
In this article I want to explain you how to setup Jenkins with SSL on DigitalOcean step by step. You will get $100 in credit over 60 days. If you join DigitalOcean using my referral link.
I use this flow always if I need to set up the server from scratch. I am assuming that you have:
- a domain name;
- your droplet is up and running;
- you added your domain name to your droplet;
- you did set up SSH Key for your droplet.
The Ubuntu is just installed and you didn’t even update your packages.
- Create a new user
sudo adduser [username]
- Add permissions
sudo visudo
find the line: User privilege specification and add under that line a new one:
[username] ALL=(ALL:ALL) ALL
- Add the user to the group sudo
usermod -aG sudo [username]
- Synchronize ssh file to have ssh access for a new user
rsync --archive --chown=[username]:[username]~/.ssh /home/[username]
- Exit as root and login with the new user to check that it works
exit
ssh [username]@yourdomainname.com
exit
- Login again with as root
ssh root@yourdomainname.com
- Preparing to setup Jenkins
wget -q -O - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | apt-key add -
echo deb http://pkg.jenkins-ci.org/debian binary/ > /etc/apt/sources.list.d/jenkins.list
- Disable root
nano /etc/ssh/sshd_config
find #PermitRootLogin yes and change to PermitRootLogin no
Disable login by password in the same file sshd_config: PasswordAuthentication no
- Restart ssh service
/etc/init.d/ssh restart
- Logout as root
exit
- Logins as [username]
ssh [username]@yourdomainname.com
- Update packages
sudo apt-get upgrade
sudo apt-get update
- Install java and javac
sudo apt install openjdk-8-jdk-headless
- Setup $JAVA_HOME
Ubuntu 18.04 has the path /usr/lib/jvm/java-8-openjdk-amd64/
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
To check the path make command
echo $JAVA_HOME
- Install Nginx
sudo apt-get install nginx
cd /etc/nginx
- Creating temporaries certificates
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/cert.key -out /etc/nginx/cert.crt
sudo nano /etc/nginx/sites-enabled/default
and paste in the end of file
Instead of “testautomation.work” you should write your domain name
server { listen 80; server_name testautomation.work www.testautomation.work; return 301 https://testautomation.work$request_uri; } server { listen 443; server_name testautomation.work; ssl_certificate /etc/nginx/cert.crt; ssl_certificate_key /etc/nginx/cert.key; ssl on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_prefer_server_ciphers on; access_log /var/log/nginx/jenkins.access.log; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://localhost:8080; proxy_read_timeout 90; proxy_redirect http://localhost:8080 https://testautomation.work; } }
- Setup Letsencrypt
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-nginx
sudo apt-get install python3-certbot-dns-digitalocean
- Create certificates
sudo certbot --nginx
- Install Jenkins
sudo apt-get install jenkins
- Configure Jenkins
sudo nano /etc/default/jenkins
find in the end line JENKINS_ARGS and change that to new lineJENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpListenAddress=127.0.0.1 --httpPort=$HTTP_PORT -ajp13Port=$AJP_PORT"
sudo service jenkins restart
sudo service nginx restart
It is all, your Jenkins is available by [yourdomain.name]