Installing and configuring JenkinsCI with Nginx

JenkinsCI nginx ubuntu and digital ocean

Overview

JenkinsCI is an open source, enterprise grade continuous integration server.  It has a large and  active community of contributors and supporters, especially from within enterprise technology space. With over 300k global installations and more than 2000 community plugins JenkinsCI is a very popular choice for automating software delivery lifecycles.

This post will walk you through a hands-on installation and configuration of JenkinsCI to be run in your own environment. We will make this installation production ready by adding additional load balancer and by configuring user management capability of JenkinsCI.

Installing JenkinsCI on Ubuntu

For the purpose of installing JenkinsCI, have created new DigitalOcean droplet with fresh version of Ubuntu 12.04 server. Digital Ocean is what we use for our demos and tutorials at PopularOwl, but are free to use these instructions on any host running Ubuntu OS.

The official Jenkins documentation has steps for Ubuntu installation. While logged into your Ubuntu machine through ssh run the following shell commands:

$: wget -q -O - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add -
$: sudo sh -c 'echo deb http://pkg.jenkins-ci.org/debian binary/ > /etc/apt/sources.list.d/jenkins.list'
$: sudo apt-get update
$: sudo apt-get install jenkins

 

Above commands will get Jenkins Debian key, add it to your system, update the apt-get packages index and do actual Jenkins install on your machine.

The installation process will create a jenkins user which will be running the CI server and launch Jenkins as a daemon process. Logs for Jenkins application are accessible at /var/log/jenkins/jenkins.log

By default Jenkins starts listen to incoming http traffic on port 8080. Therefore, after running above steps and pointing your internet browser to http://yourdomain:8080 you should see Jenkins CI server home screen.

installing and configuring JenkinsCI on DigitalOcean and Ubuntu

Nginx in front of JenkinsCI

Nginx is a powerful web server as well as great reverse proxy. In our case we want to put it in front of our Jenkins application in order to redirect all incoming requests to port 80 back and forward to local port 8080 where Jenkins server is listening.

This way we allow for any specific http traffic configuration we might need in the future and protecting our CI server letting it care about what it does best – CI.

$: sudo aptitude -y install nginx
$: cd /etc/nginx/sites-available
$: mv default default.old
$: vi default

 

The above commands will install nginx server, navigate you to sites-available directory, backup default configuration file.

Now you have to change the default configuration file to the following:

# Redirect to Jenkins on port 8080
upstream app_server {
    server 127.0.0.1:8080 fail_timeout=0;
}

server {
	listen   80;
	listen   [::]:80 default ipv6only=on;

	# Make site accessible from http://localhost/
	server_name localhost;

	location / {
	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	    proxy_set_header Host $http_host;
	    proxy_redirect off;

	    if (!-f $request_filename) {
	      proxy_pass http://app_server;
	      break;
	    }
	}
}

 

We need to restart Nginx to apply new configuration

$: sudo service nginx restart

Protecting JenkinsCI installation with basic login password (optional)

If you are planning to have limited number of users who can access your Jenkins CI server, I would recommend to protect the access to overall site with basic username / password authentication. This can be implemented at Nginx level with the help of .htpasswd file which stores all users who can access the site.

.htpasswd file can be generated with the following htpasswd utility by providing it path where to store the file (it will prompt for user password)

htpasswd -c /etc/nginx/.htpasswd username

 

Once you have the file created you will need to update default Nginx configuration file we created in the previous step.

$: cd /etc/nginx/sites-available
$: vi default

 

The file now looks like this

# Redirect to Jenkins on port 8080
upstream app_server {
    server 127.0.0.1:8080 fail_timeout=0;
}

server {
	listen   80;
	listen   [::]:80 default ipv6only=on;

	# Make site accessible from http://localhost/
	server_name localhost;

	location / {
	    # Adding basic authorisation to Nginx
	    auth_basic "Please Login";
	    auth_basic_user_file /etc/nginx/.htpasswd;

	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	    proxy_set_header Host $http_host;
	    proxy_redirect off;

	    if (!-f $request_filename) {
	      proxy_pass http://app_server;
	      break;
	    }
	}
}

 

Note the new added lines auth_basic and auth_basic_user_file lines I just added.
We now have to restart Nginx in order to apply new configuration

$: sudo service nginx restart

 

Disabling access to port 8080 to external requests

Now we have our Jenkins CI server listening 8080 and Nginx proxing all incoming requests from port 80 to 8080. The last step we need in to close direct access to the Jenkins through 8080 so all requests are coming through standard http port 80.

For this we are going to use iptables

Iptables is very powerful tool to configure firewall rules on your box but for our needs only 2 shell command requests are needed:

$: iptables -A INPUT -p tcp --dport 8080 -s localhost -j ACCEPT
$: iptables -A INPUT -p tcp --dport 8080 -j DROP

 

We are instructing Ubuntu to allow all the incoming requests to 8080 port from localhost (internal). And dropping all other requests.

After these are run you shouldn’t be able to access http://yourdomain:8080 directly anymore. And http://yourdomain should still redirect to Jenkins as before.

What’s Next?

The goal of this post was to show you a simple process of installing Jenkins / Nginx combination on Ubuntu and adding an initial basic configuration.

In the following PopularOwl blog posts I’m planning to go through the steps of setting up example Jenkins job / integration with GitHub and running test cases with JMeter testing software. Follow us to get updates on these.

If you have any comments or questions, make sure you leave them in the comments under the post.

Did you like this post? Get monthly summary of our posts and reviews to your inbox!

  • Just implemented disqus on PopuLarOwl Labs blog, so testing how actual comment looks 🙂