Create a HTTP proxy for jenkins using NGINX.

proxy_nginx.sh

sudo aptitude -y install nginx
cd /etc/nginx/sites-available
sudo rm default
sudo cat > jenkins
upstream app_server {
    server 127.0.0.1:8080 fail_timeout=0;
}

server {
    listen 80;
    listen [::]:80 default ipv6only=on;
    server_name ci.yourcompany.com;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;

        if (!-f $request_filename) {
            proxy_pass http://app_server;
            break;
        }
    }
}
^D # Hit CTRL + D to finish writing the file
sudo ln -s /etc/nginx/sites-available/jenkins /etc/nginx/sites-enabled/
sudo service nginx restart

When using SSL, you might want to use something like the below nginx config.

• Terminate SSL connection at nginx
• Proxy it internally to Jenkins on port 8080
• Replace the Location Header of Jenkins with https instead of http

Note that the third point is pretty tricky. We use proxy_redirect http:// https://; that corresponds to Apaches's ProxyPassReverse

upstream jenkins {
  server 127.0.0.1:8080 fail_timeout=0;
}

server {
  listen 80 default;
  server_name 127.0.0.1 *.mydomain.com;
  rewrite ^ https://$server_name$request_uri? permanent;
}

server {
  listen 443 default ssl;
  server_name 127.0.0.1 *.mydomain.com;

  ssl_certificate           /etc/ssl/certs/my.crt;
  ssl_certificate_key       /etc/ssl/private/my.key;

  ssl_session_timeout  5m;
  ssl_protocols  SSLv3 TLSv1;
  ssl_ciphers HIGH:!ADH:!MD5;
  ssl_prefer_server_ciphers on;

  # auth_basic            "Restricted";
  # auth_basic_user_file  /home/jenkins/htpasswd;

  location / {
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_redirect http:// https://;

    add_header Pragma "no-cache";

    proxy_pass http://jenkins;
  }
}

I am using something similar, but one problem I have encountered - how do you also force 8080 to use ssl ? currently requests on 8080 just bypasses nginx and go straight to jenkins - i want nginx to prompt with basic auth

• nevermind, going to update ip tables to block 8080

@house9: make jenkins listen to 127.0.0.1 / localhost only.

I would humbly like to recommend using a trick like:
sudo cat > jenkins << EOF_JENKINS_EOF
Instead of Crtl-D

@rdegges How do we do it for nginx-php5-fpm

@mmzoo Thanks. add_header Pragma "no-cache" is just what I need.

Remove or update this uber obsolete information from internet, you are confusing people . . . what is described in the instructions above do not apply in a brand-new Nginx installation.

[root@jenkins nginx]# ll
total 88
drwxr-xr-x. 4 root root 4096 Mar 12 15:30 .
drwxr-xr-x. 80 root root 8192 Mar 12 15:25 ..
-rw-r--r--. 1 root root 1220 Mar 12 15:26 cert.crt
-rw-r--r--. 1 root root 1704 Mar 12 15:26 cert.key
drwxr-xr-x. 2 root root 38 Mar 11 23:22 conf.d
drwxr-xr-x. 2 root root 6 Mar 12 15:20 default.d
-rw-r--r--. 1 root root 1077 Oct 31 12:39 fastcgi.conf
-rw-r--r--. 1 root root 1077 Oct 31 12:39 fastcgi.conf.default
-rw-r--r--. 1 root root 1007 Oct 31 12:39 fastcgi_params
-rw-r--r--. 1 root root 1007 Oct 31 12:39 fastcgi_params.default
-rw-r--r--. 1 root root 2837 Oct 31 12:39 koi-utf
-rw-r--r--. 1 root root 2223 Oct 31 12:39 koi-win
-rw-r--r--. 1 root root 3957 Oct 31 12:39 mime.types
-rw-r--r--. 1 root root 3957 Oct 31 12:39 mime.types.default
-rw-r--r--. 1 root root 2467 Mar 11 23:27 nginx.conf
-rw-r--r--. 1 root root 2656 Oct 31 12:39 nginx.conf.default
-rw-r--r--. 1 root root 2467 Mar 11 23:23 nginx.conf_ORIGINALE
-rw-r--r--. 1 root root 636 Oct 31 12:39 scgi_params
-rw-r--r--. 1 root root 636 Oct 31 12:39 scgi_params.default
-rw-r--r--. 1 root root 664 Oct 31 12:39 uwsgi_params
-rw-r--r--. 1 root root 664 Oct 31 12:39 uwsgi_params.default
-rw-r--r--. 1 root root 3610 Oct 31 12:39 win-utf
[root@jenkins nginx]#