the local network interface. This is a slightly different situation, but <a href="https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-front-end-proxy-for-apache">this tutorial</a> has some good information about the Nginx proxy settings.</p>
<div class="codehilite"><pre><span></span><code><span class="o">...</span><span class="w"></span>
<span class="nt">location</span><span class="w"> </span><span class="o">/</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="err">proxy_set_header</span><span class="w"> </span><span class="err">Host</span><span class="w"> </span><span class="err">$host</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">proxy_set_header</span><span class="w"> </span><span class="err">X-Real-IP</span><span class="w"> </span><span class="err">$remote_addr</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">proxy_set_header</span><span class="w"> </span><span class="err">X-Forwarded-For</span><span class="w"> </span><span class="err">$proxy_add_x_forwarded_for</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">proxy_set_header</span><span class="w"> </span><span class="err">X-Forwarded-Proto</span><span class="w"> </span><span class="err">$scheme</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="err">Fix</span><span class="w"> </span><span class="err">the</span><span class="w"> </span><span class="err">“It</span><span class="w"> </span><span class="err">appears</span><span class="w"> </span><span class="err">that</span><span class="w"> </span><span class="err">your</span><span class="w"> </span><span class="err">reverse</span><span class="w"> </span><span class="err">proxy</span><span class="w"> </span><span class="err">set</span><span class="w"> </span><span class="err">up</span><span class="w"> </span><span class="err">is</span><span class="w"> </span><span class="err">broken&quot;</span><span class="w"> </span><span class="err">error.</span><span class="w"></span>
<span class="w"> </span><span class="err">proxy_pass</span><span class="w"> </span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">localhost</span><span class="o">:</span><span class="mi">8080</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">proxy_read_timeout</span><span class="w"> </span><span class="err">90</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">proxy_redirect</span><span class="w"> </span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">localhost</span><span class="o">:</span><span class="mi">8080</span><span class="w"> </span><span class="n">https</span><span class="o">://&lt;^&gt;</span><span class="n">jenkins</span><span class="o">.</span><span class="n">domain</span><span class="o">.</span><span class="n">com</span><span class="o">&lt;^&gt;</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">proxy_redirect</span><span class="w"> </span><span class="s">http://localhost:8080</span><span class="w"> </span><span class="s">https://&lt;^&gt;jenkins.domain.com&lt;^&gt;</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="o">...</span><span class="w"></span>
<span class="k">...</span><span class="w"></span>
</code></pre></div>
<p>A few quick things to point out here. If you don&rsquo;t have a domain name that resolves to your Jenkins server, then the &lt;^&gt;proxy_redirect&lt;^&gt; statement above won&rsquo;t function correctly without modification, so keep that in mind. Also, if you misconfigure the &lt;^&gt;proxy_pass&lt;^&gt; (by adding a trailing slash for example), you will get something similar to the following in your Jenkins Configuration page.</p>
<p><img alt="Jenkins error: Reverse proxy set up is broken" src="https://assets.digitalocean.com/articles/nginx_jenkins/1.jpg" /></p>
<p>So, if you see this error, double-check your &lt;^&gt;proxy_pass&lt;^&gt; and &lt;^&gt;proxy_redirect&lt;^&gt; settings in the Nginx configuration!</p>
<h2 id="step-two-configure-jenkins">Step Two — Configure Jenkins</h2>
<p>As stated previously, this tutorial assumes that Jenkins is already installed. <a href="https://www.digitalocean.com/community/tutorials/how-to-install-and-use-jenkins-on-ubuntu-12-04">This tutorial</a> will show you how to install Jenkins if necessary. You will probably need to switch to the root user for that article.</p>
