2015/01/06

Configuring Jenkins to use HTTPS on CentOS 6.6

These instructions are using Jenkins 1.595 from the Jenkins Yum repository http://pkg.jenkins-ci.org/redhat/
  1. Create certificate for host with whatever tool you choose.  Personally I like XCA but I don't have a PKI system in place.

  2. Export PKCS12 certificate with chain.

  3. Convert PKCS12 certifcate to java keystore using the following command:
    keytool -importkeystore -srckeystore certificate.p12 -srcstoretype PKCS12 -destkeystore jenkinsstore

  4. Copy the keystore to a permanent location (ex. /var/lib/jenkins).

  5. Import your CA certificate into Java cacerts keystore:
    keytool -import -file CA.crt -keystore /usr/java/latest/jre/lib/security/cacerts

  6. Configure /etc/sysconfig/jenkins with the following settings:
    JENKINS_JAVA_CMD="/usr/java/latest/bin/java"
    JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Xrs -Xmx1024m -XX:PermSize=512m -XX:MaxPermSize=512m"
    JENKINS_HTTPS_PORT="8843"
    JENKINS_HTTPS_KEYSTORE="/var/lib/jenkins/jenkinsstore"
    JENKINS_HTTPS_KEYSTORE_PASSWORD="thePassword"
    JENKINS_HTTPS_LISTEN_ADDRESS="0.0.0.0"

  7. Configure iptables to redirect 443 to 8843 and to block tcp 8080 if you want to use the standard port 443:
    -A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j DROP
    -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8843

  8. Start Jenkins:
    service jenkins start

3 comments:

  1. Thanks to share this information, I am happy that you choose this topic and discuss in very simple word. You can also do a quick test by pointing a browser to https://australianreviewer.com/instant-assignment-help-review/ and you can solve a security warning.

    ReplyDelete

  2. مكافحة حشرات بالخبر مكافحة حشرات بالخبر
    مكافحة حشرات بمكة مكافحة حشرات بمكة
    مكافحة حشرات بالمدينة المنورة شركة مكافحة حشرات بالمدينة المنورة
    مكافحة حشرات بالدمام شركة مكافحة حشرات بالدمام

    ReplyDelete