Light

hughperkins / howto-jenkins-ssl Goto Github PK

View Code? Open in Web Editor NEW

107.0 9.0 38.0 15 KB

quick how to on activating ssl on jenkins, so I can find it easily

License: Mozilla Public License 2.0

howto-jenkins-ssl's Introduction

howto-jenkins-ssl

quick how to on activating ssl on jenkins, so I can find it easily

New! Alternative procedure, using Lets Encrypt certificate, available now. See letsencrypt.md.

given:

your website is at jenkins.myweb.com
have openssl installed

generate key

openssl genrsa -out key.pem  # creates key.pem

openssl req -new -key key.pem -out csr.pem
# you need to put the dns name of your website, testweb.local
# for the 'Common Name' question
# other questions, you can just accept defaults
# actually, you can accept defaults for all, will work ok too

openssl x509 -req -days 9999 -in csr.pem -signkey key.pem -out cert.pem
rm csr.pem

start jenkins

if you want both https and http:

java -jar jenkins.war --httpsPort=8443 --httpsCertificate=cert.pem --httpsPrivateKey=key.pem

if you want https only, dont open http port:

java -jar jenkins.war --httpsPort=8443 --httpsCertificate=cert.pem --httpsPrivateKey=key.pem --httpPort=-1

starting a slave

Convert the cert.pem to cert.der:

 openssl x509 -outform der -in cert.pem -out cert.der

create keystore, containing this cert:

keytool -import -alias testweb.local -keystore cacerts -file cert.der
# reply trust certificate=yes
# put keystore password of 'changeit', or make your own password

transfer this file to the slave computer somehow (eg via /var/www/html, and download from slave)
launch slave
- as for normal slave launch, but add `-Djavax.net.trustStore=cacerts

java -Djavax.net.ssl.trustStore=cacerts -jar slave.jar -jnlpUrl https://jenkins.myweb.com:8443/computer/testnode/slave-agent.jnlp

=> will work ok :-)

howto-jenkins-ssl's People

Contributors

Stargazers

Watchers

howto-jenkins-ssl's Issues

error: E: Unable to locate package git

Getting this error:
~/howto-jenkins-ssl/docker$ sudo docker build -t letsencrypt .
Sending build context to Docker daemon 2.048 kB
Step 1 : FROM ubuntu:14.04
14.04: Pulling from library/ubuntu
6c953ac5d795: Pull complete
3eed5ff20a90: Pull complete
f8419ea7c1b5: Pull complete
51900bc9e720: Pull complete
a3ed95caeb02: Pull complete
Digest: sha256:97421885f3da3b23f52eeddcaa9f8f91172a8ac3cd5d3cd40b51c7aad09f66cc
Status: Downloaded newer image for ubuntu:14.04
---> 8f1bd21bd25c
Step 2 : RUN apt-get install -y git bash-completion dnsutils nginx telnet lsof
---> Running in e228a7b3392e
Reading package lists...
Building dependency tree...
Reading state information...
Package bash-completion is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
However the following packages replace it:
bash
E: Unable to locate package git
E: Package 'bash-completion' has no installation candidate
E: Unable to locate package dnsutils
E: Unable to locate package nginx
E: Unable to locate package telnet
E: Unable to locate package lsof
The command '/bin/sh -c apt-get install -y git bash-completion dnsutils nginx telnet lsof' returned a non-zero code: 100

Docs update

Hi, just to improve what you have already written, the command must include the password to the trust store and full path to the keystore. I updated jenkins_slave.xml with the following line:

<arguments>-Xrs -Djavax.net.ssl.trustStorePassword=jenkins -Djavax.net.ssl.trustStore=C:\jenkins\jenkins -jar "%BASE%\slave.jar" -jnlpUrl https://jenkins/computer/windows-slave/slave-agent.jnlp -secret d9347aed6f261a55822ecb6992ca717asdasd8a8s7da8s7d536bffdc64440fe</arguments>

The last thing I had trouble with was that keystore file wasn't accessible for Jenkins slave, so I had to copy it to the Jenkins slave folder.

Blog?

Hi,

You know, Github has ability to host simple webpages: https://pages.github.com/

Instead of creating repo for each code snippet, you could make a special repo for this and use GH Pages...

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs