Skip to content

Instantly share code, notes, and snippets.

@liemle3893

liemle3893/jenkins.your-domain.com

Created May 11, 2018 18:49
Show Gist options
  • Save liemle3893/1c14bc28cf4943a5acbbac8e8b956e9a to your computer and use it in GitHub Desktop.
Save liemle3893/1c14bc28cf4943a5acbbac8e8b956e9a to your computer and use it in GitHub Desktop.
Download ZIP
Jenkins subdomain - NginX config. ( /etc/nginx/sites-available/jenkins.your-domain.com )
Raw
jenkins.your-domain.com
server {
listen 80;
server_name jenkins.your-domain.com;
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the "It appears that your reverse proxy set up is broken" error.
proxy_pass http://127.0.0.1:8080;
proxy_read_timeout 90;
proxy_redirect http://127.0.0.1:8080 https://jenkins.your-domain.com;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
# workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
add_header 'X-SSH-Endpoint' 'jenkins.your-domain.com:50022' always;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
####################################################################################
#
# Make sure to create soft link to /etc/nginx/sites-enabled/
# $ ln -s /etc/nginx/sites-available/jenkins.your-domain.com /etc/nginx/sites-enabled/jenkins.your-domain.com
# $ service nginx -t
# $ service nginx restart
#
####################################################################################
@liemle3893
Copy link
Author

Update: (Support SSL) (Using certbot, but it's may work seamlessly with others CA too)

server {
    listen 80;
    listen [::]:80;
    server_name jenkins.your-domain.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen [::]:443;
    ssl on; # listen [::]:443 ssl ipv6only=on; will cause exception. You should do this way to prevent that error.
    listen 443 ssl; # managed by Certbot
    server_name jenkins.your-domain.com;

    ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    ### Services define
    location / {
      proxy_set_header        Host $host:$server_port;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      # Fix the "It appears that your reverse proxy set up is broken" error.
      proxy_pass          http://127.0.0.1:8080;
      proxy_read_timeout  90;

      proxy_redirect      http://127.0.0.1:8080 https://jenkins.your-domain.com;

      # Required for new HTTP-based CLI
      proxy_http_version 1.1;
      proxy_request_buffering off;
      # workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
      add_header 'X-SSH-Endpoint' 'jenkins.your-domain.com:50022' always;
    }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment