Skip to content

Instantly share code, notes, and snippets.

@mgedmin

mgedmin/jenkins.md

Last active April 3, 2019 17:33
Show Gist options
  • Save mgedmin/8ebb6305a6d0ff86a4b823367355db33 to your computer and use it in GitHub Desktop.
Save mgedmin/8ebb6305a6d0ff86a4b823367355db33 to your computer and use it in GitHub Desktop.
Download ZIP
Installing latest Jenkins on Ubuntu
Raw
jenkins.md

Installing upstream Jenkins

  1. Make sure you don't have Jenkins installed from Ubuntu repositories -- you'll get problems if you try to mix it with upstream packages
apt-get purge jenkins --auto-remove
  1. Add the upstream Jenkins package repository
wget -q -O - https://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | apt-key add -
echo deb http://pkg.jenkins-ci.org/debian binary/ > /etc/apt/sources.list.d/jenkins.list
apt-get update

  1. Install Jenkins and configure it not to be reachable directly

    apt-get install jenkins
echo 'JENKINS_ARGS="$JENKINS_ARGS --httpListenAddress=127.0.0.1 --ajp13ListenAddress=127.0.0.1"' >> /etc/default/jenkins
service jenkins restart

  2. Install Apache

apt-get install apache2
  1. Install the Let's Encrypt client so you can get a free SSL certificate
apt-get install augeas-lenses build-essential ca-certificates libaugeas0 libffi-dev libssl-dev python-dev python-virtualenv
virtualenv /opt/letsencrypt
/opt/letsencrypt/bin/pip install -U pip setuptools wheel
/opt/letsencrypt/bin/pip install -U letsencrypt letsencrypt-apache
  1. Generate an SSL certificate for your domain (replace jenkins.example.com with your domain and you@example.com with your email address)
/opt/letsencrypt/bin/letsencrypt certonly -t -n --agree-tos -a apache -m you@example.com -d jenkins.example.com
  1. Automate Let's Encrypt certificate renewal -- create a file /etc/cron.weekly/letsencrypt with the following text
#!/bin/sh
/opt/letsencrypt/bin/letsencrypt renew --noninteractive
service apache2 reload

  1. chmod +x /etc/cron.weekly/letsencrypt

  2. Configure a virtual host for your Jenkins -- create a file /etc/apache2/sites-available/jenkins.example.com.conf (replace jenkins.example.com with your domain etc. here and in all further steps)

<VirtualHost *:80>
  ServerName jenkins.example.com
  ServerAdmin you@example.com
  
  DocumentRoot /var/www/jenkins.example.com
  ErrorLog /var/log/apache2/jenkins.example.com/error.log
  CustomLog /var/log/apache2/jenkins.example.com/access.log combined
  
  RewriteEngine on
  RewriteRule ^/(.*)$ https://jenkins.example.com/$1 [R=301,L]
</VirtualHost>

<VirtualHost *:443>
  ServerName jenkins.example.com
  ServerAdmin you@example.com
  
  DocumentRoot /var/www/jenkins.example.com
  ErrorLog /var/log/apache2/jenkins.example.com/error.log
  CustomLog /var/log/apache2/jenkins.example.com/access.log combined
  
  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/jenkins.example.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/jenkins.example.com/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/jenkins.example.com/chain.pem

  AllowEncodedSlashes NoDecode
  ProxyPreserveHost On
  ProxyPass / http://localhost:8080/ nocanon
  ProxyPassReverse / http://localhost:8080/
  ProxyPassReverse / http://jenkins.example.com/
  RequestHeader set X-Forwarded-Proto "https"
  RequestHeader set X-Forwarded-Port "443"

  <Proxy http://localhost:8000/>
    Order deny,allow
    Allow from all
  </Proxy>

</VirtualHost>
  1. Enable the virtual host
mkdir /var/www/jenkins.example.com
mkdir /var/log/apache2/jenkins.example.com
a2enmod ssl proxy_http rewrite headers
a2ensite jenkins.example.com
service apache2 reload
  1. Open https://jenkins.example.com/ and continue with the setup:
  • type the initial admin password from /var/lib/jenkins/secrets/initialAdminPassword
  • install the plugins you want
  • create an admin user account
  • you're done! start adding some projects or something
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment