Ssl

如何將 Jenkins 與 SSL / https 一起使用

  • April 25, 2018

我有一個執行 Jenkins 的 Fedora 伺服器,我通過 yum 安裝它。一切正常,我可以使用http://ci.mydomain.com.

但是現在,我想訪問它,https://ci.mydomain.com所以使用使用者名和密碼的登錄是加密的。

我怎樣才能做到這一點?

以下是我的/etc/sysconfig/jenkins文件。啟動 Jenkins 有效,但我無法使用 webbrowser 訪問 Jenkinshttps://ci.mydomain.comhttp://ci.mydomain.com:443, …

## Path:        Development/Jenkins
## Description: Configuration for the Jenkins continuous build server
## Type:        string
## Default:     "/var/lib/jenkins"
## ServiceRestart: jenkins
#
# Directory where Jenkins store its configuration and working
# files (checkouts, build reports, artifacts, ...).
#
JENKINS_HOME="/var/lib/jenkins"

## Type:        string
## Default:     ""
## ServiceRestart: jenkins
#
# Java executable to run Jenkins
# When left empty, we'll try to find the suitable Java.
#
JENKINS_JAVA_CMD=""

## Type:        string
## Default:     "jenkins"
## ServiceRestart: jenkins
#
# Unix user account that runs the Jenkins daemon
# Be careful when you change this, as you need to update
# permissions of $JENKINS_HOME and /var/log/jenkins.
#
JENKINS_USER="jenkins"

## Type:        string
## Default:     "-Djava.awt.headless=true"
## ServiceRestart: jenkins
#
# Options to pass to java when running Jenkins.
#
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true"

## Type:        integer(0:65535)
## Default:     8080
## ServiceRestart: jenkins
#
# Port Jenkins is listening on.
#
JENKINS_PORT="8080"

## Type:        integer(1:9)
## Default:     5
## ServiceRestart: jenkins
#
# Debug level for logs -- the higher the value, the more verbose.
# 5 is INFO.
#
JENKINS_DEBUG_LEVEL="5"

## Type:        yesno
## Default:     no
## ServiceRestart: jenkins
#
# Whether to enable access logging or not.
#
JENKINS_ENABLE_ACCESS_LOG="no"

## Type:        integer
## Default:     100
## ServiceRestart: jenkins
#
# Maximum number of HTTP worker threads.
#
JENKINS_HANDLER_MAX="100"

## Type:        integer
## Default:     20
## ServiceRestart: jenkins
#
# Maximum number of idle HTTP worker threads.
#
JENKINS_HANDLER_IDLE="20"

## Type:        string
## Default:     ""
## ServiceRestart: jenkins
#
# Pass arbitrary arguments to Jenkins.
# Full option list: java -jar jenkins.war --help
#
JENKINS_ARGS="--httpsPort=443 --httpsKeyStore=/root/.keystore --httpsKeyStorePassword=MYPASSWORD"

此頁面應該可以幫助您在 Apache 後面設置它(它將處理 HTTPS):https ://wiki.eclipse.org/Hudson-ci/Running_Hudson_behind_Apache

除了成為“普通”反向代理之外,您還需要這個(如該頁面所示):

Header edit Location ^http://www.example.com/hudson/ https://www.example.com/hudson/

以防萬一您使用的是 Nginx 而不是 Apache,您可能希望proxy_redirect http:// https://;在響應從 Jenkins 返回時重寫 Location 標頭。

一個完整的 nginx 設置,其中 SSL 使用 Nginx 終止並使用 8080 在內部代理到 Jenkins,可能如下所示:

upstream jenkins {
 server 127.0.0.1:8080 fail_timeout=0;
}

server {
 listen 80 default;
 server_name 127.0.0.1 *.mydomain.com;
 rewrite ^ https://$server_name$request_uri? permanent;
}

server {
 listen 443 default ssl;
 server_name 127.0.0.1 *.mydomain.com;

 ssl_certificate           /etc/ssl/certs/my.crt;
 ssl_certificate_key       /etc/ssl/private/my.key;

 ssl_session_timeout  5m;
 ssl_protocols  SSLv3 TLSv1;
 ssl_ciphers HIGH:!ADH:!MD5;
 ssl_prefer_server_ciphers on;

 # auth_basic            "Restricted";
 # auth_basic_user_file  /home/jenkins/htpasswd;

 location / {
   proxy_set_header Host $http_host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-Proto https;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_redirect http:// https://;

   add_header Pragma "no-cache";

   proxy_pass http://jenkins;
 }
}

引用自:https://serverfault.com/questions/278555