Serving LetsEncrypt challenge from Jenkins

[Simon Richter]

Hi,

I'm trying to set up a Jenkins instance that uses LetsEncrypt to get an
SSL certificate. This instance should run inside a VM with no external
dependencies.

So, I'd like to start up Jenkins with a self-signed certificate
initially, then an external script comes along and puts a static file
into the web tree, which is then requested externally, the file is
subsequently deleted and then Jenkins is restarted to load the new
certificate.

How would I make a file with a random name visible in the web tree (the
file is not below /userContent/)?

Also, I'd like to bind Jenkins to port 443 — is there a sane way to make
it bind the port and drop privileges, or do I need to create an ugly
workaround?

Simon

[Daniel Beck]

> On 16. Mar 2018, at 22:46, Simon Richter <Simon....@hogyros.de> wrote:
>
> How would I make a file with a random name visible in the web tree (the
> file is not below /userContent/)?
>
> Also, I'd like to bind Jenkins to port 443 — is there a sane way to make
> it bind the port and drop privileges, or do I need to create an ugly
> workaround?

The answer for both is the same: Use a reverse proxy.

(Or you can use e.g. iptables to forward 443 to 8080 for the second question.)