Linux

How to Install Jenkins on Ubuntu 20.04 with Nginx and SSL

How to Install Jenkins on Ubuntu 20.04 with Nginx and SSL

How to Install Jenkins on Ubuntu 20.04 with Nginx and SSL. Jenkins is a Java based software that can be installed from the Ubuntu package. Jenkins is mainly used for Continues Integration and Continuous Deployment (CI CD).

In this tutorial you will learn how to install Jenkins and configure Nginx as a reverse proxy to Jenkins and install the free Let’s Encrypt SSL on Ubuntu 20.04.

This setting is tested on Google Cloud and will run the same on cloud services such as AWS or Azure or VPS or special servers running Ubuntu 20.04.

After all the prerequisites are complete you can continue to install Jenkins.

Install Jenkins

To install the latest version of Jenkins, you must first add a key repository to the system.

wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo apt-key add -

Next, add the repository address to the source list.

sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'

Now you can update packages to use the new Jenkins repository and install.

sudo apt update
sudo apt install jenkins

After the installation is complete, you can start Jenkins using the following command.

sudo service jenkins start

To verify your status you can use the following command.

sudo service jenkins status
Output 
‚óŹ jenkins.service - LSB: Start Jenkins at boot time
     Loaded: loaded (/etc/init.d/jenkins; generated)
     Active: active (exited) since Thu 2020-07-07 15:45:37 UTC; 42s ago
       Docs: man:systemd-sysv-generator(8)
      Tasks: 0 (limit: 1997)
     CGroup: /system.slice/jenkins.service

This output states that Jenkins was successful.

Install Nginx

Install Nginx with the following command.

sudo apt install nginx

This command will install Nginx on your VM instance.

Firewall Settings

After Nginx is installed you can configure the firewall, Nginx registers itself with ufw. So, you can allow the required ports and enable ufw.

sudo ufw allow OpenSSH
sudo ufw allow 'Nginx Full'

Make sure you have added rules for SSH port 22, if you have not done this, you cannot access SSH. After you verify, you can activate UFW.

sudo ufw enable

Configure Nginx for Jenkins

Now it’s time to configure Nginx as a reverse proxy for Jenkins on subdomains.

Remove the default Nginx configuration.

sudo rm -rf /etc/nginx/sites-available/default
sudo rm -rf /etc/nginx/sites-enabled/default

Create a new configuration for Jenkins

sudo nano /etc/nginx/sites-available/jenkins.yourdomainname.com

Configuration for Jenkins in Subdomains

 server {
    listen [::]:80;
    listen 80;

    server_name jenkins.yourdomainname.com;

    location / {
        proxy_set_header        Host $host:$server_port;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        proxy_pass          http://127.0.0.1:8080;
        proxy_read_timeout  90;

        proxy_redirect      http://127.0.0.1:8080 https://jenkins.yourdomainname.com;

        proxy_http_version 1.1;
        proxy_request_buffering off;
        add_header 'X-SSH-Endpoint' 'jenkins.yourdomainname.com:50022' always;
    } 
}

Paste this new configuration setting and press Ctrl + X followed by Y to save the file.

Configuration for Jenkins in Sub-directory

Paste this new configuration setting and press Ctrl + X followed by Y to save the file.

server {
    listen [::]:80;
    listen 80;

    server_name yourdomainname.com;

    location ^~ /jenkins/ {
        proxy_pass http://127.0.0.1:8080/jenkins/;
        sendfile off;

        proxy_set_header   Host             $host:$server_port;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_max_temp_file_size 0;

        client_max_body_size       10m;
        client_body_buffer_size    128k;

        proxy_connect_timeout      90;
        proxy_send_timeout         90;
        proxy_read_timeout         90;
        proxy_temp_file_write_size 64k;

        proxy_http_version 1.1;
        proxy_request_buffering off;
        proxy_buffering off;
    } 
}

Press Ctrl + X followed by Y and Enter to save and exit the file.

Activate configuration.

sudo ln -s /etc/nginx/sites-available/jenkins.yourdomainname.conf /etc/nginx/sites-enabled/jenkins.yourdomainname.conf

Configure Jenkins for Nginx

For Jenkins to work with Nginx, you need to make Jenkins listen on localhost

sudo nano /etc/default/jenkins

Find the JENKINS_ARGS line and add –httpListenAddress = 127.0.0.1 to the existing argument.

