-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathjenkins_installation_ssl.html
More file actions
388 lines (276 loc) · 17.6 KB
/
jenkins_installation_ssl.html
File metadata and controls
388 lines (276 loc) · 17.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
<!DOCTYPE html>
<html>
<head>
<!-- Document Settings -->
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<!-- Page Meta -->
<title>How to deploy Jenkins with SSL</title>
<meta name="description" content="A beautiful narrative written over an elegant publishing platform. The story begins here..." />
<!-- Mobile Meta -->
<meta name="HandheldFriendly" content="True" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<!-- Brand icon -->
<link rel="shortcut icon" href="/assets/images/favicon.ico" >
<!-- Styles'n'Scripts -->
<link rel="stylesheet" type="text/css" href="/assets/css/screen.css" />
<link rel="stylesheet" type="text/css" href="//fonts.googleapis.com/css?family=Merriweather:300,700,700italic,300italic|Open+Sans:700,400" />
<link rel="stylesheet" type="text/css" href="/assets/css/syntax.css" />
<!-- highlight.js -->
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/default.min.css">
<style>.hljs { background: none; }</style>
<!-- Ghost outputs important style and meta data with this tag -->
<link rel="canonical" href="http://localhost:4000//jenkins_installation_ssl" />
<meta name="referrer" content="origin" />
<link rel="next" href="/page2/" />
<meta property="og:site_name" content="Curiosity is the most powerful thing you own" />
<meta property="og:type" content="website" />
<meta property="og:title" content="How to deploy Jenkins with SSL" />
<meta property="og:description" content="A beautiful narrative written over an elegant publishing platform. The story begins here..." />
<meta property="og:url" content="http://localhost:4000//jenkins_installation_ssl" />
<meta property="og:image" content="/assets/images/jenkins/jenkins.png" />
<meta name="twitter:card" content="summary_large_image" />
<meta name="twitter:title" content="How to deploy Jenkins with SSL" />
<meta name="twitter:description" content="A beautiful narrative written over an elegant publishing platform. The story begins here..." />
<meta name="twitter:url" content="http://localhost:4000//jenkins_installation_ssl" />
<meta name="twitter:image:src" content="/assets/images/jenkins/jenkins.png" />
<script type="application/ld+json">
{
"@context": "http://schema.org",
"@type": "Website",
"publisher": "Curiosity is the most powerful thing you own",
"name": "How to deploy Jenkins with SSL",
"url": "http://localhost:4000//jenkins_installation_ssl",
"image": "/assets/images/jenkins/jenkins.png",
"description": "A beautiful narrative written over an elegant publishing platform. The story begins here..."
}
</script>
<meta name="generator" content="Jekyll 3.0.0" />
<link rel="alternate" type="application/rss+xml" title="Curiosity is the most powerful thing you own" href="/feed.xml" />
</head>
<body class="home-template nav-closed">
<!-- The blog navigation links -->
<div class="nav">
<h3 class="nav-title">Menu</h3>
<a href="#" class="nav-close">
<span class="hidden">Close</span>
</a>
<ul>
<li class="nav-home " role="presentation"><a href="/">Home</a></li>
<li class="nav-about " role="presentation"><a href="/about">About</a></li>
<li class="nav-databases " role="presentation"><a href="/tag/databases">Databases</a></li>
<li class="nav-devops " role="presentation"><a href="/tag/devops">DevOps</a></li>
<li class="nav-fiction " role="presentation"><a href="/tag/fiction">Fiction</a></li>
<li class="nav-author " role="presentation"><a href="/tag/mlops">MLOps</a></li>
<li class="nav-travel " role="presentation"><a href="/tag/travel">Travel</a></li>
<li class="nav-resume " role="presentation"><a href="/resume">Resume</a></li>
<li class="nav-photography " role="presentation"><a href="/tag/photography">Photography</a></li>
<li class="nav-author " role="presentation"><a href="/author">Author</a></li>
</ul>
<a class="subscribe-button icon-feed" href="/feed.xml">Subscribe</a>
</div>
<span class="nav-cover"></span>
<div class="site-wrapper">
<!-- All the main content gets inserted here, index.hbs, post.hbs, etc -->
<!-- default -->
<!-- The comment above "< default" means - insert everything in this file into -->
<!-- the [body] of the default.hbs template, which contains our header/footer. -->
<!-- Everything inside the #post tags pulls data from the post -->
<!-- #post -->
<header class="main-header post-head " style="background-image: url(/assets/images/jenkins/jenkins.png) ">
<nav class="main-nav overlay clearfix">
<a class="blog-logo" href="/"><img src="/assets/images/utilities/home_icon.png" alt="Blog Logo" /></a>
