Https

Jenkins網路配置參數是在安裝還是執行jenkins時使用的?

  • October 27, 2021

安裝 Jenkins(老式方式,而不是 docker 容器)後,我意識到目前的 Jenkins 網路配置(所有預設設置)不允許我代理來自 nginx 的 https 請求。

所以我遇到了jenkins 網路配置,但是從它的編寫方式來看,我不知道是否必須停止 jenkins,並使用這些標誌重新執行它;或者如果我需要解除安裝它並以某種方式使用這些重新安裝它。

我應該如何配置詹金斯?

當您啟動 Jenkins 時,這些網路選項是 Jenkins 的命令行選項/參數,因此請停止並重新啟動 w/PARAMS,但是您已配置。

基本順序是: java -jar jenkins.war [--option=value] [--option=value],

或者,更完整地說:

$JAVA_HOME/bin/java $JENKINS_JAVA_OPTIONS -DJENKINS_HOME=$JENKINS_HOME -jar $JENKINS_WAR $PARAMS

不要混淆 JAVA_OPTS 和 JENKINS_OPTS (PARAMS)。

您可以通過執行獲得所有選項:java -jar jenkins.war --helpfor your current war。2.303.2(此時最新的 LTS)的選項如下。

您可以在Docker 鏡像rpm 包suse initdebian init等的原始碼中看到啟動命令的範例。

C:\apps\j2>java -jar jenkins-2.303.2.war  --help
Running from: C:\apps\j2\jenkins-2.303.2.war
webroot: $user.home/.jenkins
Jenkins Automation Server Engine 2.303.2

Options:
Usage: java -jar jenkins.war [--option=value] [--option=value]
  --webroot                = folder where the WAR file is expanded into. Default is ${JENKINS_HOME}/war
  --pluginroot             = folder where the plugin archives are expanded into. Default is ${JENKINS_HOME}/plugins
                             (NOTE: this option does not change the directory where the plugin archives are stored)
  --extractedFilesFolder   = folder where extracted files are to be located. Default is the temp folder
  --daemon                 = fork into background and run as daemon (Unix only)
  --logfile                = redirect log messages to this file
  --enable-future-java     = allows running with new Java versions which are not fully supported (class version 52 and above)
  --javaHome               = Override the JAVA_HOME variable
  --toolsJar               = The location of tools.jar. Default is JAVA_HOME/lib/tools.jar
  --config                 = load configuration properties from here. Default is ./winstone.properties
  --prefix                 = add this prefix to all URLs (eg http://localhost:8080/prefix/resource). Default is none
  --commonLibFolder        = folder for additional jar files. Default is ./lib

  --extraLibFolder         = folder for additional jar files to add to Jetty classloader

  --logThrowingLineNo      = show the line no that logged the message (slow). Default is false
  --logThrowingThread      = show the thread that logged the message. Default is false
  --debug                  = set the level of debug msgs (1-9). Default is 5 (INFO level)

  --httpPort               = set the http listening port. -1 to disable, Default is 8080
  --httpListenAddress      = set the http listening address. Default is all interfaces
  --httpKeepAliveTimeout   = how long idle HTTP keep-alive connections are kept around (in ms; default 5000)?
  --httpsPort              = set the https listening port. -1 to disable, Default is disabled
  --httpsListenAddress     = set the https listening address. Default is all interfaces
  --httpsKeepAliveTimeout  = how long idle HTTPS keep-alive connections are kept around (in ms; default 5000)?
  --httpsKeyStore          = the location of the SSL KeyStore file. Default is ./winstone.ks
  --httpsKeyStorePassword  = the password for the SSL KeyStore file. Default is null
  --httpsKeyManagerType    = the SSL KeyManagerFactory type (eg SunX509, IbmX509). Default is SunX509
  --httpsPrivateKey        = this switch with --httpsCertificate can be used to run HTTPS with OpenSSL secret key
    / --httpsCertificate     file and the corresponding certificate file
  --httpsRedirectHttp      = redirect http requests to https (requires both --httpPort and --httpsPort)
  --http2Port              = set the http2 listening port. -1 to disable, Default is disabled
  --http2ListenAddress     = set the http2 listening address. Default is all interfaces
  --excludeCipherSuites    = set the ciphers to exclude (comma separated, use blank quote " " to exclude none) (default is
                          // Exclude weak / insecure ciphers
                          "^.*_(MD5|SHA|SHA1)$",
                          // Exclude ciphers that don't support forward secrecy
                          "^TLS_RSA_.*$",
                          // The following exclusions are present to cleanup known bad cipher
                          // suites that may be accidentally included via include patterns.
                          // The default enabled cipher list in Java will not include these
                          // (but they are available in the supported list).
                          "^SSL_.*$",
                          "^.*_NULL_.*$",
                          "^.*_anon_.*$"
  --controlPort            = set the shutdown/control port. -1 to disable, Default disabled

  --useJasper              = enable jasper JSP handling (true/false). Default is false
  --sessionTimeout         = set the http session timeout value in minutes. Default to what webapp specifies, and then to 60 minutes
  --sessionEviction        = set the session eviction timeout for idle sessions in seconds. Default value is 180. -1 never evict, 0 evict on exit
  --mimeTypes=ARG          = define additional MIME type mappings. ARG would be EXT=MIMETYPE:EXT=MIMETYPE:...
                             (e.g., xls=application/vnd.ms-excel:wmf=application/x-msmetafile)
  --requestHeaderSize=N    = set the maximum size in bytes of the request header. Default is 8192.
  --maxParamCount=N        = set the max number of parameters allowed in a form submission to protect
                             against hash DoS attack (oCERT #2011-003). Default is 10000.
  --useJmx                 = Enable Jetty Jmx
  --qtpMaxThreadsCount     = max threads number when using Jetty Queued Thread Pool
  --jettyAcceptorsCount    = Jetty Acceptors number
  --jettySelectorsCount    = Jetty Selectors number
  --usage / --help         = show this message
Security options:
  --realmClassName               = Set the realm class to use for user authentication. Defaults to ArgumentsRealm class

  --argumentsRealm.passwd.<user> = Password for user <user>. Only valid for the ArgumentsRealm realm class
  --argumentsRealm.roles.<user>  = Roles for user <user> (comma separated). Only valid for the ArgumentsRealm realm class

  --fileRealm.configFile         = File containing users/passwds/roles. Only valid for the FileRealm realm class

Access logging:
  --accessLoggerClassName        = Set the access logger class to use for user authentication. Defaults to disabled
  --simpleAccessLogger.format    = The log format to use. Supports combined/common/resin/custom (SimpleAccessLogger only)
  --simpleAccessLogger.file      = The location pattern for the log file(SimpleAccessLogger only)

筆記:

還有其他“受系統屬性控制的 Jenkins 功能”。這些是違反直覺的(即:JENKINS_JAVA_OPTIONS):

系統屬性是通過傳遞-Dproperty=valuejava 命令行以啟動 Jenkins 來定義的。確保在 -jar 參數之前傳遞所有這些參數,否則它們將被忽略。

附加網路說明:

引用自:https://serverfault.com/questions/1081372