Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Create a HTTP proxy for jenkins using NGINX.
sudo aptitude -y install nginx
cd /etc/nginx/sites-available
sudo rm default
sudo cat > jenkins
upstream app_server {
server 127.0.0.1:8080 fail_timeout=0;
}
server {
listen 80;
listen [::]:80 default ipv6only=on;
server_name ci.yourcompany.com;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://app_server;
break;
}
}
}
^D # Hit CTRL + D to finish writing the file
sudo ln -s /etc/nginx/sites-available/jenkins /etc/nginx/sites-enabled/
sudo service nginx restart
@mmzoo

This comment has been minimized.

Copy link

mmzoo commented Mar 27, 2012

When using SSL, you might want to use something like the below nginx config.

  • Terminate SSL connection at nginx
  • Proxy it internally to Jenkins on port 8080
  • Replace the Location Header of Jenkins with https instead of http

Note that the third point is pretty tricky. We use proxy_redirect http:// https://; that corresponds to Apaches's ProxyPassReverse

upstream jenkins {
  server 127.0.0.1:8080 fail_timeout=0;
}

server {
  listen 80 default;
  server_name 127.0.0.1 *.mydomain.com;
  rewrite ^ https://$server_name$request_uri? permanent;
}

server {
  listen 443 default ssl;
  server_name 127.0.0.1 *.mydomain.com;

  ssl_certificate           /etc/ssl/certs/my.crt;
  ssl_certificate_key       /etc/ssl/private/my.key;

  ssl_session_timeout  5m;
  ssl_protocols  SSLv3 TLSv1;
  ssl_ciphers HIGH:!ADH:!MD5;
  ssl_prefer_server_ciphers on;

  # auth_basic            "Restricted";
  # auth_basic_user_file  /home/jenkins/htpasswd;

  location / {
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_redirect http:// https://;

    add_header Pragma "no-cache";

    proxy_pass http://jenkins;
  }
}
@house9

This comment has been minimized.

Copy link

house9 commented Feb 7, 2013

I am using something similar, but one problem I have encountered - how do you also force 8080 to use ssl ? currently requests on 8080 just bypasses nginx and go straight to jenkins - i want nginx to prompt with basic auth

  • nevermind, going to update ip tables to block 8080
@egmont1227

This comment has been minimized.

Copy link

egmont1227 commented May 8, 2014

@house9: make jenkins listen to 127.0.0.1 / localhost only.

@aroxby

This comment has been minimized.

Copy link

aroxby commented Sep 2, 2014

I would humbly like to recommend using a trick like:
sudo cat > jenkins << EOF_JENKINS_EOF
Instead of Crtl-D

@omkar0001

This comment has been minimized.

Copy link

omkar0001 commented Oct 24, 2014

@rdegges How do we do it for nginx-php5-fpm

@goofansu

This comment has been minimized.

Copy link

goofansu commented Apr 30, 2015

@mmzoo Thanks. add_header Pragma "no-cache" is just what I need.

@ghost

This comment has been minimized.

Copy link

ghost commented Mar 12, 2017

Remove or update this uber obsolete information from internet, you are confusing people . . . what is described in the instructions above do not apply in a brand-new Nginx installation.

[root@jenkins nginx]# ll
total 88
drwxr-xr-x. 4 root root 4096 Mar 12 15:30 .
drwxr-xr-x. 80 root root 8192 Mar 12 15:25 ..
-rw-r--r--. 1 root root 1220 Mar 12 15:26 cert.crt
-rw-r--r--. 1 root root 1704 Mar 12 15:26 cert.key
drwxr-xr-x. 2 root root 38 Mar 11 23:22 conf.d
drwxr-xr-x. 2 root root 6 Mar 12 15:20 default.d
-rw-r--r--. 1 root root 1077 Oct 31 12:39 fastcgi.conf
-rw-r--r--. 1 root root 1077 Oct 31 12:39 fastcgi.conf.default
-rw-r--r--. 1 root root 1007 Oct 31 12:39 fastcgi_params
-rw-r--r--. 1 root root 1007 Oct 31 12:39 fastcgi_params.default
-rw-r--r--. 1 root root 2837 Oct 31 12:39 koi-utf
-rw-r--r--. 1 root root 2223 Oct 31 12:39 koi-win
-rw-r--r--. 1 root root 3957 Oct 31 12:39 mime.types
-rw-r--r--. 1 root root 3957 Oct 31 12:39 mime.types.default
-rw-r--r--. 1 root root 2467 Mar 11 23:27 nginx.conf
-rw-r--r--. 1 root root 2656 Oct 31 12:39 nginx.conf.default
-rw-r--r--. 1 root root 2467 Mar 11 23:23 nginx.conf_ORIGINALE
-rw-r--r--. 1 root root 636 Oct 31 12:39 scgi_params
-rw-r--r--. 1 root root 636 Oct 31 12:39 scgi_params.default
-rw-r--r--. 1 root root 664 Oct 31 12:39 uwsgi_params
-rw-r--r--. 1 root root 664 Oct 31 12:39 uwsgi_params.default
-rw-r--r--. 1 root root 3610 Oct 31 12:39 win-utf
[root@jenkins nginx]#

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.