dnozay/install.sh

## install.sh

# some of the steps were described here:
# https://wiki.jenkins-ci.org/display/JENKINS/Installing+Jenkins+on+Red+Hat+distributions

# install LTS package
wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo
rpm --import http://pkg.jenkins-ci.org/redhat-stable/jenkins-ci.org.key
yum install jenkins java-1.6.0-openjdk nginx

# check version
java -version

# make sure that it starts on boot
chkconfig jenkins on
chkconfig nginx on

service nginx start
service jenkins start

## iptables
# /etc/sysconfig/iptables
# tested on CentOS 6.4

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7792:637980]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# nagios 5666 5667
-A INPUT -p tcp -m multiport --dports 5666,5667 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
# http and https
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# 49187 => http://stackoverflow.com/questions/17472291/jenkins-slave-port-number-for-firewall
-A INPUT -p tcp -m state --state NEW -m tcp --dport 49187 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

## jenkins
# /etc/sysconfig/jenkins

# change this to your needs:
# e.g. JENKINS_HOME="/jenkins_data/jenkins"
JENKINS_HOME="/var/lib/jenkins"

JENKINS_JAVA_CMD=""
JENKINS_USER="jenkins"
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true"
JENKINS_PORT="8080"
JENKINS_LISTEN_ADDRESS="127.0.0.1"
JENKINS_HTTPS_PORT=""
JENKINS_HTTPS_LISTEN_ADDRESS=""
JENKINS_AJP_PORT="8009"
JENKINS_AJP_LISTEN_ADDRESS=""
JENKINS_DEBUG_LEVEL="5"
JENKINS_ENABLE_ACCESS_LOG="no"
JENKINS_HANDLER_MAX="100"
JENKINS_HANDLER_IDLE="20"
JENKINS_ARGS=""

## jenkins.conf
# /etc/nginx/conf.d/jenkins.conf
# tested on CentOS 6.4
# simple nginx configuration for jenkins.

# jenkins is configured to listen to 127.0.0.1:8080
# this is configured in /etc/sysconfig/jenkins.
# this section tells nginx about that server.
upstream jenkins {
    server 127.0.0.1:8080 fail_timeout=0;
}

# this section forces incoming requests to switch to https.
server {
    listen         80;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    return 301 https://$host$request_uri;
}

# this is the main section, listening to https requests.
server {
    listen      443 ssl;
    server_name  _;

    # these are sane defaults.
    keepalive_timeout    70;
    ssl_session_timeout  10m;
    ssl_session_cache    shared:SSL:10m;

    # either a self-signed certificate or one provided by your IT.
    ssl_certificate      /etc/ssl/certs/jenkins.crt;
    ssl_certificate_key  /etc/ssl/certs/jenkins.key;
    ssl_prefer_server_ciphers   on;

    charset utf-8;

    location / {
        # this is the maximum upload size
        client_max_body_size       10m;
        client_body_buffer_size    128k;

        # forward all requests to jenkins.
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_redirect          http:// https://;
        proxy_pass              http://jenkins/;

        # do not use temp files, if over buffer size, serve data synchronously
        proxy_max_temp_file_size 0;

        # configure how long to hang on to requests.
        # longer = more chance for DDOS.
        proxy_connect_timeout      60;
        proxy_send_timeout         60;
        proxy_read_timeout         120;

        # https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx
        # https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy
        proxy_buffers              4 32k;
        proxy_buffer_size          4k;
        proxy_busy_buffers_size    64k;
        proxy_temp_file_write_size 64k;
    }
}

	# some of the steps were described here:
	# https://wiki.jenkins-ci.org/display/JENKINS/Installing+Jenkins+on+Red+Hat+distributions

	# install LTS package
	wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo
	rpm --import http://pkg.jenkins-ci.org/redhat-stable/jenkins-ci.org.key
	yum install jenkins java-1.6.0-openjdk nginx

	# check version
	java -version

	# make sure that it starts on boot
	chkconfig jenkins on
	chkconfig nginx on

	service nginx start
	service jenkins start
	# /etc/sysconfig/iptables
	# tested on CentOS 6.4

	*filter
	:INPUT ACCEPT [0:0]
	:FORWARD ACCEPT [0:0]
	:OUTPUT ACCEPT [7792:637980]
	-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
	# nagios 5666 5667
	-A INPUT -p tcp -m multiport --dports 5666,5667 -j ACCEPT
	-A INPUT -p icmp -j ACCEPT
	-A INPUT -i lo -j ACCEPT
	# http and https
	-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
	-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
	# 49187 => http://stackoverflow.com/questions/17472291/jenkins-slave-port-number-for-firewall
	-A INPUT -p tcp -m state --state NEW -m tcp --dport 49187 -j ACCEPT
	-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
	-A INPUT -j REJECT --reject-with icmp-host-prohibited
	-A FORWARD -j REJECT --reject-with icmp-host-prohibited
	COMMIT
	# /etc/sysconfig/jenkins

	# change this to your needs:
	# e.g. JENKINS_HOME="/jenkins_data/jenkins"
	JENKINS_HOME="/var/lib/jenkins"

	JENKINS_JAVA_CMD=""
	JENKINS_USER="jenkins"
	JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true"
	JENKINS_PORT="8080"
	JENKINS_LISTEN_ADDRESS="127.0.0.1"
	JENKINS_HTTPS_PORT=""
	JENKINS_HTTPS_LISTEN_ADDRESS=""
	JENKINS_AJP_PORT="8009"
	JENKINS_AJP_LISTEN_ADDRESS=""
	JENKINS_DEBUG_LEVEL="5"
	JENKINS_ENABLE_ACCESS_LOG="no"
	JENKINS_HANDLER_MAX="100"
	JENKINS_HANDLER_IDLE="20"
	JENKINS_ARGS=""
	# /etc/nginx/conf.d/jenkins.conf
	# tested on CentOS 6.4
	# simple nginx configuration for jenkins.

	# jenkins is configured to listen to 127.0.0.1:8080
	# this is configured in /etc/sysconfig/jenkins.
	# this section tells nginx about that server.
	upstream jenkins {
	server 127.0.0.1:8080 fail_timeout=0;
	}

	# this section forces incoming requests to switch to https.
	server {
	listen 80;
	add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
	return 301 https://$host$request_uri;
	}

	# this is the main section, listening to https requests.
	server {
	listen 443 ssl;
	server_name _;

	# these are sane defaults.
	keepalive_timeout 70;
	ssl_session_timeout 10m;
	ssl_session_cache shared:SSL:10m;

	# either a self-signed certificate or one provided by your IT.
	ssl_certificate /etc/ssl/certs/jenkins.crt;
	ssl_certificate_key /etc/ssl/certs/jenkins.key;
	ssl_prefer_server_ciphers on;

	charset utf-8;

	location / {
	# this is the maximum upload size
	client_max_body_size 10m;
	client_body_buffer_size 128k;

	# forward all requests to jenkins.
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_redirect http:// https://;
	proxy_pass http://jenkins/;

	# do not use temp files, if over buffer size, serve data synchronously
	proxy_max_temp_file_size 0;

	# configure how long to hang on to requests.
	# longer = more chance for DDOS.
	proxy_connect_timeout 60;
	proxy_send_timeout 60;
	proxy_read_timeout 120;

	# https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx
	# https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy
	proxy_buffers 4 32k;
	proxy_buffer_size 4k;
	proxy_busy_buffers_size 64k;
	proxy_temp_file_write_size 64k;
	}
	}