How to Enable SSL in Jenkins
ฝัง
- เผยแพร่เมื่อ 4 ก.ค. 2024
- Need help with your Jenkins questions?
Visit community.jenkins.io/c/using-...
Timecodes ⏱:
00:00 Introduction
00:09 Overview
00:45 Starting point
01:23 Enable HTTPS port
02:48 Review self-signed certificate after enabling HTTPS port
04:07 Add SSL certificate and key to the Jenkins controller
09:17 Disable the HTTP port
11:36 Enable port forwarding using firewalld
13:19 Update the Jenkins URL
14:19 Why would you not follow this method of using SSL with Jenkins?
#jenkinstutorial #ssl
Information referenced in this video:
Gist:
gist.github.com/darinpope/8ea...
Jenkins LTS 2.289.3
www.jenkins.io/changelog-stab...
CloudBees on Twitter:
/ cloudbees
Darin on Twitter:
/ darinpope - วิทยาศาสตร์และเทคโนโลยี
This is the best explanation I've found on how to enable SSL/TLS Certs irregardless of this particular use case in Jenkins. Thank you!
Thanks a lot for this tutorial. Knowledge transferred fantastically. I have successfully installed the certificate on my Jenkins instance.
This is the best tutorial for enable SSL in Jenkins!
Beautiful session
The video is very helpful for enabling SSL/TLS on the Jenkins controller. In my opinion, any sensitive information must be encrypted end-to-end. Otherwise, an internal intruder, attacker, or security engineer may extract the sensitive information using packet capture.
very good explanation
Nice session 👍 sir
does this work if you have Jenkins running as docker on ec2 instance on aws ?
I cant see "JENKINS_HTTPS_PORT" in the "/etc/default/Jenkins file " in ubuntu
I didn't have it either. But as far as I'm aware it is just a variable that is used later in the same file to build JENKINS_ARGS (similar to how you might have had HTTP_PORT or something like that). So it's not a big deal if you didn't have it - you can just add it.
To make it work though, you'll need to ensure that it's is properly used in JENKINST_ARGS params (again it should be defined in the same file, probably somewhere at the bottom of it), e.g. like this:
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpsPort=$JENKINS_HTTPS_PORT --httpPort=$HTTP_PORT --httpsKeyStore=[pass to your keystore] --httpsKeyStorePassword=[your keystore password here]"
what are the list of certificate you have added in crt. file
Hello, can someone help me. I create ssl certificate with openssl, and i trying configure my jenkins same with video, but it not work
Dear Darin, thanks for the nice video. Maybe a stupid question. Is it possible to host jenkins in virtual box and host it there only on demand. So it is not used that often, so running a server in the cloud even for very little money I consider is not really necessary. So I am asking specifically if it is possible to install, host and operate "occasionally" the jenkins incl. a proper ssl communication - accessible from the internet? I was trying now for about 3 days but I am unfortunately not eable to get the configuration right for having a jenkins instance avaialble from the internet with a proper ssl certificate. May I kindly ask for your help please? Or at least some hints on how to get that config right? (Btw. I already tried playing around with an apache2 in front of it with reverse proxy config - but also that didn't work out. Thank you so much in advance for your support. Kind regards, Mario
Dear all I finally found the answer to my question - it was not related to apache at all - what I head to do was simply changing the mode of networking in virtual box. Oh my god, it was so simple and I was searching for this for more than 3 days.... :-) Really glad I found it. In case anyone out there has a question regarding this problem, please let me know, maybe I can be of help here as I was really deep diving into this for the last week. Everything works, even with the proper certificates and so one - really nicely. Have a wonderful day. Kind regards, Mario
Unfortunately as of Jan 2024, the Jenkins installed on AlmaLinux9, the above video not applicable, there is no such jenkins file,
how can i find the same solution in windows
thanks
at 5:40 what key file how do you get this
Is this possible to do on windows server 2022?
In ubuntu 20.04, I couldn't find HTTPS on /etc/default/jenkins, how can I do that?
Same problem
Is this possible on windows?
bro canu tellme how u did it in windows?
So choppy
I disabled port 8080, enabled port 8443, enabled 8443 on sg, restarted jenkins, but not able to access jenkins at ip:8443. Any help?
doesn't work on Ubuntu. in order to change HTTP, I must use "override.conf" file. If I use the same conf file, I can't define HTTPS port.
After enabling the https_port = 8443, when I type my ipv4 address for Jenkins with:8443 it says site cannot be reached
Did you confirm that Jenkins started successfully listening to that port?
You can check that in Jenkins logs (on ubuntu it's /var/log/jenkins) and there you're supposed to see something like this "Started ServerConnector {SSL, (ssl, http/1.1)}{0.0.0.0:8443}" .
If that looks OK, then it's probably firewall (e.g. cloud providers might enable UFW on Ubuntu). If you run it on Ubuntu try to do next:
1) Double check if port is open by running "ufw status"
2) If you don't see line like "8443 ALLOW Anywhere" then you might need to add it by running "sudo ufw allow 8443"
I agree with @Code Breakdown you should check your firewall settings and allow 8443 and after applying this, you'll need to run a reload to ensure changes are reflected.
If I use 'systemctl edit jennkins' and simply add :
[Service]
Environment="JENKINS_PORT=-1"
Environment="JENKINS_HTTPS_PORT=8443"
and then restart the jenkins service, it fails to start with the following error:
Job for jenkins.service failed because the control process exited with error code.
See "systemctl status jenkins.service" and "journalctl -xeu jenkins.service" for details.
Any ideas? (Ubuntu) The status and journal output aren't really of any help.
do you have java installed right?
A tip for the certs:
# chmod 400 /var/lib/jenkins/.ssh/*
and for the firewall :
# firewall-cmd --permanent --add-port=443/tcp
# firewall-cmd --permanent --add-forward-port=port=443:proto=tcp:toport=8443
# firewall-cmd --reload