<a class="menu-button icon-menu" href="#"><span class="word">Menu</span></a>
</nav>
</header>
<main class="content" role="main">
<article class="post tag-tutorials">
<header class="post-header">
<h1 class="post-title">How to deploy Jenkins with SSL</h1>
<section class="post-meta">
<!-- <a href='/'></a> -->
<a href='/author/hellodk'>Deepak Gupta</a>
<time class="post-date" datetime="2023-03-14">14 Mar 2023</time>
<!-- [[tags prefix=" on "]] -->
on
<a href='/tag/tutorials'>Tutorials</a>,
<a href='/tag/jenkins'>Jenkins</a>,
<a href='/tag/ssl'>Ssl</a>,
<a href='/tag/security'>Security</a>,
<a href='/tag/2023'>2023</a>,
<a href='/tag/year'>Year</a>,
<a href='/tag/hellodk'>Hellodk</a>
</section>
</header>
<section class="post-content">
<p>It has been quiet sometime since I got my hands dirty, so here we go today!! Recently we had a use-case where we needed to setup a Jenkins server on a public network for some POC and we as DevOps could not bear the fact that the traffic exiting from our network is in plain text. Hence we wanted to do something about it and we would like to share our view point on how did we achieved this goal.</p>
<h5 id="for-successfully-testing-this-we-have-the-below-pre-requisites">For successfully testing this, we have the below pre-requisites:</h5>
<ul>
<li>Operating system: Ubuntu 20.04</li>
<li>Administrator or sudo access to the server</li>
<li>Open Internet connectivity to ensure package installation go through</li>
</ul>
<h5 id="a-high-level-set-of-the-steps-involved-will-be">A high level set of the steps involved will be:</h5>
<ul>
<li>Generation of ssh keys followed by the verification of the generated files</li>
<li>Updating the apt cache</li>
<li>Installing the required packages</li>
<li>Validating the Jenkins process is running and enabled in systemd</li>
<li>Creating public and private SSL keys using openssl tool</li>
<li>Getting started with the Jenkins UI and plugins installations</li>
</ul>
<h5 id="install-jenkins">Install Jenkins</h5>
<p>Follow the below steps to install Jenkins on your server</p>
<ul>
<li>Generate SSH keys
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssh-keygen
</code></pre></div> </div>
</li>
<li>Verify the generated key files
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ls -ltr ~/.ssh
</code></pre></div> </div>
<p><img src="assets/images/jenkins/jenkins_ssh_keys_verification.png" alt="" title="ssh keys verification" /></p>
</li>
<li>Now that the ssh keys have been validated we can go ahead and install Jenkins alons with it’s dependencies using the below commands
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo apt-key add -
sudo apt-add-repository "deb https://pkg.jenkins.io/debian-stable binary/"
sudo apt-get update -y
sudo apt install git vim telnet curl wget tree default-jdk jenkins openssl nginx -y
systemctl status jenkins
</code></pre></div> </div>
</li>
<li>
<p>Verify the Jenkins Installation by going to the browser on port 8080
<img src="assets/images/jenkins/jenkins_verify_installation.png" alt="" title="Jenkins Installation verification" /></p>
</li>
<li>Create the private and public ssl keys using the openssl tool
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem
</code></pre></div> </div>
<p><img src="assets/images/jenkins/jenkins_open_ssl.png" alt="" title="open ssl certificate creation" /></p>
</li>
<li>Convert the generated keys into a .p12 keystore, it will ask for a password. For the sake of convenience I will be setting them as Jenkins123
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>openssl pkcs12 -inkey key.pem -in cert.pem -export -out cert.p12
</code></pre></div> </div>
<p><img src="assets/images/jenkins/jenkins_pkcs12.png" alt="" title="jenkins pkcs12" /></p>
</li>
<li>Importing the .p12 using the keytool utility to a destination keystore with the name jenkins.jks with the destination store type as JKS
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>keytool -importkeystore -srckeystore ./cert.p12 -srcstoretype pkcs12 -destkeystore jenkins.jks -deststoretype JKS
</code></pre></div> </div>
</li>
<li>Copy the jenkins.jks to a location which is accessible by the Jenkins process and also change the owner and group of the file ot jenkins
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo cp jenkins.jks /var/lib/jenkins/
sudo chown jenkins:jenkins /var/lib/jenkins/jenkins.jks
</code></pre></div> </div>
</li>
<li>Edit the Jenkins systemd file
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo vim /usr/lib/systemd/system/jenkins.service
</code></pre></div> </div>
</li>
<li>And add the below 3 lines as shown in the image
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Environment="JENKINS_HTTPS_PORT=8443"
Environment="JENKINS_HTTPS_KEYSTORE=/var/lib/jenkins/jenkins.jks"
