Created
April 18, 2014 01:12
-
-
Save dnozay/11019937 to your computer and use it in GitHub Desktop.
nginx jenkins webserver configuration.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# some of the steps were described here: | |
# https://wiki.jenkins-ci.org/display/JENKINS/Installing+Jenkins+on+Red+Hat+distributions | |
# install LTS package | |
wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo | |
rpm --import http://pkg.jenkins-ci.org/redhat-stable/jenkins-ci.org.key | |
yum install jenkins java-1.6.0-openjdk nginx | |
# check version | |
java -version | |
# make sure that it starts on boot | |
chkconfig jenkins on | |
chkconfig nginx on | |
service nginx start | |
service jenkins start |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/sysconfig/iptables | |
# tested on CentOS 6.4 | |
*filter | |
:INPUT ACCEPT [0:0] | |
:FORWARD ACCEPT [0:0] | |
:OUTPUT ACCEPT [7792:637980] | |
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
# nagios 5666 5667 | |
-A INPUT -p tcp -m multiport --dports 5666,5667 -j ACCEPT | |
-A INPUT -p icmp -j ACCEPT | |
-A INPUT -i lo -j ACCEPT | |
# http and https | |
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT | |
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT | |
# 49187 => http://stackoverflow.com/questions/17472291/jenkins-slave-port-number-for-firewall | |
-A INPUT -p tcp -m state --state NEW -m tcp --dport 49187 -j ACCEPT | |
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT | |
-A INPUT -j REJECT --reject-with icmp-host-prohibited | |
-A FORWARD -j REJECT --reject-with icmp-host-prohibited | |
COMMIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/sysconfig/jenkins | |
# change this to your needs: | |
# e.g. JENKINS_HOME="/jenkins_data/jenkins" | |
JENKINS_HOME="/var/lib/jenkins" | |
JENKINS_JAVA_CMD="" | |
JENKINS_USER="jenkins" | |
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true" | |
JENKINS_PORT="8080" | |
JENKINS_LISTEN_ADDRESS="127.0.0.1" | |
JENKINS_HTTPS_PORT="" | |
JENKINS_HTTPS_LISTEN_ADDRESS="" | |
JENKINS_AJP_PORT="8009" | |
JENKINS_AJP_LISTEN_ADDRESS="" | |
JENKINS_DEBUG_LEVEL="5" | |
JENKINS_ENABLE_ACCESS_LOG="no" | |
JENKINS_HANDLER_MAX="100" | |
JENKINS_HANDLER_IDLE="20" | |
JENKINS_ARGS="" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/nginx/conf.d/jenkins.conf | |
# tested on CentOS 6.4 | |
# simple nginx configuration for jenkins. | |
# jenkins is configured to listen to 127.0.0.1:8080 | |
# this is configured in /etc/sysconfig/jenkins. | |
# this section tells nginx about that server. | |
upstream jenkins { | |
server 127.0.0.1:8080 fail_timeout=0; | |
} | |
# this section forces incoming requests to switch to https. | |
server { | |
listen 80; | |
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; | |
return 301 https://$host$request_uri; | |
} | |
# this is the main section, listening to https requests. | |
server { | |
listen 443 ssl; | |
server_name _; | |
# these are sane defaults. | |
keepalive_timeout 70; | |
ssl_session_timeout 10m; | |
ssl_session_cache shared:SSL:10m; | |
# either a self-signed certificate or one provided by your IT. | |
ssl_certificate /etc/ssl/certs/jenkins.crt; | |
ssl_certificate_key /etc/ssl/certs/jenkins.key; | |
ssl_prefer_server_ciphers on; | |
charset utf-8; | |
location / { | |
# this is the maximum upload size | |
client_max_body_size 10m; | |
client_body_buffer_size 128k; | |
# forward all requests to jenkins. | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_redirect http:// https://; | |
proxy_pass http://jenkins/; | |
# do not use temp files, if over buffer size, serve data synchronously | |
proxy_max_temp_file_size 0; | |
# configure how long to hang on to requests. | |
# longer = more chance for DDOS. | |
proxy_connect_timeout 60; | |
proxy_send_timeout 60; | |
proxy_read_timeout 120; | |
# https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx | |
# https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy | |
proxy_buffers 4 32k; | |
proxy_buffer_size 4k; | |
proxy_busy_buffers_size 64k; | |
proxy_temp_file_write_size 64k; | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment