Howto setup nginx+Jenkins+SSL+SSH on EC2 ubuntu

Task: Setup Jenkins on EC2 Ubuntu

Implementation steps:

Update Ubuntu and install nginx:

sudo apt update
sudo apt upgrade
sudo apt install nginx

Remove default nginx site configuration:

sudo rm -rf /etc/nginx/sites-available/default
sudo rm -rf /etc/nginx/sites-enabled/default

Add new file for your jenkins subdomain and put next content:

sudo nano /etc/nginx/sites-available/jenkins.yourdomain.conf

server {
    listen [::]:80;
    listen 80;
    server_name jenkins.yourdomain.com;
    location / { 
        proxy_set_header Host $host:$server_port; 
        proxy_set_header X-Real-IP $remote_addr; 
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
        proxy_set_header X-Forwarded-Proto $scheme; 
        proxy_pass http://127.0.0.1:8080; 
        proxy_read_timeout 90; 
        proxy_redirect http://127.0.0.1:8080 https://jenkins.yourdomain.com; 
        proxy_http_version 1.1; 
        proxy_request_buffering off; 
        add_header 'X-SSH-Endpoint' 'jenkins.yourdomain.com:50022' always; 
    }
}

Create symlink to your configuration file:

sudo ln -s /etc/nginx/sites-available/jenkins.yourdomain.conf /etc/nginx/sites-enabled/jenkins.yourdomain.conf

Setup jdk and jenkins:

sudo wget -q -O - https://pkg.jenkins.io/debian/jenkins.io.key | sudo apt-key add -
sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'
sudo apt update
sudo apt-get install openjdk-8-jdk
sudo apt install jenkins
sudo systemctl start jenkins

Modify jenkins start file:

sudo nano /etc/default/jenkins

Find the JENKINS_ARGS line and add --httpListenAddress=127.0.0.1 to the existing arguments.

JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1"

Install certbot for https access:

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
sudo certbot --nginx certonly

Modify your subdomain config file to use SSL:

sudo nano /etc/nginx/sites-available/jenkins.yourdomain.conf

server {
     listen [::]:80;
     listen 80;

     server_name jenkins.yourdomain.com;

     return 301 https://jenkins.yourdomain.com$request_uri;
}
server {
     listen [::]:443 ssl;
     listen 443 ssl;

     server_name jenkins.yourdomain.com;

     ssl_certificate /etc/letsencrypt/live/jenkins.yourdomain.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/jenkins.yourdomain.com/privkey.pem;

     location / {
         proxy_set_header        Host $host:$server_port;
         proxy_set_header        X-Real-IP $remote_addr;
         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header        X-Forwarded-Proto $scheme;
         proxy_pass          http://127.0.0.1:8080;
         proxy_read_timeout  90;
         proxy_redirect      http://127.0.0.1:8080 https://jenkins.yourdomain.com;

         proxy_http_version 1.1;
         proxy_request_buffering off;
         add_header 'X-SSH-Endpoint' 'jenkins.yourdomain.com:50022' always;
     } 
}

Restart nginx:

sudo service nginx restart

Add auto update certificate by cronjob:

sudo crontab -e
0 0,12 * * * certbot renew >/dev/null 2>&1

Result link: https://jenkins.yourdomain.com

Add SSH key to jenkins user to work with another instances:

sudo su jenkins
ssh-keygen

Result id_rsa and id_rsa.pub location: /var/lib/jenkins/.ssh/…

Done.