Sunday, February 10, 2019

Jenkins - How To Configure Behind Nginx HTTP/HTTPS Proxy

This blog shows you how to configure Jenkins behind a Nginx proxy server. One typical use case is that you want to add ssl certificate to secure your Jenkins traffic.

Environment:

Jenkins: v2.155
Nginx: v1.14.1

Assuming you already have Nginx and Jenkins installed and running. If you don't, I will put up some other posts for how to install Nginx and Jenkins.

By default, you Jenkins process is running on port 8080, you probably access it via a DNS name, such as:
http://jenkins.lixu.ca:8080
or
https://jenkins.lixu.ca:8080

This blog will help you configure Jenkins behind both http and https protocols. At the end, you should be able to access your Jenkins server via:
http://jenkins.lixu.ca
and
https://jenkins.lixu.ca

Prepare SSL Certificates for HTTPS

If you doing HTTPS as well, assume you already have the certificate (could be a self-signed cert). If you don't have it yet, you can check out my other blog Creating and Signing Your Certs.

Define upstream for both HTTP and HTTPS proxy_pass
Define a "upstream". An "upstream" could be one or more servers that can be referenced by "proxy_pass" later, this could save you define each servers later for HTTP and HTTPS separately.


upstream jenkins {
  server 127.0.0.1:8080 fail_timeout=0;
}




Note: You need to put define this upstream in the "http{}" block in your "nginx.conf".



Update Your Nginx HTTP Config:

You need to update the "server_name" and "location" definitions. For example:



server {
    upstream jenkins {
        server 127.0.0.1:8080 fail_timeout=0;
    }
 
    listen 80;
    server_name jenkins.lixu.ca;

    location / {
      proxy_set_header        Host $host:$server_port;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;


      # Fix the "It appears that your reverse proxy set up is broken" error.
      proxy_pass          http://jenkins;
      proxy_read_timeout  90;

      # Required for new HTTP-based CLI
      proxy_http_version 1.1;
      proxy_request_buffering off;
      # workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
      add_header 'X-SSH-Endpoint' 'jenkins.lixu.ca:50022' always;
    }
}




Restart you Nginx process, once it comes back up, you should be able to access your Jenkins UI through: http://jenkins.lixu.ca



Update Your Nginx HTTPs

Config

Similar to HTTP, update "server_name" and "location" definition:


server {
  listen 443 ssl;
  server_name jenkins.lixu.ca;

  ssl_certificate /etc/nginx/ssl/server.crt;
  ssl_certificate_key /etc/nginx/ssl/server.key;

  location / {
    proxy_set_header        Host $host:$server_port;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_redirect http:// https://;
    proxy_pass              http://jenkins;

    # Required for new HTTP-based CLI
    proxy_http_version 1.1;
    proxy_request_buffering off;
    proxy_buffering off; # Required for HTTP-based CLI to work over SSL

    # workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
    add_header 'X-SSH-Endpoint' 'jenkins.lixu.ca:50022' always;
  }
}




Restart you Nginx process, once it comes back up, you should be able to access your Jenkins UI through: https://jenkins.lixu.ca









Posted by



at





















Labels:
,






Location:
New York, NY, USA











No comments:











Post a Comment







        

      









Subscribe to:
Post Comments (Atom)