Compute Engine Google Cloud

How to Install Jenkins on Ubuntu 20.04 with Nginx and SSL

How to Install Jenkins on Ubuntu 20.04 with Nginx and SSL. Jenkins is a Java based software which can be installed from the Ubuntu packages. Jenkins is mainly used for Continues Integration and Continuous Deployment (CI CD).

In this tutorial you are going to learn how to install Jenkins and configure Nginx as a reverse proxy to Jenkins and install free Let’s Encrypt SSL on Ubuntu 20.04.

This setup is tested on Google Cloud and it will run the same on any cloud services like AWS or Azure or any VPS or Dedicated servers running Ubuntu 20.04.

Choose Best Hosting for your Business

PlatformReviewsPricing
Siteground★★★★★$3.95
Kinsta – Google Cloud★★★★★$30

Prerequisites

Once you have all the prerequisites completed you can proceed to install Jenkins.

Install Jenkins

To install the latest version of Jenkins you need to first add the repository key to the system.

wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo apt-key add -

Next, add the repository address to the sources list.

sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'

Now you can update the packages to use the added new repository and install Jenkins.

sudo apt update
sudo apt install jenkins

Once the installation is complete you can start Jenkins using the following command.

sudo service jenkins start

To verify the status you can use the following command.

sudo service jenkins status
Output 
● jenkins.service - LSB: Start Jenkins at boot time
     Loaded: loaded (/etc/init.d/jenkins; generated)
     Active: active (exited) since Thu 2020-07-07 15:45:37 UTC; 42s ago
       Docs: man:systemd-sysv-generator(8)
      Tasks: 0 (limit: 1997)
     CGroup: /system.slice/jenkins.service 

This output states that Jenkins is running successfully.

Install Nginx

Install Nginx with the following command.

sudo apt install nginx

This command will install Nginx on your VM instance.

Setup Firewall

Once Nginx is installed you can configure firewall, Nginx registers itself with ufw. So, you can allow the necessary ports and enable ufw.

sudo ufw allow OpenSSH
sudo ufw allow 'Nginx Full'

Make sure you have added rules for SSH port 22, if you haven’t done this you cannot access the SSH. Once you have verified you can enable UFW.

sudo ufw enable

Configure Nginx for Jenkins

Now it’s time to configure Nginx as a reverse proxy for Jenkins on a subdomain.

Remove the default Nginx configuration.

sudo rm -rf /etc/nginx/sites-available/default
sudo rm -rf /etc/nginx/sites-enabled/default

Create a new configuration for Jenkins

sudo nano /etc/nginx/sites-available/jenkins.yourdomainname.com

Configuration for Jenkins on Subdomain

 server {
    listen [::]:80;
    listen 80;

    server_name jenkins.yourdomainname.com;

    location / {
        proxy_set_header        Host $host:$server_port;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        proxy_pass          http://127.0.0.1:8080;
        proxy_read_timeout  90;

        proxy_redirect      http://127.0.0.1:8080 https://jenkins.yourdomainname.com;

        proxy_http_version 1.1;
        proxy_request_buffering off;
        add_header 'X-SSH-Endpoint' 'jenkins.yourdomainname.com:50022' always;
    } 
}

Paste this new configuration setting and hit Ctrl+X followed by Y to save the file.

Configuration for Jenkins on Sub-directory

Paste this new configuration setting and hit Ctrl+X followed by Y to save the file.

 server {
    listen [::]:80;
    listen 80;

    server_name yourdomainname.com;

    location ^~ /jenkins/ {
        proxy_pass http://127.0.0.1:8080/jenkins/;
        sendfile off;

        proxy_set_header   Host             $host:$server_port;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_max_temp_file_size 0;

        client_max_body_size       10m;
        client_body_buffer_size    128k;

        proxy_connect_timeout      90;
        proxy_send_timeout         90;
        proxy_read_timeout         90;
        proxy_temp_file_write_size 64k;

        proxy_http_version 1.1;
        proxy_request_buffering off;
        proxy_buffering off;
    } 
}

Hit Ctrl + X followed by Y and Enter to save and exit the file.

Enable the configuration.

sudo ln -s /etc/nginx/sites-available/jenkins.yourdomainname.conf /etc/nginx/sites-enabled/jenkins.yourdomainname.conf

Configure Jenkins for Nginx

In order to Jenkins work with Nignx you need to make Jenkins to listen on localhost

sudo nano /etc/default/jenkins

Find the JENKINS_ARGS line and add --httpListenAddress=127.0.0.1 to the existing arguments.

