Configure Jenkins

Configure Nginx

server {
    listen 80;

    server_name ci.example.com;
    return 301 https://$host$request_uri;
}

server {

    listen 443;
    server_name ci.example.com;

    location / {

        proxy_set_header        Host $host:$server_port;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        # Fix the "It appears that your reverse proxy set up is broken" error.
        proxy_pass          http://127.0.0.1:8080;
        proxy_read_timeout  90;

        proxy_redirect      http://127.0.0.1:8080 https://ci.example.com;

        # Required for new HTTP-based CLI
        proxy_http_version 1.1;
        proxy_request_buffering off;
        # workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
        add_header 'X-SSH-Endpoint' 'ci.example.com:50022' always;
    }
}

Setup firewall

Disable direct access through port 8080 with iptables

# run as root
iptables -A INPUT -p tcp --dport 8080 -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j DROP

This means that jenkins will be available on url https://ci.example.com but not for http://ci.example.com:8080

results matching ""

    No results matching ""