Setting up Jenkins on CentOS 8
Here are my notes on how I got Jenkins working on CentOS 8. This is mainly so I can go to my blog instead of here.
Vanilla Jenkins
First thing first, we need some jdk
. Time to install it.
sudo dnf install -y java-1.8.0-openjdk-devel wget epel-release
Next, we need to install the jenkins
repo and get jenkins
installed.
sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo
sudo rpm --import https://jenkins-ci.org/redhat/jenkins-ci.org.key
sudo yum install jenkins
After installation, you need to start the service, and make sure your firewalld
is properly
configured:
sudo systemctl start jenkins
sudo systemctl enable jenkins
sudo systemctl status jenkins
sudo firewall-cmd --permanent --zone=public --add-port=8080/tcp
sudo firewall-cmd --reload
Awesome, now we go to http://<ip>:8080
and put in the inital AdminPassword
.
sudo cat /var/lib/jenkins/secrets/initialAdminPassword
Wonderful, now lets get nginx
infront of it so we can connect to a webserver instead of the
java
application directly.
nginx forwarding for Jenkins
If you google for nginx jenkins
you come directly to the Jenkins Wiki. It’s not wrong, it’s just more informatin then we need
right now.
Lets first install ngnix
.
sudo dnf install -y nginx
Next, start the service and get the firewalld
in a good happy place:
sudo systemctl enable nginx
sudo systemctl start nginx
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload
You should be able to hit http://<ip>
and see the nginx website.
Next, I disabled SELinux. I converted it from enforcing to disabled and reboot my machine.
Now, let’s configure the meat of this blog post, lets get some self signed certs going:
sudo mkdir /etc/ssl/private
sudo chmod 700 /etc/ssl/private
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt # answer the prompts here :)
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Now you need to wire the nginx and jenkins together. If you are just going to do https
the following
file that you can put in /etc/nginx/conf.d/jenkins.conf
.
NOTE: You’ll need to change .domain.tld
to whatever your domain is.
upstream jenkins {
server 127.0.0.1:8080 fail_timeout=0;
}
server {
listen 80;
server_name jenkins.domain.tld;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name jenkins.domain.tld;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// https://;
proxy_pass http://jenkins;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off; # Required for HTTP-based CLI to work over SSL
# workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
add_header 'X-SSH-Endpoint' 'jenkins.domain.tld:50022' always;
}
}
After adding this to the file, restart nginx
and you should find yourself
hosting your jenkins instance at https://jenkins.domain.tld
.
sudo systemctl restart nginx