<p>For Jenkins to work with Nginx, we need to update the Jenkins config to listen only on the localhost interface instead of all (0.0.0.0), to ensure traffic gets handled properly. This is an important step because if Jenkins is still listening on all interfaces, then it will still potentially be accessible via its original port (8080). We will modify the &lt;^&gt;/etc/default/jenkins&lt;^&gt; configuration file to make these adjustments.</p>
<h2 id="step-2-configure-jenkins">Step 2 — Configure Jenkins</h2>
<p>For Jenkins to work with Nginx, we need to update the Jenkins config to listen only on the localhost address instead of all (0.0.0.0), to ensure traffic gets handled properly. This is an important security step because if Jenkins is still listening on all addresses, then it will still potentially be accessible via its original port (8080). We will modify the &lt;^&gt;/etc/default/jenkins&lt;^&gt; configuration file to make these adjustments.</p>
<div class="codehilite"><pre><span></span><code>sudo nano /etc/default/jenkins
</code></pre></div>
<p>Locate the <code>JENKINS\_ARGS</code> line and update it to look like the folowing:</p>
<p>Locate the <code>JENKINS\_ARGS</code> line and update it to look like the following:</p>
<div class="codehilite"><pre><span></span><code><span class="n">JENKINS_ARGS</span><span class="o">=</span><span class="s2">&quot;--webroot=/var/cache/jenkins/war --httpListenAddress=127.0.0.1 --httpPort=$HTTP_PORT -ajp13Port=$AJP_PORT&quot;</span><span class="w"></span>
</code></pre></div>
@ -135,14 +102,10 @@ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/cert
sudo service nginx restart
</code></pre></div>
<p>You should now be able to visit your domain using either HTTP or HTTPS, and the Jenkins site will be served securely. You will see a certificate warning if you used a self-signed certificate.</p>
<p>You should now be able to visit your domain using HTTPS, and the Jenkins site will be served securely.</p>
<h2 id="optional-update-oauth-urls">Optional — Update OAuth URLs</h2>
<p>If you are using the GitHub or another OAuth plugin for authentication, it will probably be broken at this point. For example, when attempting to visit the URL, you will get a &ldquo;Failed to open page&rdquo; with a URL similar to the following:</p>
<div class="codehilite"><pre><span></span><code><span class="nv">http</span>:<span class="o">//</span><span class="nv">jenkins</span>.<span class="nv">domain</span>.<span class="nv">com</span>:<span class="mi">8080</span><span class="o">/</span><span class="nv">securityRealm</span><span class="o">/</span><span class="nv">finishLogin</span>?<span class="nv">code</span><span class="o">=</span><span class="k">random</span><span class="o">-</span><span class="nv">string</span>
</code></pre></div>
<p>To fix this you will need to update a few settings, including your OAuth plugin settings. First update the Jenkins URL (in the Jenkins GUI); it can be found here:</p>
<p><strong>Jenkins -&gt; Manage Jenkins -&gt; Configure System -&gt; Jenkins Location</strong></p>
<p>If you are using the GitHub or another OAuth plugin for authentication, it will probably be broken at this point. For example, when attempting to visit the URL, you will get a &ldquo;Failed to open page&rdquo; with a URL similar to <code>http://jenkins.domain.com:8080/securityRealm/finishLogin?code=random-string</code>.</p>
<p>To fix this you will need to update a few settings within Jenkins, including your OAuth plugin settings. First update the Jenkins URL in the Jenkins GUI; it can be found in the <strong>Jenkins -&gt; Manage Jenkins -&gt; Configure System -&gt; Jenkins Location</strong> menu.</p>
<p>Update the Jenkins URL to use HTTPS - <code>https://&lt;^&gt;jenkins.domain.com/&lt;^&gt;</code></p>
<p><img alt="Jenkins URL" src="https://assets.digitalocean.com/articles/nginx_jenkins/2.jpg" /></p>
<p>Next, update your OAuth settings with the external provider. This example is for GitHub. On GitHub, this can be found under <strong>Settings -&gt; Applications -&gt; Developer applications</strong>, on the GitHub site.</p>
@ -153,7 +116,7 @@ sudo service nginx restart
<p>You may also want to use your browser to examine your certificate. You should be able to click the lock to look at the certificate properties from within your browser.</p>
</article>
<footer>
<p>Page generated on 2022-06-13</p>
<p>Page generated on 2022-06-14</p>
</footer>
</main>
<script type="text/javascript">