2015/01/06

Configuring Jenkins to use HTTPS on CentOS 6.6

These instructions are using Jenkins 1.595 from the Jenkins Yum repository http://pkg.jenkins-ci.org/redhat/
  1. Create certificate for host with whatever tool you choose.  Personally I like XCA but I don't have a PKI system in place.

  2. Export PKCS12 certificate with chain.

  3. Convert PKCS12 certifcate to java keystore using the following command:
    keytool -importkeystore -srckeystore certificate.p12 -srcstoretype PKCS12 -destkeystore jenkinsstore

  4. Copy the keystore to a permanent location (ex. /var/lib/jenkins).

  5. Import your CA certificate into Java cacerts keystore:
    keytool -import -file CA.crt -keystore /usr/java/latest/jre/lib/security/cacerts

  6. Configure /etc/sysconfig/jenkins with the following settings:
    JENKINS_JAVA_CMD="/usr/java/latest/bin/java"
    JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Xrs -Xmx1024m -XX:PermSize=512m -XX:MaxPermSize=512m"
    JENKINS_HTTPS_PORT="8843"
    JENKINS_HTTPS_KEYSTORE="/var/lib/jenkins/jenkinsstore"
    JENKINS_HTTPS_KEYSTORE_PASSWORD="thePassword"
    JENKINS_HTTPS_LISTEN_ADDRESS="0.0.0.0"

  7. Configure iptables to redirect 443 to 8843 and to block tcp 8080 if you want to use the standard port 443:
    -A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j DROP
    -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8843

  8. Start Jenkins:
    service jenkins start

No comments:

Post a Comment