Installing and configuring Jenkins Continuous Integration server

Installing and configuring Jenkins Continuous Integration server

This tutorial is part of Jenkins tutorial series on Popularowl.

During this tutorial you will learn how to install Jenkins CI server and get it ready to run jobs.

We will use Nginx reverse proxy to make your installation production ready.

After finishing the tutorial you will be able to start using your own continuous integration server and automate your development projects.

Prerequisites

  • Access to the Debian Linux server. You can use VirtualBox locally or one of the cloud platforms (We are using Digital Ocean cloud as example in this tutorial).

Installing Jenkins

This tutorial does not cover provisioning new VM server part. See the how start new VM to guide from Digital Ocean. Or if you are using local VM see VirtualBox guide.

For the purpose of installing JenkinsCI, I have booted up a new VM with the fresh version of Ubuntu Linux on Digital Ocean.

The official Jenkins documentation has steps for installation on Ubuntu servers. We are following these guidelines.

Login to your Ubuntu server via ssh run the following shell commands

wget -q -O - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add -
sudo sh -c 'echo deb http://pkg.jenkins-ci.org/debian binary/ > /etc/apt/sources.list.d/jenkins.list'
sudo apt-get update
sudo apt-get install default-jre
sudo apt-get install jenkins

What the above commands do?

  • Get Jenkins Debian key, and add it to your system.
  • Update the apt-get package index.
  • Install Java runtime. Jenkins is Java application and needs JVM to be present on the system.
  • Perform the actual Jenkins install on Ubuntu machine.

The installation process will create a jenkins user under which CI server will be running.

It will configure Jenkins CI server to be run as linux daemon process. If you want to see the this configuration its in /etc/init.d/jenkins

Logs for Jenkins application are accessible at /var/log/jenkins/jenkins.log

You are now ready to visit your Jenkins CI via Internet browser.

By default Jenkins starts listening on port 8080.

Go to http://your-ip-address:8080 and you should see the initial welcome screen.

jenkins initial setup screen after installation

During installation, Jenkins has created the administrator password and stored it in the specific file.

As it says in the instructions, you can fetch the admin password from /var/lib/jenkins/secrets/initialAdminPassword, enter it and press continue to finish the setup.

Click to install suggested plugins.

Create the admin user. Remember the details you enter in this screen as after the setup is done, you will use them to login as admin user.

Select default options on the following screens and you are ready to start using Jenkins CI server!

jenkins setup completed and ready to use

Congratulations, you now have your own installation of Jenkins CI server!

You can start using it for your projects now.

The next part of this tutorial is about making your Jenkins server production ready and will be helpful if you are planning to make it available publicly.

Making Jenkins CI production ready

First we will install Nginx as reverse proxy for Jenkins server.

Nginx is a powerful web server as well as a great reverse proxy. In our case we want to use it in front of our Jenkins application:

  • To manage all security configurations like SSL certificates and incoming request security.
  • To allow all incoming requests to hit traditional http ports 80 / 443 and leave Jenkins CI server running internally on port 8080.

Run the following commands on your linux server to install Nginx and remove default configuration.

sudo apt install nginx
cd /etc/nginx/sites-available
mv default default.backup
vi default

What the above commands do?

  • Install the Nginx server
  • Navigate you to Nginx configuration directory.
  • Backup default Nginx proxy configuration.
  • Open the new default configuration file for editing

Now you have to add the following contents to the default Nginx configuration file to proxy setup.

# Redirect to Jenkins on port 8080
upstream app_server {
server 127.0.0.1:8080 fail_timeout=0;
}

server {
listen 80;
listen [::]:80 default ipv6only=on;

# Make site accessible from http://localhost/
server_name localhost;

location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;

if (!-f $request_filename) {
proxy_pass http://app_server;
break;
}
}
}

We need to restart Nginx to apply new configuration

sudo service nginx restart

Custom Url for JenkinsCI server

As one of the readers pointed in the comments under this post, there might be a requirement to run Jenkins under custom url like hostname/jenkinsapp

In this case, you would have to setup the Jenkins to accept custom url.

This can be done via JENKINS_ARGS environment variable. It requires restarting Jenkins server. Several other parameters are supported as well.

export JENKINS_ARGS="--prefix=/jenkinsapp"

Protecting JenkinsCI installation with basic login password

If you are planning to have limited number of users who can access your Jenkins CI server, I would recommend to protect the access to overall site with basic username / password authentication.

This can be implemented by Nginx with the help of .htpasswd file which stores all users who can access the site.

.htpasswd file can be generated with the following htpasswd utility by providing it the path where to store the file (it will prompt for user password)

htpasswd -c /etc/nginx/.htpasswd username

Once you have the file created you will need to update default Nginx configuration file we created in the previous step.

# Redirect to Jenkins on port 8080
upstream app_server {
server 127.0.0.1:8080 fail_timeout=0;
}

server {
listen 80;
listen [::]:80 default ipv6only=on;

# Make site accessible from http://localhost/
server_name localhost;

location / {
# Adding basic authorisation to Nginx
auth_basic "Please Login";
auth_basic_user_file /etc/nginx/.htpasswd;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;

if (!-f $request_filename) {
proxy_pass http://app_server;
break;
}
}
}

Note the new added lines auth_basic and auth_basic_user_file we just added.

We now have to restart Nginx in order to apply new configuration

sudo service nginx restart

Disabling access to port 8080 to external requests

Now we have our Jenkins CI server listening 8080 and Nginx proxing all incoming requests from port 80 to 8080. The last step we need in to close direct access to the Jenkins through 8080 so all requests are coming through standard http port 80.

For this we are going to use iptables

Iptables is a very powerful linux tool to configure firewall rules on your VM. For our purpose we only need 2 shell command requests

iptables -A INPUT -p tcp --dport 8080 -s localhost -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j DROP

We are instructing Ubuntu to allow all the incoming requests to 8080 port from localhost (internal). And dropping all other requests.

After these are run you shouldn't be able to access http://yourdomain:8080 directly anymore. And http://yourdomain should still redirect to Jenkins as before.

Summary

To sum up, the goal of this part of tutorial was to install and setup your own Jenkins continuous integration server.

After that, we went through the initial steps required to make your Jenkins server production ready.

You can now use this Jenkins installation to complete the next steps of Popularowl Jenkins CI tutorial.

Next part of the tutorial is about automating the above Jenkins CI install steps with Docker and Terraform.

Similar posts: