我有一个运行Jenkins的Fedora服务器,我通过yum安装。 一切都还好,我可以用http://ci.mydomain.com访问它。
但现在,我想通过https://ci.mydomain.com访问它,所以用户名和密码的login被encryption。
我该怎么做?
以下是我的/etc/sysconfig/jenkins文件。 开始jenkins的作品,但我不能访问jenkins与https://ci.mydomain.com或http://ci.mydomain.com:443网页浏览器,…
## Path: Development/Jenkins ## Description: Configuration for the Jenkins continuous build server ## Type: string ## Default: "/var/lib/jenkins" ## ServiceRestart: jenkins # # Directory where Jenkins store its configuration and working # files (checkouts, build reports, artifacts, ...). # JENKINS_HOME="/var/lib/jenkins" ## Type: string ## Default: "" ## ServiceRestart: jenkins # # Java executable to run Jenkins # When left empty, we'll try to find the suitable Java. # JENKINS_JAVA_CMD="" ## Type: string ## Default: "jenkins" ## ServiceRestart: jenkins # # Unix user account that runs the Jenkins daemon # Be careful when you change this, as you need to update # permissions of $JENKINS_HOME and /var/log/jenkins. # JENKINS_USER="jenkins" ## Type: string ## Default: "-Djava.awt.headless=true" ## ServiceRestart: jenkins # # Options to pass to java when running Jenkins. # JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true" ## Type: integer(0:65535) ## Default: 8080 ## ServiceRestart: jenkins # # Port Jenkins is listening on. # JENKINS_PORT="8080" ## Type: integer(1:9) ## Default: 5 ## ServiceRestart: jenkins # # Debug level for logs -- the higher the value, the more verbose. # 5 is INFO. # JENKINS_DEBUG_LEVEL="5" ## Type: yesno ## Default: no ## ServiceRestart: jenkins # # Whether to enable access logging or not. # JENKINS_ENABLE_ACCESS_LOG="no" ## Type: integer ## Default: 100 ## ServiceRestart: jenkins # # Maximum number of HTTP worker threads. # JENKINS_HANDLER_MAX="100" ## Type: integer ## Default: 20 ## ServiceRestart: jenkins # # Maximum number of idle HTTP worker threads. # JENKINS_HANDLER_IDLE="20" ## Type: string ## Default: "" ## ServiceRestart: jenkins # # Pass arbitrary arguments to Jenkins. # Full option list: java -jar jenkins.war --help # JENKINS_ARGS="--httpsPort=443 --httpsKeyStore=/root/.keystore --httpsKeyStorePassword=MYPASSWORD"
这个页面应该可以帮助你在Apache(它将处理HTTPS)后面设置它: http : //wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache
除了是一个“正常”的反向代理,你需要这个(如该页面所示):
Header edit Location ^http://www.example.com/hudson/ https://www.example.com/hudson/
如果你使用Nginx而不是Apache,你可能想使用proxy_redirect http:// https://; 当Jenkins响应回来时重写Location头。
一个完整的nginx设置,其中SSL终止于Nginx并使用8080在内部代理Jenkins,可能如下所示:
upstream jenkins { server 127.0.0.1:8080 fail_timeout=0; } server { listen 80 default; server_name 127.0.0.1 *.mydomain.com; rewrite ^ https://$server_name$request_uri? permanent; } server { listen 443 default ssl; server_name 127.0.0.1 *.mydomain.com; ssl_certificate /etc/ssl/certs/my.crt; ssl_certificate_key /etc/ssl/private/my.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers HIGH:!ADH:!MD5; ssl_prefer_server_ciphers on; # auth_basic "Restricted"; # auth_basic_user_file /home/jenkins/htpasswd; location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect http:// https://; add_header Pragma "no-cache"; proxy_pass http://jenkins; } }
请注意(有些时候?)Jenkins可以为您生成密钥,您只需在--httpsPort=(portnum)设置--httpsPort=(portnum)参数JENKINS_ARGS 。
在我的情况下,我设置JENKINS_PORT="-1" (禁用HTTP),并设置--httpsPort=8080这对我自己的目的很好。
请注意,任何1000以下的端口通常需要root权限,所以select一个比这更高的端口。
( 链接更多信息)
对于Ubuntu服务器(假设你安装了apt-get install jenkins ):
你需要编辑文件底部的/etc/default/jenkins ,编辑Jenkins_args。 在我的参数中,我禁用了http访问(使用-1)并将SSL放在默认的Jenkins端口(8080)上。 这里最重要的部分是你发送了一个httpsPort和证书/密钥(如果你有一个,否则你可以把它们留给自己生成的)。 我把crts放在apache中,然后用它们,但是你可以把它们放在任何地方。
JENKINS_ARGS="--webroot=/var/cache/jenkins/war --httpsPort=$HTTP_PORT --httpPort=-1 --httpsCertificate=/etc/apache2/ssl.crt/CERT.crt --httpsPrivateKey=/etc/apache2/ssl.key/KEY.key --ajp13Port=$AJP_PORT"
在某些情况下,您将不得不使用Java密钥库。 首先,转换你的钥匙:
openssl pkcs12 -inkey /var/lib/jenkins/jenkins.key.pem -in /var/lib/jenkins/jenkins.crt.pem -export -out keys.pkcs12 keytool -importkeystore -srckeystore keys.pkcs12 -srcstoretype pkcs12 -destkeystore jenkins.jks
现在使用jenkins的参数
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpsPort=$HTTP_PORT --httpPort=-1 --httpsKeyStore=/etc/apache2/ssl.crt/jenkins.jks --httpsKeyStorePassword=thePassword --ajp13Port=$AJP_PORT"