How to Setup Jenkins with SSL with Apache Reverse Proxy on Ubuntu 18.04. By default Jenkins listens on port 8080 with it’s in-built web server. But it is necessary to secure Jenkins with SSL for protecting the sensitive data.
In this tutorial you are going to learn how to setup Apache as a reverse proxy to Jenkins on Ubuntu 18.04 on Google Cloud.
This setup is tested on Google Cloud and it will pretty run the same on any Linux distributions.
Prerequisites
- A running Compute Engine, see the Setting up Compute Engine Instance with Ubuntu 18.04
- Initial Ubuntu Server Set up.
- Jenkins installed with the steps listed on How to install Jenkins on Ubuntu 18.04
- DNS setup with the steps listed in Setting up Google Cloud DNS for your domain
Install Apache
Install Apache with the following command.
sudo apt install apache2
This command will install Apache on your VM instance.
Setup Firewall
Once Apache is installed you can configure firewall, Apache registers itself with ufw. So, you can allow the necessary ports and enable ufw.
sudo ufw allow OpenSSH sudo ufw allow 'Apache Full'
Make sure you have added rules for SSH port 22, if you haven’t done this you cannot access the SSH. Once you have verified you can enable UFW.
sudo ufw enable
Configure Apache for Jenkins
Enable Apache modules.
a2enmod proxy a2enmod proxy_http a2enmod headers
Now it’s time to configure Apache as a reverse proxy for Jenkins.
Remove the default Apache configuration.
sudo a2dissite 000-default
Create a new configuration for Jenkins.
sudo nano /etc/apache2/sites-available/jenkins.conf
Configuration for Jenkins on Subdomain
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName jenkins.yourdomainname.com
ServerAlias jenkins.yourdomainnamecom
<Proxy http://127.0.0.1:8080/>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:8080/ nocanon
ProxyPassReverse / http://127.0.0.1:8080/
ProxyPassReverse / http://jenkins.yourdomainname.com/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Paste this new configuration setting and hit Ctrl+X followed by Y to save the file.
Configuration for Jenkins on Sub-directory
Paste this new configuration setting and hit Ctrl+X followed by Y to save the file.
<Virtualhost *:80>
ServerName yourdomainname.com
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Proxy http://127.0.0.1:8080/jenkins*>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /jenkins http://127.0.0.1:8080/jenkins nocanon
ProxyPassReverse /jenkins http://127.0.0.1:8080/jenkins
ProxyPassReverse /jenkins http://35.244.93.246/jenkins
</Virtualhost>
Hit Ctrl + X followed by Y and Enter to save and exit the file.
Enable the configuration.
sudo a2ensite jenkins.conf
Configure Jenkins for Apache
In order to Jenkins work with Apache you need to make Jenkins to listen on localhost
sudo nano /etc/default/jenkins
Find the JENKINS_ARGS line and add --httpListenAddress=127.0.0.1 to the existing arguments.
So, the line will look similar to the one below.
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1"
For sub-directory configuration you need to add additional argument with the directory name with --prefix
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1 --prefix=/jenkins"
Save and exit the file. Finally restart Jenkins.
sudo systemctl restart jenkins
Check the configuration and restart Apache.
sudo apachectl configtest sudo service apache2 restart
Now Apache is setup as a reverse proxy for Jenkins.
Install Free Let’s Encrypt SSL Certificate
sudo add-apt-repository ppa:certbot/certbot sudo apt update sudo apt install python-certbot-apache
sudo certbot --apache -m your-email -d yourdomainname.com -d www.yourdomainname.com
That’s all now you can visit your domain name in your web browser. You can see your Jenkins login page with HTTPS.
Conclusion
In this tutorial you have installed Apache, configured UFW, setup new reverse proxy configuration for Jenkins and installed SSL and configured Jenkins for Apache.
