Howto setup nginx+Jenkins+SSL+SSH on EC2 ubuntu
Task: Setup Jenkins on EC2 Ubuntu
Implementation steps:
Update Ubuntu and install nginx:
sudo apt update
sudo apt upgrade
sudo apt install nginx
Remove default nginx site configuration:
sudo rm -rf /etc/nginx/sites-available/default sudo rm -rf /etc/nginx/sites-enabled/default
Add new file for your jenkins subdomain and put next content:
sudo nano /etc/nginx/sites-available/jenkins.yourdomain.conf
server { listen [::]:80; listen 80; server_name jenkins.yourdomain.com; location / { proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8080; proxy_read_timeout 90; proxy_redirect http://127.0.0.1:8080 https://jenkins.yourdomain.com; proxy_http_version 1.1; proxy_request_buffering off; add_header 'X-SSH-Endpoint' 'jenkins.yourdomain.com:50022' always; } }
Create symlink to your configuration file:
sudo ln -s /etc/nginx/sites-available/jenkins.yourdomain.conf /etc/nginx/sites-enabled/jenkins.yourdomain.conf
Setup jdk and jenkins:
sudo wget -q -O - https://pkg.jenkins.io/debian/jenkins.io.key | sudo apt-key add - sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list' sudo apt update sudo apt-get install openjdk-8-jdk sudo apt install jenkins sudo systemctl start jenkins
Modify jenkins start file:
sudo nano /etc/default/jenkins
Find the JENKINS_ARGS line and add --httpListenAddress=127.0.0.1 to the existing arguments.
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1"
Install certbot for https access:
sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install python-certbot-nginx sudo certbot --nginx certonly
Modify your subdomain config file to use SSL:
sudo nano /etc/nginx/sites-available/jenkins.yourdomain.conf
server { listen [::]:80; listen 80; server_name jenkins.yourdomain.com; return 301 https://jenkins.yourdomain.com$request_uri; } server { listen [::]:443 ssl; listen 443 ssl; server_name jenkins.yourdomain.com; ssl_certificate /etc/letsencrypt/live/jenkins.yourdomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/jenkins.yourdomain.com/privkey.pem; location / { proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8080; proxy_read_timeout 90; proxy_redirect http://127.0.0.1:8080 https://jenkins.yourdomain.com; proxy_http_version 1.1; proxy_request_buffering off; add_header 'X-SSH-Endpoint' 'jenkins.yourdomain.com:50022' always; } }
Restart nginx:
sudo service nginx restart
Add auto update certificate by cronjob:
sudo crontab -e 0 0,12 * * * certbot renew >/dev/null 2>&1
Result link: https://jenkins.yourdomain.com
Add SSH key to jenkins user to work with another instances:
sudo su jenkins ssh-keygen
Result id_rsa and id_rsa.pub location: /var/lib/jenkins/.ssh/…
Done.