Https
Jenkins網路配置參數是在安裝還是執行jenkins時使用的?
安裝 Jenkins(老式方式,而不是 docker 容器)後,我意識到目前的 Jenkins 網路配置(所有預設設置)不允許我代理來自 nginx 的 https 請求。
所以我遇到了jenkins 網路配置,但是從它的編寫方式來看,我不知道是否必須停止 jenkins,並使用這些標誌重新執行它;或者如果我需要解除安裝它並以某種方式使用這些重新安裝它。
我應該如何配置詹金斯?
當您啟動 Jenkins 時,這些網路選項是 Jenkins 的命令行選項/參數,因此請停止並重新啟動 w/PARAMS,但是您已配置。
基本順序是:
java -jar jenkins.war [--option=value] [--option=value]
,或者,更完整地說:
$JAVA_HOME/bin/java $JENKINS_JAVA_OPTIONS -DJENKINS_HOME=$JENKINS_HOME -jar $JENKINS_WAR $PARAMS
不要混淆 JAVA_OPTS 和 JENKINS_OPTS (PARAMS)。
您可以通過執行獲得所有選項:
java -jar jenkins.war --help
for your current war。2.303.2(此時最新的 LTS)的選項如下。您可以在Docker 鏡像、rpm 包、suse init、debian init等的原始碼中看到啟動命令的範例。
C:\apps\j2>java -jar jenkins-2.303.2.war --help Running from: C:\apps\j2\jenkins-2.303.2.war webroot: $user.home/.jenkins Jenkins Automation Server Engine 2.303.2 Options: Usage: java -jar jenkins.war [--option=value] [--option=value] --webroot = folder where the WAR file is expanded into. Default is ${JENKINS_HOME}/war --pluginroot = folder where the plugin archives are expanded into. Default is ${JENKINS_HOME}/plugins (NOTE: this option does not change the directory where the plugin archives are stored) --extractedFilesFolder = folder where extracted files are to be located. Default is the temp folder --daemon = fork into background and run as daemon (Unix only) --logfile = redirect log messages to this file --enable-future-java = allows running with new Java versions which are not fully supported (class version 52 and above) --javaHome = Override the JAVA_HOME variable --toolsJar = The location of tools.jar. Default is JAVA_HOME/lib/tools.jar --config = load configuration properties from here. Default is ./winstone.properties --prefix = add this prefix to all URLs (eg http://localhost:8080/prefix/resource). Default is none --commonLibFolder = folder for additional jar files. Default is ./lib --extraLibFolder = folder for additional jar files to add to Jetty classloader --logThrowingLineNo = show the line no that logged the message (slow). Default is false --logThrowingThread = show the thread that logged the message. Default is false --debug = set the level of debug msgs (1-9). Default is 5 (INFO level) --httpPort = set the http listening port. -1 to disable, Default is 8080 --httpListenAddress = set the http listening address. Default is all interfaces --httpKeepAliveTimeout = how long idle HTTP keep-alive connections are kept around (in ms; default 5000)? --httpsPort = set the https listening port. -1 to disable, Default is disabled --httpsListenAddress = set the https listening address. Default is all interfaces --httpsKeepAliveTimeout = how long idle HTTPS keep-alive connections are kept around (in ms; default 5000)? --httpsKeyStore = the location of the SSL KeyStore file. Default is ./winstone.ks --httpsKeyStorePassword = the password for the SSL KeyStore file. Default is null --httpsKeyManagerType = the SSL KeyManagerFactory type (eg SunX509, IbmX509). Default is SunX509 --httpsPrivateKey = this switch with --httpsCertificate can be used to run HTTPS with OpenSSL secret key / --httpsCertificate file and the corresponding certificate file --httpsRedirectHttp = redirect http requests to https (requires both --httpPort and --httpsPort) --http2Port = set the http2 listening port. -1 to disable, Default is disabled --http2ListenAddress = set the http2 listening address. Default is all interfaces --excludeCipherSuites = set the ciphers to exclude (comma separated, use blank quote " " to exclude none) (default is // Exclude weak / insecure ciphers "^.*_(MD5|SHA|SHA1)$", // Exclude ciphers that don't support forward secrecy "^TLS_RSA_.*$", // The following exclusions are present to cleanup known bad cipher // suites that may be accidentally included via include patterns. // The default enabled cipher list in Java will not include these // (but they are available in the supported list). "^SSL_.*$", "^.*_NULL_.*$", "^.*_anon_.*$" --controlPort = set the shutdown/control port. -1 to disable, Default disabled --useJasper = enable jasper JSP handling (true/false). Default is false --sessionTimeout = set the http session timeout value in minutes. Default to what webapp specifies, and then to 60 minutes --sessionEviction = set the session eviction timeout for idle sessions in seconds. Default value is 180. -1 never evict, 0 evict on exit --mimeTypes=ARG = define additional MIME type mappings. ARG would be EXT=MIMETYPE:EXT=MIMETYPE:... (e.g., xls=application/vnd.ms-excel:wmf=application/x-msmetafile) --requestHeaderSize=N = set the maximum size in bytes of the request header. Default is 8192. --maxParamCount=N = set the max number of parameters allowed in a form submission to protect against hash DoS attack (oCERT #2011-003). Default is 10000. --useJmx = Enable Jetty Jmx --qtpMaxThreadsCount = max threads number when using Jetty Queued Thread Pool --jettyAcceptorsCount = Jetty Acceptors number --jettySelectorsCount = Jetty Selectors number --usage / --help = show this message Security options: --realmClassName = Set the realm class to use for user authentication. Defaults to ArgumentsRealm class --argumentsRealm.passwd.<user> = Password for user <user>. Only valid for the ArgumentsRealm realm class --argumentsRealm.roles.<user> = Roles for user <user> (comma separated). Only valid for the ArgumentsRealm realm class --fileRealm.configFile = File containing users/passwds/roles. Only valid for the FileRealm realm class Access logging: --accessLoggerClassName = Set the access logger class to use for user authentication. Defaults to disabled --simpleAccessLogger.format = The log format to use. Supports combined/common/resin/custom (SimpleAccessLogger only) --simpleAccessLogger.file = The location pattern for the log file(SimpleAccessLogger only)
筆記:
還有其他“受系統屬性控制的 Jenkins 功能”。這些是違反直覺的(即:JENKINS_JAVA_OPTIONS):
系統屬性是通過傳遞
-Dproperty=value
給java 命令行以啟動 Jenkins 來定義的。確保在 -jar 參數之前傳遞所有這些參數,否則它們將被忽略。附加網路說明: