Ssl
如何將 Jenkins 與 SSL / https 一起使用
我有一個執行 Jenkins 的 Fedora 伺服器,我通過 yum 安裝它。一切正常,我可以使用
http://ci.mydomain.com
.但是現在,我想訪問它,
https://ci.mydomain.com
所以使用使用者名和密碼的登錄是加密的。我怎樣才能做到這一點?
以下是我的
/etc/sysconfig/jenkins
文件。啟動 Jenkins 有效,但我無法使用 webbrowser 訪問 Jenkinshttps://ci.mydomain.com
或http://ci.mydomain.com:443
, …## Path: Development/Jenkins ## Description: Configuration for the Jenkins continuous build server ## Type: string ## Default: "/var/lib/jenkins" ## ServiceRestart: jenkins # # Directory where Jenkins store its configuration and working # files (checkouts, build reports, artifacts, ...). # JENKINS_HOME="/var/lib/jenkins" ## Type: string ## Default: "" ## ServiceRestart: jenkins # # Java executable to run Jenkins # When left empty, we'll try to find the suitable Java. # JENKINS_JAVA_CMD="" ## Type: string ## Default: "jenkins" ## ServiceRestart: jenkins # # Unix user account that runs the Jenkins daemon # Be careful when you change this, as you need to update # permissions of $JENKINS_HOME and /var/log/jenkins. # JENKINS_USER="jenkins" ## Type: string ## Default: "-Djava.awt.headless=true" ## ServiceRestart: jenkins # # Options to pass to java when running Jenkins. # JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true" ## Type: integer(0:65535) ## Default: 8080 ## ServiceRestart: jenkins # # Port Jenkins is listening on. # JENKINS_PORT="8080" ## Type: integer(1:9) ## Default: 5 ## ServiceRestart: jenkins # # Debug level for logs -- the higher the value, the more verbose. # 5 is INFO. # JENKINS_DEBUG_LEVEL="5" ## Type: yesno ## Default: no ## ServiceRestart: jenkins # # Whether to enable access logging or not. # JENKINS_ENABLE_ACCESS_LOG="no" ## Type: integer ## Default: 100 ## ServiceRestart: jenkins # # Maximum number of HTTP worker threads. # JENKINS_HANDLER_MAX="100" ## Type: integer ## Default: 20 ## ServiceRestart: jenkins # # Maximum number of idle HTTP worker threads. # JENKINS_HANDLER_IDLE="20" ## Type: string ## Default: "" ## ServiceRestart: jenkins # # Pass arbitrary arguments to Jenkins. # Full option list: java -jar jenkins.war --help # JENKINS_ARGS="--httpsPort=443 --httpsKeyStore=/root/.keystore --httpsKeyStorePassword=MYPASSWORD"
此頁面應該可以幫助您在 Apache 後面設置它(它將處理 HTTPS):https ://wiki.eclipse.org/Hudson-ci/Running_Hudson_behind_Apache
除了成為“普通”反向代理之外,您還需要這個(如該頁面所示):
Header edit Location ^http://www.example.com/hudson/ https://www.example.com/hudson/
以防萬一您使用的是 Nginx 而不是 Apache,您可能希望
proxy_redirect http:// https://;
在響應從 Jenkins 返回時重寫 Location 標頭。一個完整的 nginx 設置,其中 SSL 使用 Nginx 終止並使用 8080 在內部代理到 Jenkins,可能如下所示:
upstream jenkins { server 127.0.0.1:8080 fail_timeout=0; } server { listen 80 default; server_name 127.0.0.1 *.mydomain.com; rewrite ^ https://$server_name$request_uri? permanent; } server { listen 443 default ssl; server_name 127.0.0.1 *.mydomain.com; ssl_certificate /etc/ssl/certs/my.crt; ssl_certificate_key /etc/ssl/private/my.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers HIGH:!ADH:!MD5; ssl_prefer_server_ciphers on; # auth_basic "Restricted"; # auth_basic_user_file /home/jenkins/htpasswd; location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect http:// https://; add_header Pragma "no-cache"; proxy_pass http://jenkins; } }