So, the line will look similar to the one below.

JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1"

For sub-directory configuration you need to add additional argument with the directory name with --prefix

JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1 --prefix=/jenkins"

Save and exit the file. Finally restart Jenkins.

sudo systemctl restart jenkins

Check the configuration and restart Nginx.

sudo nginx -t
sudo service nginx restart

Now Nginx is setup as a reverse proxy for Jenkins.

Install Free Let’s Encrypt SSL Certificate

HTTPS
HTTPS is a protocol for secure communication between a server (instance) and a client (web browser). Due to the introduction of Let’s Encrypt, which provides free SSL certificates, HTTPS are adopted by everyone and also provides trust to your audiences.

sudo apt-get install python3-certbot-nginx

Now we have installed Certbot by Let’s Encrypt for Ubuntu 20.04, run this command to receive your certificates.

sudo certbot --nginx certonly

Enter your email and agree to the terms and conditions, then you will receive the list of domains you need to generate SSL certificate.

To select all domains simply hit Enter

The Certbot client will automatically generate the new certificate for your domain. Now we need to update the Nginx config.

Configure SSL

Once the SSL is installed, you can configure it in your Nginx file.

sudo nano /etc/nginx/sites-available/yourdomainname.com
server {
     listen [::]:80;
     listen 80;

     server_name jenkins.yourdomainname.com;

     return 301 https://jenkins.yourdomainname.com$request_uri;
 }

 server {
     listen [::]:443 ssl;
     listen 443 ssl;

     server_name jenkins.yourdomainname.com;

     ssl_certificate /etc/letsencrypt/live/jenkins.yourdomainname.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/jenkins.yourdomainname.com/privkey.pem;

     location / {
         proxy_set_header        Host $host:$server_port;
         proxy_set_header        X-Real-IP $remote_addr;
         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header        X-Forwarded-Proto $scheme;
         proxy_pass          http://127.0.0.1:8080;
         proxy_read_timeout  90;
         proxy_redirect      http://127.0.0.1:8080 https://jenkins.yourdomainname.com;

         proxy_http_version 1.1;
         proxy_request_buffering off;
         add_header 'X-SSH-Endpoint' 'jenkins.yourdomainname.com:50022' always;
     } 
 }

Hit CTRL+X followed by Y to save the changes.

Check your configuration and restart Nginx for the changes to take effect.

sudo nginx -t
sudo service nginx restart

Renewing SSL Certificate

Certificates provided by Let’s Encrypt are valid for 90 days only, so you need to renew them often. Now you set up a cronjob to check for the certificate which is due to expire in next 30 days and renew it automatically.

sudo crontab -e

Add this line at the end of the file

0 0,12 * * * certbot renew >/dev/null 2>&1

Hit CTRL+X followed by Y to save the changes.

This cronjob will attempt to check for renewing the certificate twice daily.

That’s all now you can visit your domain name in your web browser. You can see your Jenkins setup page with HTTPS.

Set Up Jenkins

Now you can visit your domain name yo setup Jenkins.

You will see the Unlock screen where you need to type the password to unlock Jenkins.

Unlock Jenkins

Execute the following command to get the password.

sudo cat /var/lib/jenkins/secrets/initialAdminPassword

Copy the password and paste it in the Administrator password field to unlock and start the setup.

Customize Jenkins

Click Install suggested plugins option to start the installation immediately.

Jenkins getting started

Once the installation is complete you can create an admin user to login to the dashboard.

Create admin user

Finally you will see the Instance Configuration, you can use your domain name or IP address.

Click Save and Finish.

Once everything is complete click Start using Jenkins to visit the main Jenkins dashboard.

Gain a skill set to cultivate a Continuous Integration and Continuous Deployment capability now

Conclusion

In this tutorial you have learned how to install Jenkins and configure Nginx as a reverse proxy, and secured it with free Let’s Encrypt SSL.

Thanks for your time. If you face any problem or any feedback, please leave a comment below.

Cloudbooklet builds a large collection of Linux based guides and tutorials on Cloud platforms like Google Cloud, AWS, Azure, DigitalOcean and more

Write A Comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

If you find this helpful? Support me!
Buy me a coffee Donation Please buy me a coffee