Scribd
Upload
93 views

Jenkins-Tomcat-Sonar-Nexus Nginx Reverse Proxy and SSL Setup

The document describes how to configure Nginx as a reverse proxy for Jenkins to enable HTTPS access. It involves setting up DNS records, configuring Nginx, obtaining an SSL certificate using Certbot, and testing the secured Jenkins URL.

Uploaded by

shamshuddin0003
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
93 views

Jenkins-Tomcat-Sonar-Nexus Nginx Reverse Proxy and SSL Setup

The document describes how to configure Nginx as a reverse proxy for Jenkins to enable HTTPS access. It involves setting up DNS records, configuring Nginx, obtaining an SSL certificate using Certbot, and testing the secured Jenkins URL.

Uploaded by

shamshuddin0003
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Jenkins Nginx reverse Proxy and SSL configuration

Setting up Jenkins with Nginx Reverse Proxy and SSL


Prerequisites:
• Jenkins setup
• Nginx application for reverse proxy
• Certbot application for SSL configuration

Note:
Setting up SSL for the Jenkins server directly using its IP address is not possible. To
enable SSL, it's nessesary to have a domain name associated with the Jenkins server.
Without a domain name, obtaining an SSL certificate is challenging, as it typically
requires proof of ownership for the associated IP address.

Unfortunately, in this case, we cannot provide ownership proof for the EC2 instance's IP
address because we don't have access to control or manage the ownership of the ec2 IP
address

Step 1: Create a DNS Name


To set up a domain name for your Jenkins server, you have two options: purchase a
domain name or use one of the free domains available on the internet.

In my case, I have already purchased a domain name from one.com, and we can configure
it to point to your Jenkins server. This allows you to access your Jenkins server using your
existing domain name.

Step 2: Pointing A Records to Our Jenkins Server's IP Address


To proceed further, we'll need to configure the A records on existing domain name to
point to our Jenkins server's IP address. We can configure this from the DNS settings
page of our existing Domain
Step 3: Configuring Nginx reverse proxy
• To set up an Nginx reverse proxy for your Jenkins server, we need to install Nginx on the
EC2 instance where Jenkins is already installed and configured.
sudo apt install nginx

• After Nginx is installed, you'll need to configure it to act as a reverse proxy for your
Jenkins server. This configuration process typically involves creating an Nginx server
block (also known as a virtual host) to direct incoming traffic to the Jenkins server.

Step 4: Editing the Nginx Configuration


• Change your current directory to the Nginx configuration directory
cd /etc/nginx

• Open nginx.conf with Vi Editor:


vi /etc/nginx/nginx.conf

• In Vi command mode, enable line numbers and comment out lines 38 to 54 in the
nginx.conf file
:set numbers
:38,54s/^/#

• After making the necessary changes, save the nginx.conf file and exit the Vi editor

Step 5: Configuring Nginx for Jenkins Server


• create a new configuration file for Jenkins under /etc/nginx/conf.d/ directory and open it
with vi editor
sudo vim /etc/nginx/conf.d/jenkins.conf

• paste the Nginx proxy configuration code to jenkins.conf


################################################
# Jenkins Nginx Proxy configuration
#################################################
upstream jenkins {
server 127.0.0.1:8080 fail_timeout=0;
}

server {
listen 80;
server_name awsdevops.nl;

location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://jenkins;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off; # Required for HTTP-based CLI to work over SSL
}
}

• In the above code, replace 'jenkins.example.com' with your domain name


(e.g., 'awsdevops.nl') and save the changes.

Step 6: Creating an SSL Certificate for Your Domain using certbot application
• To create an SSL certificate for your domain, you can use the Certbot package
Install Certbot and the Certbot Nginx plugin by running the following command:
sudo apt install certbot python3-certbot-nginx

Step 7: Generate SSL Certificate with Certbot


• Run the following command to generate SSL certificates using Certbot
sudo certbot --nginx
• After executing the command, enter your email address when prompted and press Enter
• You'll be asked to accept the terms and conditions. To do so, type 'Y' and press Enter.
• Now, Certbot will prompt you to select the domain for which you want to generate SSL
certificates.

• once certificate is generated, it will show below message

• This will automatically update the Nginx configuration to include SSL settings and
redirect HTTP traffic to HTTPS
Step 8: Access Jenkins Web Interface
• Access Jenkins web interface on https://awsdevops.nl

------------------------------------------------------------------------------------------------------

SonarQube Nginx reverse proxy config:


server {
listen 80;
server_name sonar.awsdevops.nl;

location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

# Pass the request to SonarQube server


proxy_pass http://127.0.0.1:9000; # Change the IP and port as needed
# Required for WebSocket support (SonarQube might use WebSocket)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

Tomcat nginx reverse proxy config:


################################################
# Tomcat Nginx Proxy configuration
#################################################
upstream Tomcat {
server 127.0.0.1:8081 fail_timeout=0;
}

server {
listen 80;
server_name tomcat.awsdevops.nl;

location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://tomcat;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off; # Required for HTTP-based CLI to work over SSL
}
}

nexus nginx reverse proxy config:


server {
listen 80;
server_name nexus.awsdevops.nl; # Replace with your domain or hostname

location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

# Pass the request to Nexus server


proxy_pass http://127.0.0.1:8081; # Change the IP and port as needed

# Additional proxy settings for Nexus


proxy_set_header Authorization ""; # If needed, remove authorization header
proxy_set_header Host $http_host;

# Required for WebSocket support (if Nexus uses WebSocket)


proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

# Prevent "The plain HTTP request was sent to HTTPS port" error
proxy_redirect http:// https://;

You might also like