Secure Jenkins URL
29 views
Skip to first unread message
Veera Mani
Oct 16, 2019, 11:03:38 AM10/16/19
to Jenkins Users
Hi,
How to setup the jenkins URL to https?
I am looking to use the jenkins tool in internal network , but still would like to have it secure ?
Any docs which help to setup secure jenkins URL (with all links below the mail URL) will be helpful .
Thanks
Toni Van de Voorde
Oct 16, 2019, 12:52:59 PM10/16/19
to jenkins...@googlegroups.com
How about the page on the wiki of jenkins itself ? https://wiki.jenkins.io/pages/viewpage.action?pageId=135468777
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/46bec134-b973-48df-9718-e92dcc72d9a8%40googlegroups.com.
Message has been deleted
Simon Richter
Oct 18, 2019, 8:59:45 PM10/18/19
to jenkins...@googlegroups.com
Hi,
On 16.10.19 17:03, Veera Mani wrote:
> How to setup the jenkins URL to https?
> I am looking to use the jenkins tool in internal network , but still
> would like to have it secure ?
It can be done, but it is a major hassle to set up:
- the certificate needs to be generated and signed externally, then
converted to a Java keystore and passed into Jenkins from the command line
- ports below 1024 are privileged and not accessible unless running
with system privileges, which would expose a wide attack surface.
Both of these can be worked around and automated to some extent, but it
is usually easier to run Jenkins unencrypted on an unprivileged port,
listening to connections on 127.0.0.1 only so it is not reachable from
other hosts (for extra security, add a firewall rule for 127/8), and
then configure nginx as a proxy, which allows you to use existing
infrastructure for SSL-in-nginx deployments.
Jenkins is prepared for this mode of operation, with a "base URL"
setting in the global configuration.
Simon
On 16.10.19 17:03, Veera Mani wrote:
> How to setup the jenkins URL to https?
> I am looking to use the jenkins tool in internal network , but still
> would like to have it secure ?
- the certificate needs to be generated and signed externally, then
converted to a Java keystore and passed into Jenkins from the command line
- ports below 1024 are privileged and not accessible unless running
with system privileges, which would expose a wide attack surface.
Both of these can be worked around and automated to some extent, but it
is usually easier to run Jenkins unencrypted on an unprivileged port,
listening to connections on 127.0.0.1 only so it is not reachable from
other hosts (for extra security, add a firewall rule for 127/8), and
then configure nginx as a proxy, which allows you to use existing
infrastructure for SSL-in-nginx deployments.
Jenkins is prepared for this mode of operation, with a "base URL"
setting in the global configuration.
Simon
Reply all
Reply to author
Forward
0 new messages