Tim*_*Tim 39 ssl https jenkins
我有一个运行 Jenkins 的 Fedora 服务器,我通过 yum 安装它。一切正常,我可以使用http://ci.mydomain.com.
但是现在,我想使用它来访问它,https://ci.mydomain.com因此使用用户名和密码的登录是加密的。
我怎样才能做到这一点?
以下是我的/etc/sysconfig/jenkins文件。启动 Jenkins 有效,但我无法使用带有https://ci.mydomain.com或的网络浏览器访问 Jenkins http://ci.mydomain.com:443,...
## Path: Development/Jenkins
## Description: Configuration for the Jenkins continuous build server
## Type: string
## Default: "/var/lib/jenkins"
## ServiceRestart: jenkins
#
# Directory where Jenkins store its configuration and working
# files (checkouts, build reports, artifacts, ...).
#
JENKINS_HOME="/var/lib/jenkins"
## Type: string
## Default: ""
## ServiceRestart: jenkins
#
# Java executable to run Jenkins
# When left empty, we'll try to find the suitable Java.
#
JENKINS_JAVA_CMD=""
## Type: string
## Default: "jenkins"
## ServiceRestart: jenkins
#
# Unix user account that runs the Jenkins daemon
# Be careful when you change this, as you need to update
# permissions of $JENKINS_HOME and /var/log/jenkins.
#
JENKINS_USER="jenkins"
## Type: string
## Default: "-Djava.awt.headless=true"
## ServiceRestart: jenkins
#
# Options to pass to java when running Jenkins.
#
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true"
## Type: integer(0:65535)
## Default: 8080
## ServiceRestart: jenkins
#
# Port Jenkins is listening on.
#
JENKINS_PORT="8080"
## Type: integer(1:9)
## Default: 5
## ServiceRestart: jenkins
#
# Debug level for logs -- the higher the value, the more verbose.
# 5 is INFO.
#
JENKINS_DEBUG_LEVEL="5"
## Type: yesno
## Default: no
## ServiceRestart: jenkins
#
# Whether to enable access logging or not.
#
JENKINS_ENABLE_ACCESS_LOG="no"
## Type: integer
## Default: 100
## ServiceRestart: jenkins
#
# Maximum number of HTTP worker threads.
#
JENKINS_HANDLER_MAX="100"
## Type: integer
## Default: 20
## ServiceRestart: jenkins
#
# Maximum number of idle HTTP worker threads.
#
JENKINS_HANDLER_IDLE="20"
## Type: string
## Default: ""
## ServiceRestart: jenkins
#
# Pass arbitrary arguments to Jenkins.
# Full option list: java -jar jenkins.war --help
#
JENKINS_ARGS="--httpsPort=443 --httpsKeyStore=/root/.keystore --httpsKeyStorePassword=MYPASSWORD"
小智 21
以防万一您使用的是 Nginx 而不是 Apache,您可能希望proxy_redirect http:// https://;在响应从 Jenkins 返回时使用重写 Location 标头。
一个完整的 nginx 设置,其中 SSL 与 Nginx 终止并使用 8080 在内部代理到 Jenkins 可能如下所示:
upstream jenkins {
server 127.0.0.1:8080 fail_timeout=0;
}
server {
listen 80 default;
server_name 127.0.0.1 *.mydomain.com;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443 default ssl;
server_name 127.0.0.1 *.mydomain.com;
ssl_certificate /etc/ssl/certs/my.crt;
ssl_certificate_key /etc/ssl/private/my.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
# auth_basic "Restricted";
# auth_basic_user_file /home/jenkins/htpasswd;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http:// https://;
add_header Pragma "no-cache";
proxy_pass http://jenkins;
}
}
Bru*_*uno 17
此页面应该可以帮助您在 Apache 后面进行设置(它将处理 HTTPS):https : //wiki.eclipse.org/Hudson-ci/Running_Hudson_behind_Apache
除了作为“正常”反向代理之外,您还需要这个(如该页面所示):
Header edit Location ^http://www.example.com/hudson/ https://www.example.com/hudson/
Ada*_*fer 15
请注意(有时?)Jenkins 可以为您生成密钥,您需要做的就是--httpsPort=(portnum)在JENKINS_ARGS.
在我的情况下,我设置JENKINS_PORT="-1"(禁用 http)并设置--httpsPort=8080它对我自己的目的很有效。
请注意,任何低于 1000 的端口通常都需要 root 访问权限,因此请选择高于该端口的端口...
(链接以获取更多信息)
Lor*_*ren 10
对于 Ubuntu 服务器(假设您安装了apt-get install jenkins):
您需要/etc/default/jenkins在文件底部进行编辑,编辑 Jenkins_args。在我的参数中,我禁用了 http 访问(使用 -1)并将 SSL 放在默认的 Jenkins 端口(8080)上。这里最重要的部分是你发送了一个 httpsPort 和证书/密钥(如果你有的话,否则你可以把它们留给自己生成的)。我将 crts 放在 apache 中,然后将它们用于两者,但您可以将它们放在任何地方。
JENKINS_ARGS="--webroot=/var/cache/jenkins/war --httpsPort=$HTTP_PORT --httpPort=-1 --httpsCertificate=/etc/apache2/ssl.crt/CERT.crt --httpsPrivateKey=/etc/apache2/ssl.key/KEY.key --ajp13Port=$AJP_PORT"
在某些情况下,您必须使用 Java 密钥库。首先,转换您的密钥:
openssl pkcs12 -inkey /var/lib/jenkins/jenkins.key.pem -in /var/lib/jenkins/jenkins.crt.pem -export -out keys.pkcs12
keytool -importkeystore -srckeystore keys.pkcs12 -srcstoretype pkcs12 -destkeystore jenkins.jks
现在使用Jenkins args
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpsPort=$HTTP_PORT --httpPort=-1 --httpsKeyStore=/etc/apache2/ssl.crt/jenkins.jks --httpsKeyStorePassword=thePassword --ajp13Port=$AJP_PORT"
另请参阅https://serverfault.com/a/569898/300544