So, the line will look similar to the one below.

JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1"

For sub-directory configuration you need to add additional arguments to the directory name with –prefix

JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1 --prefix=/jenkins"

Save and exit the file. Finally restart Jenkins.

sudo systemctl restart jenkins

Check the configuration and restart Nginx.

sudo nginx -t
sudo service nginx restart

Now Nginx is set as a reverse proxy for Jenkins.

Install Free Let’s Encrypt the SSL Certificate

HTTPS
HTTPS is a protocol for secure communication between servers (for example) and clients (web browsers). Due to the introduction of Mari Encryption, which provides free SSL certificates, HTTPS is adopted by everyone and also gives trust to your audience.

sudo apt-get install python3-certbot-nginx

Now that we have installed Certbot by Let’s Encrypt for Ubuntu 20.04, run this command to receive your certificate.

sudo certbot --nginx certonly

Enter your email and agree to the terms and conditions, then you will receive a list of domains that you need to generate an SSL certificate.

To select all domains, just press Enter

The Certbot client will automatically generate a new certificate for your domain. Now we need to update the Nginx configuration.

Configure SSL

After SSL is installed, you can configure it in your Nginx file.

sudo nano /etc/nginx/sites-available/yourdomainname.com
server {
     listen [::]:80;
     listen 80;

     server_name jenkins.yourdomainname.com;

     return 301 https://jenkins.yourdomainname.com$request_uri;
 }

 server {
     listen [::]:443 ssl;
     listen 443 ssl;

     server_name jenkins.yourdomainname.com;

     ssl_certificate /etc/letsencrypt/live/jenkins.yourdomainname.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/jenkins.yourdomainname.com/privkey.pem;

     location / {
         proxy_set_header        Host $host:$server_port;
         proxy_set_header        X-Real-IP $remote_addr;
         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header        X-Forwarded-Proto $scheme;
         proxy_pass          http://127.0.0.1:8080;
         proxy_read_timeout  90;
         proxy_redirect      http://127.0.0.1:8080 https://jenkins.yourdomainname.com;

         proxy_http_version 1.1;
         proxy_request_buffering off;
         add_header 'X-SSH-Endpoint' 'jenkins.yourdomainname.com:50022' always;
     } 
 }

Press CTRL + X followed by Y to save changes.

Check your configuration and restart Nginx for changes to take effect.

sudo nginx -t
sudo service nginx restart

SSL Certificate Extension

The certificate given by Mari Encryption is only valid for 90 days, so you must renew it frequently. Now you are setting up a cronjob to check certificates that will expire in the next 30 days and renew them automatically.

sudo crontab -e

Add this line to the end of the file

0 0,12 * * * certbot renew >/dev/null 2>&1

Press CTRL + X followed by Y to save changes.

This cronjob will try to check to renew the certificate twice a day.

That’s all now you can visit your domain name in your web browser. You can see the Jenkins settings page with HTTPS.

Set Jenkins

Now you can visit your domain name and set Jenkins.

You will see an Unlock screen where you need to type the password to unlock Jenkins.

1

Run the following command to get the password.

sudo cat /var/lib/jenkins/secrets/initialAdminPassword

Copy the password and paste it in the Administrator password field to unlock and start setup.

2

Click Install recommended plugin options to begin installation immediately.

3

After the installation is complete, you can create an admin user to enter the dashboard.

4

Finally you will see Instance Configuration, you can use your domain name or IP address.

Click Save and Finish.

After everything is done, click Start using Jenkins to visit the main Jenkins dashboard.

Conclusion

In this tutorial you have learned how to install Jenkins and configure Nginx as a reverse proxy, and secure it with the free Let’s Encrypt SSL.

Thank you for your time. If you encounter a problem or feedback, please leave a comment below.

Related posts

How to Manage Nginx Server Blocks on Ubuntu 20.04

Linux

How to Set Up an iSCSI Storage Server on Ubuntu 20.04 LTS

Linux

What is Fedora Linux?

InstallWorld

How to Install Ubuntu on a Raspberry Pi

Linux

How to Install Gitea on CentOS 8

Linux

How to Install Anaconda on Ubuntu 20.04

Linux

How to Install Docker Compose on Ubuntu 20.04

Linux

How to Find Active SSH Connections on Linux

Linux

How to Install an Atom Editor on Ubuntu 20.04

Linux