rdegges / proxy_nginx.sh
Created

Embed URL

HTTPS clone URL

SSH clone URL

You can clone with HTTPS or SSH.

Download Gist

Create a HTTP proxy for jenkins using NGINX.

View proxy_nginx.sh
Raw
File suppressed. Click to show.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 
sudo aptitude -y install nginx

cd /etc/nginx/sites-available

sudo rm default

sudo cat > jenkins

upstream app_server {

    server 127.0.0.1:8080 fail_timeout=0;

}

 

server {

    listen 80;

    listen [::]:80 default ipv6only=on;

    server_name ci.yourcompany.com;

 

    location / {

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header Host $http_host;

        proxy_redirect off;

 

        if (!-f $request_filename) {

            proxy_pass http://app_server;

            break;

        }

    }

}

^D # Hit CTRL + D to finish writing the file

sudo ln -s /etc/nginx/sites-available/jenkins /etc/nginx/sites-enabled/

sudo service nginx restart
mmzoo commented

When using SSL, you might want to use something like the below nginx config.

  • Terminate SSL connection at nginx
  • Proxy it internally to Jenkins on port 8080
  • Replace the Location Header of Jenkins with https instead of http

Note that the third point is pretty tricky. We use proxy_redirect http:// https://; that corresponds to Apaches's ProxyPassReverse

upstream jenkins {
  server 127.0.0.1:8080 fail_timeout=0;
}

server {
  listen 80 default;
  server_name 127.0.0.1 *.mydomain.com;
  rewrite ^ https://$server_name$request_uri? permanent;
}

server {
  listen 443 default ssl;
  server_name 127.0.0.1 *.mydomain.com;

  ssl_certificate           /etc/ssl/certs/my.crt;
  ssl_certificate_key       /etc/ssl/private/my.key;

  ssl_session_timeout  5m;
  ssl_protocols  SSLv3 TLSv1;
  ssl_ciphers HIGH:!ADH:!MD5;
  ssl_prefer_server_ciphers on;

  # auth_basic            "Restricted";
  # auth_basic_user_file  /home/jenkins/htpasswd;

  location / {
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_redirect http:// https://;

    add_header Pragma "no-cache";

    proxy_pass http://jenkins;
  }
}
house9 commented

I am using something similar, but one problem I have encountered - how do you also force 8080 to use ssl ? currently requests on 8080 just bypasses nginx and go straight to jenkins - i want nginx to prompt with basic auth

  • nevermind, going to update ip tables to block 8080
egmont1227 commented

@house9: make jenkins listen to 127.0.0.1 / localhost only.

aroxby commented

I would humbly like to recommend using a trick like:
sudo cat > jenkins << EOF_JENKINS_EOF
Instead of Crtl-D

omkar0001 commented

@rdegges How do we do it for nginx-php5-fpm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.