I have a private network with a local IP. I want to Enable HTTPS for my Jenkins server which is static IP W.X.Y.Z:8080.
Jenkins version 2.9
java version "1.7.0_111"
OpenJDK Runtime Environment (IcedTea 2.6.7) (7u111-2.6.7-0ubuntu0.14.04.3)
OpenJDK 64-Bit Server VM (build 24.111-b01, mixed mode)
I have tried configuring in /etc/defaults/jenkins file the following arguments
HTTP_PORT=-1
JENKINS_ARGS="--webroot=/var/cache/$NAME/war -DsessionTimeout=1 --httpPort=$HTTP_PORT --httpsPort=8081"
But I get the following errors. Please help
Running from: /usr/share/jenkins/jenkins.war
webroot: $user.home/.jenkins
Oct 19, 2016 2:18:48 PM org.eclipse.jetty.util.log.JavaUtilLog info
INFO: Logging initialized @811ms
Oct 19, 2016 2:18:48 PM winstone.Logger logInternal
INFO: Beginning extraction from war file
Oct 19, 2016 2:18:48 PM org.eclipse.jetty.util.log.JavaUtilLog warn
WARNING: Empty contextPath
Using one-time self-signed certificate
Oct 19, 2016 2:18:48 PM winstone.Logger logInternal
INFO: Winstone shutdown successfully
Oct 19, 2016 2:18:48 PM winstone.Logger logInternal
SEVERE: Container startup failed
java.io.IOException: Failed to start a listener
winstone.HttpsConnectorFactory
at winstone.Launcher.spawnListener(Launcher.java:207)
at winstone.Launcher.<init>(Launcher.java:149)
at winstone.Launcher.main(Launcher.java:352)`enter code here`
at sun.reflect.NativeMethodAccessorImpl.invoke0
I found similar issues resolved here but it didn't work for me
EDIT1: The following changes have been tried in /etc/defaults/jenkins file and restarted jenkins but it didn't work for me.
HTTP_PORT=-1
JENKINS_ARGS="--webroot=/var/cache/$NAME/war -DsessionTimeout=1 --httpPort=$HTTP_PORT --httpsPort=8443 --httpsCertificate=cert.pem --httpsPrivateKey=key.pem
https://issues.jenkins-ci.org/browse/JENKINS-34463
https://issues.jenkins-ci.org/browse/JENKINS-25333
You can enable Jenkins via HTTPS with following steps:
Create Certificate using Java
keytool -genkey -keyalg RSA -alias "localhost" -keystore "C:\Users\username\Desktop\New folder\localhost.jks" -validity 365 -keysize 2048 -dname "CN=localhost, OU=OU_name, O=OU_name, L=city, ST=State_name, C=two_letter_country_code" -ext SAN=dns:localhost,ip:ip_address -storepass changeit
Export p12
Public Certificate from key-store file
keytool -importkeystore -srckeystore "C:\Users\username\Desktop\New folder\localhost.jks" -storepass changeit -destkeystore "C:\Users\username\Desktop\New folder\localhost.p12" -srcstoretype JKS -deststoretype PKCS12 -deststorepass changeit
Host Jenkins using key-store (JKS) file
java -jar jenkins.war --httpsPort=8082 --httpPort=-1 --httpsKeyStore="C:\Users\username\Desktop\New folder\localhost.jks" --httpsKeyStorePassword=changeit
Import the Certificate into Browser
You may have a question like why we have exported *.p12
certificate...well, this certificate we are going to import into our browser from where we access Jenkins. The same p12 certificate can be shared between multiple users.
For example in Chrome go to Setting>Search - "Manage Certificate" and click on "Manage Certificate" you will get an "Certificate" window. Import the certificate into each tab (Personnel, Other People, Intermediate Certificate Authorities, Trusted Root Certification Authorities, Trusted Publishers, and Untrusted Publishers).
If you have a valid certificate and you do not want to enable HTTPS for your Jenkins but still want an SSL enable traffic then here is another way.
In my case, I put Jenkins behind my Nginx web server. So here are the steps which I follow:
sudo apt install nginx
)<my-cert>.crt
and
<my-cert>.key
)Changed the nginx configuration in /etc/nginx/sites-available/default
file to something like this:
ssl_certificate /etc/nginx/<my-cert>.crt;
ssl_certificate_key /etc/nginx/<my-cert>.key;
Follow the steps mentioned in the Jenkins Wiki.
By doing these steps the request flow will be like this:
IP: port
) where Jenkins is running.You can do the same with Apache, HAProxy, and squid, see
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With