Environment="JENKINS_HTTPS_KEYSTORE_PASSWORD=Jenkins123"
</code></pre></div> </div>
<p><img src="assets/images/jenkins/jenkins_service_file.png" alt="" title="jenkins service file" /></p>
</li>
<li>Reload the systemctl daemon as there has been a change in the service file
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo systemctl daemon-reload
</code></pre></div> </div>
</li>
<li>Restart the Jenkins process
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo systemctl restart jenkins
</code></pre></div> </div>
</li>
<li>Check the status of the Jenkins process
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo systemctl status jenkins
</code></pre></div> </div>
</li>
<li>Verify if the Jenkins process is running on https. We will see the app running on port 8443 as well
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>netstat -ntplau | grep -i java
</code></pre></div> </div>
</li>
</ul>
<p>This ensures Jenkins runs on SSL, now we would need to setup a reverse proxy using nginx to serve the traffic.</p>
</section>
<footer class="post-footer">
<!-- Everything inside the #author tags pulls data from the author -->
<!-- #author-->
<figure class="author-image">
<a class="img" href="/author/hellodk" style="background-image: url(/assets/images/dk_profile.jpg)"><span class="hidden">hellodk's Picture</span></a>
</figure>
<section class="author">
<h4><a href="/author/hellodk">Deepak Gupta</a></h4>
<p> A full time technologist cum foodieeeeeee... I spend most of my time playing with open source tools and technologies. I prefer hanging out most of the time, and have been a taveller since ages, besides being a biker at heart I do love to practice photography in my liesure.</p>
<div class="author-meta">
<span class="author-location icon-location"> Bangalore, India</span>
<span class="author-link icon-link"><a href="https://www.linkedin.com/in/hellodk/"> linkedin.com/in/hellodk/</a></span>
</div>
</section>
<!-- /author -->
<section class="share">
<h4>Share this post</h4>
<a class="icon-twitter" href="http://twitter.com/share?text=How to deploy Jenkins with SSL&url=http://localhost:4000jenkins_installation_ssl"
onclick="window.open(this.href, 'twitter-share', 'width=550,height=235');return false;">
<span class="hidden">Twitter</span>
</a>
<a class="icon-facebook" href="https://www.facebook.com/sharer/sharer.php?u=http://localhost:4000jenkins_installation_ssl"
onclick="window.open(this.href, 'facebook-share','width=580,height=296');return false;">
<span class="hidden">Facebook</span>
</a>
<a class="icon-google-plus" href="https://plus.google.com/share?url=http://localhost:4000jenkins_installation_ssl"
onclick="window.open(this.href, 'google-plus-share', 'width=490,height=530');return false;">
<span class="hidden">Google+</span>
</a>
</section>
<!-- Add Disqus Comments -->
</footer>
</article>
</main>
<aside class="read-next">
<!-- [[! next_post ]] -->
<a class="read-next-story " style="background-image: url(/assets/images/jenkins/jenkins.png)" href="/mobile_ci_cd">
<section class="post">
<h2>How to achieve CI CD on Mobile Applications</h2>
<p>##### Let's take a stroll over the different terminologies we may come across during our...</p>
</section>
</a>
<!-- [[! /next_post ]] -->
<!-- [[! prev_post ]] -->
<a class="read-next-story prev no-cover" href="/sublime-upgrade">
<section class="post">
<h2>Upgrading Sublime Text</h2>
<p>Upgrade your Sublime Text with the below steps Environment Details OS Ubuntu-20.04 From the Sublime...</p>
</section>
</a>
<!-- [[! /prev_post ]] -->
</aside>
<!-- /post -->
<!-- The tiny footer at the very bottom -->
<footer class="site-footer clearfix">
<section class="copyright"><a href="/">Curiosity is the most powerful thing you own</a> © 2023</section>
<section class="poweredby">Published by <a href="https://thecylon.org">theCylon.org</a></section>
</footer>
</div>
<!-- highlight.js -->
<script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/highlight.min.js"></script>
<script>hljs.initHighlightingOnLoad();</script>
<!-- jQuery needs to come before `` so that jQuery can be used in code injection -->
<script type="text/javascript" src="//code.jquery.com/jquery-1.12.0.min.js"></script>
<!-- Ghost outputs important scripts and data with this tag -->
<!-- -->
<!-- Add Google Analytics -->
<!-- Google Analytics Tracking code -->
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-84547172-1', 'auto');
ga('send', 'pageview');
</script>
<!-- Fitvids makes video embeds responsive and awesome -->
<script type="text/javascript" src="/assets/js/jquery.fitvids.js"></script>
<!-- The main JavaScript file for Casper -->
<script type="text/javascript" src="/assets/js/index.js"></script>
</body>
</html>