{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Bombasti 的问题《Enable HTTPS in jenkins?》','https://www.manongdao.com/q-1203754.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have a private network with a local IP. I want to Enable HTTPS for my Jenkins server which is static IP W.X.Y.Z:8080.
Jenkins version 2.9
java version "1.7.0_111"
OpenJDK Runtime Environment (IcedTea 2.6.7) (7u111-2.6.7-0ubuntu0.14.04.3)
OpenJDK 64-Bit Server VM (build 24.111-b01, mixed mode)
I have tried configuring in /etc/defaults/jenkins file the following arguments
HTTP_PORT=-1
JENKINS_ARGS="--webroot=/var/cache/$NAME/war -DsessionTimeout=1 --httpPort=$HTTP_PORT --httpsPort=8081"
But I get the following errors. Please help
Running from: /usr/share/jenkins/jenkins.war
webroot: $user.home/.jenkins
Oct 19, 2016 2:18:48 PM org.eclipse.jetty.util.log.JavaUtilLog info
INFO: Logging initialized @811ms
Oct 19, 2016 2:18:48 PM winstone.Logger logInternal
INFO: Beginning extraction from war file
Oct 19, 2016 2:18:48 PM org.eclipse.jetty.util.log.JavaUtilLog warn
WARNING: Empty contextPath
Using one-time self-signed certificate
Oct 19, 2016 2:18:48 PM winstone.Logger logInternal
INFO: Winstone shutdown successfully
Oct 19, 2016 2:18:48 PM winstone.Logger logInternal
SEVERE: Container startup failed
java.io.IOException: Failed to start a listener
winstone.HttpsConnectorFactory
at winstone.Launcher.spawnListener(Launcher.java:207)
at winstone.Launcher.<init>(Launcher.java:149)
at winstone.Launcher.main(Launcher.java:352)`enter code here`
at sun.reflect.NativeMethodAccessorImpl.invoke0
I found similar issues resolved here but it didn't work for me
EDIT1: The following changes have been tried in /etc/defaults/jenkins file and restarted jenkins but it didn't work for me.
HTTP_PORT=-1
JENKINS_ARGS="--webroot=/var/cache/$NAME/war -DsessionTimeout=1 --httpPort=$HTTP_PORT --httpsPort=8443 --httpsCertificate=cert.pem --httpsPrivateKey=key.pem
This is quite interesting. If you have your new instance of jenkins which is a copy of your old jenkins instance. Copy the cacerts which will be located at D:\Jenkins\jre\lib\security (Sample directory structure) to the jre/secrets folder of your existing new jenkins instance. In jenkins.xml change the arguments accordingly. Here is the sample -Xrs -Xmx256m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -jar "%BASE%\jenkins.war" --httpPort=-1 --httpsPort=8443 --httpsKeyStore="%BASE%\secrets\keystore" --httpsKeyStorePassword=your.password.here
You'll need to pass a parameter for the keystore or .pem file of the private key
https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins
(If you have a valid certificate and you do not want to enable HTTPs for your Jenkins but still want an SSL enable traffic then here is another way.)
In my case, I put Jenkins behind my Nginx webserver.
So here are the steps which I follow:
1.) I have installed Nginx server. (sudo apt-get install nginx)
2.) Copy the cert files in that machine. (Files are: .crt and .key )
3.) Changed the nginx configuration in /etc/nginx/sites-available/default file.
like
4.) Follow the steps mentioned here: https://wiki.jenkins.io/display/JENKINS/Running+Jenkins+behind+Nginx
5.) And everything works like a charm...
By doing these steps the request flow will be like this:
1.) Request goes to Nginx web server.
2.) Where there is a reverse proxy which redirects the traffic to the localhost:8080 (or custom IP: port) (where Jenkins is running.)
3.) Jenkins will serve the request and gives the response to the Nginx
4.) Nginx will return the response.
Note: You can do the same with Apache, HAProxy and squid.
(Ref: https://wiki.jenkins.io/pages/viewpage.action?pageId=135468777 , https://wiki.jenkins.io/display/JENKINS/Running+Jenkins+behind+Nginx )
Edit: One more link: https://wiki.jenkins.io/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy
You can enable Jenkin via HTTPS with following steps,
Step1: Create Certificate using java
Step2: Export p12 Public Certificate from key-store file
Step3: Host Jenkins using key-store (JKS) file
Step4: Import the Certificate into Browser
You may have question like why we have exported p12 certificate...well, this certificate we are going to import into our browser where we access Jenkins. The same p12 certificate can be shared between multiple users. For example in Chrome go to Setting>Search - "Manage Certificate" and click on "Manage Certificate" you will get an "Certificate" window. Import the certificate into each tab (Personnel, Other People, Intermediate Certificate Authorities, Trusted Root Certification Authorities, Trusted Pubilshers and Untrusted Publishers).