The video is very helpful for enabling SSL/TLS on the Jenkins controller. In my opinion, any sensitive information must be encrypted end-to-end. Otherwise, an internal intruder, attacker, or security engineer may extract the sensitive information using packet capture.
I didn't have it either. But as far as I'm aware it is just a variable that is used later in the same file to build JENKINS_ARGS (similar to how you might have had HTTP_PORT or something like that). So it's not a big deal if you didn't have it - you can just add it. To make it work though, you'll need to ensure that it's is properly used in JENKINST_ARGS params (again it should be defined in the same file, probably somewhere at the bottom of it), e.g. like this: JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpsPort=$JENKINS_HTTPS_PORT --httpPort=$HTTP_PORT --httpsKeyStore=[pass to your keystore] --httpsKeyStorePassword=[your keystore password here]"
Dear Darin, thanks for the nice video. Maybe a stupid question. Is it possible to host jenkins in virtual box and host it there only on demand. So it is not used that often, so running a server in the cloud even for very little money I consider is not really necessary. So I am asking specifically if it is possible to install, host and operate "occasionally" the jenkins incl. a proper ssl communication - accessible from the internet? I was trying now for about 3 days but I am unfortunately not eable to get the configuration right for having a jenkins instance avaialble from the internet with a proper ssl certificate. May I kindly ask for your help please? Or at least some hints on how to get that config right? (Btw. I already tried playing around with an apache2 in front of it with reverse proxy config - but also that didn't work out. Thank you so much in advance for your support. Kind regards, Mario
Dear all I finally found the answer to my question - it was not related to apache at all - what I head to do was simply changing the mode of networking in virtual box. Oh my god, it was so simple and I was searching for this for more than 3 days.... :-) Really glad I found it. In case anyone out there has a question regarding this problem, please let me know, maybe I can be of help here as I was really deep diving into this for the last week. Everything works, even with the proper certificates and so one - really nicely. Have a wonderful day. Kind regards, Mario
If I use 'systemctl edit jennkins' and simply add : [Service] Environment="JENKINS_PORT=-1" Environment="JENKINS_HTTPS_PORT=8443" and then restart the jenkins service, it fails to start with the following error: Job for jenkins.service failed because the control process exited with error code. See "systemctl status jenkins.service" and "journalctl -xeu jenkins.service" for details. Any ideas? (Ubuntu) The status and journal output aren't really of any help.
Did you confirm that Jenkins started successfully listening to that port? You can check that in Jenkins logs (on ubuntu it's /var/log/jenkins) and there you're supposed to see something like this "Started ServerConnector {SSL, (ssl, http/1.1)}{0.0.0.0:8443}" . If that looks OK, then it's probably firewall (e.g. cloud providers might enable UFW on Ubuntu). If you run it on Ubuntu try to do next: 1) Double check if port is open by running "ufw status" 2) If you don't see line like "8443 ALLOW Anywhere" then you might need to add it by running "sudo ufw allow 8443"
I agree with @Code Breakdown you should check your firewall settings and allow 8443 and after applying this, you'll need to run a reload to ensure changes are reflected.
A tip for the certs: # chmod 400 /var/lib/jenkins/.ssh/* and for the firewall : # firewall-cmd --permanent --add-port=443/tcp # firewall-cmd --permanent --add-forward-port=port=443:proto=tcp:toport=8443 # firewall-cmd --reload
This is the best explanation I've found on how to enable SSL/TLS Certs irregardless of this particular use case in Jenkins. Thank you!
The video is very helpful for enabling SSL/TLS on the Jenkins controller. In my opinion, any sensitive information must be encrypted end-to-end. Otherwise, an internal intruder, attacker, or security engineer may extract the sensitive information using packet capture.
This is the best tutorial for enable SSL in Jenkins!
I cant see "JENKINS_HTTPS_PORT" in the "/etc/default/Jenkins file " in ubuntu
I didn't have it either. But as far as I'm aware it is just a variable that is used later in the same file to build JENKINS_ARGS (similar to how you might have had HTTP_PORT or something like that). So it's not a big deal if you didn't have it - you can just add it.
To make it work though, you'll need to ensure that it's is properly used in JENKINST_ARGS params (again it should be defined in the same file, probably somewhere at the bottom of it), e.g. like this:
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpsPort=$JENKINS_HTTPS_PORT --httpPort=$HTTP_PORT --httpsKeyStore=[pass to your keystore] --httpsKeyStorePassword=[your keystore password here]"
Thanks a lot for this tutorial. Knowledge transferred fantastically. I have successfully installed the certificate on my Jenkins instance.
does this work if you have Jenkins running as docker on ec2 instance on aws ?
at 5:40 what key file how do you get this
how can i find the same solution in windows
In ubuntu 20.04, I couldn't find HTTPS on /etc/default/jenkins, how can I do that?
Same problem
Beautiful session
Unfortunately as of Jan 2024, the Jenkins installed on AlmaLinux9, the above video not applicable, there is no such jenkins file,
what are the list of certificate you have added in crt. file
I disabled port 8080, enabled port 8443, enabled 8443 on sg, restarted jenkins, but not able to access jenkins at ip:8443. Any help?
Hello, can someone help me. I create ssl certificate with openssl, and i trying configure my jenkins same with video, but it not work
very good explanation
Nice session 👍 sir
Dear Darin, thanks for the nice video. Maybe a stupid question. Is it possible to host jenkins in virtual box and host it there only on demand. So it is not used that often, so running a server in the cloud even for very little money I consider is not really necessary. So I am asking specifically if it is possible to install, host and operate "occasionally" the jenkins incl. a proper ssl communication - accessible from the internet? I was trying now for about 3 days but I am unfortunately not eable to get the configuration right for having a jenkins instance avaialble from the internet with a proper ssl certificate. May I kindly ask for your help please? Or at least some hints on how to get that config right? (Btw. I already tried playing around with an apache2 in front of it with reverse proxy config - but also that didn't work out. Thank you so much in advance for your support. Kind regards, Mario
Dear all I finally found the answer to my question - it was not related to apache at all - what I head to do was simply changing the mode of networking in virtual box. Oh my god, it was so simple and I was searching for this for more than 3 days.... :-) Really glad I found it. In case anyone out there has a question regarding this problem, please let me know, maybe I can be of help here as I was really deep diving into this for the last week. Everything works, even with the proper certificates and so one - really nicely. Have a wonderful day. Kind regards, Mario
Is this possible on windows?
bro canu tellme how u did it in windows?
thanks
So choppy
doesn't work on Ubuntu. in order to change HTTP, I must use "override.conf" file. If I use the same conf file, I can't define HTTPS port.
If I use 'systemctl edit jennkins' and simply add :
[Service]
Environment="JENKINS_PORT=-1"
Environment="JENKINS_HTTPS_PORT=8443"
and then restart the jenkins service, it fails to start with the following error:
Job for jenkins.service failed because the control process exited with error code.
See "systemctl status jenkins.service" and "journalctl -xeu jenkins.service" for details.
Any ideas? (Ubuntu) The status and journal output aren't really of any help.
do you have java installed right?
After enabling the https_port = 8443, when I type my ipv4 address for Jenkins with:8443 it says site cannot be reached
Did you confirm that Jenkins started successfully listening to that port?
You can check that in Jenkins logs (on ubuntu it's /var/log/jenkins) and there you're supposed to see something like this "Started ServerConnector {SSL, (ssl, http/1.1)}{0.0.0.0:8443}" .
If that looks OK, then it's probably firewall (e.g. cloud providers might enable UFW on Ubuntu). If you run it on Ubuntu try to do next:
1) Double check if port is open by running "ufw status"
2) If you don't see line like "8443 ALLOW Anywhere" then you might need to add it by running "sudo ufw allow 8443"
I agree with @Code Breakdown you should check your firewall settings and allow 8443 and after applying this, you'll need to run a reload to ensure changes are reflected.
A tip for the certs:
# chmod 400 /var/lib/jenkins/.ssh/*
and for the firewall :
# firewall-cmd --permanent --add-port=443/tcp
# firewall-cmd --permanent --add-forward-port=port=443:proto=tcp:toport=8443
# firewall-cmd --reload