Step by Step setup Jenkins with SSL on DigitalOcean from scratch using Ubuntu 18.04 LTS

In this article I want to explain you how to setup Jenkins with SSL on DigitalOcean step by step. You will get $100 in credit over 60 days. If you join DigitalOcean using my referral link.

I use this flow always if I need to set up the server from scratch. I am assuming that you have:

  • a domain name;
  • your droplet is up and running;
  • you added your domain name to your droplet;
  • you did set up SSH Key for your droplet.

The Ubuntu is just installed and you didn’t even update your packages.

  • Create a new user

sudo adduser [username]

  • Add permissions

sudo visudo

find the line: User privilege specification and add under that line a new one:

[username] ALL=(ALL:ALL) ALL

  • Add the user to the group sudo

usermod -aG sudo [username]

  • Synchronize ssh file to have ssh access for a new user

rsync --archive --chown=[username]:[username]~/.ssh /home/[username]

  • Exit as root and login with the new user to check that it works

exit
ssh [username]@yourdomainname.com
exit

  • Login again with as root

ssh root@yourdomainname.com

  • Preparing to setup Jenkins

wget -q -O - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | apt-key add -

echo deb http://pkg.jenkins-ci.org/debian binary/ > /etc/apt/sources.list.d/jenkins.list

  • Disable root

nano /etc/ssh/sshd_config

find #PermitRootLogin yes and change to PermitRootLogin no
Disable login by password in the same file sshd_config: PasswordAuthentication no

  • Restart ssh service

/etc/init.d/ssh restart

  • Logout as root

exit

  • Logins as [username]

ssh [username]@yourdomainname.com

  • Update packages

sudo apt-get upgrade

sudo apt-get update

  • Install java and javac

sudo apt install openjdk-8-jdk-headless

  • Setup $JAVA_HOME

Ubuntu 18.04 has the path /usr/lib/jvm/java-8-openjdk-amd64/

export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64

To check the path make command

echo $JAVA_HOME

  • Install Nginx

sudo apt-get install nginx

cd /etc/nginx

  • Creating temporaries certificates

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/cert.key -out /etc/nginx/cert.crt

sudo nano /etc/nginx/sites-enabled/default

and paste in the end of file

Instead of “testautomation.work” you should write your domain name

server {
     listen 80;
     server_name testautomation.work www.testautomation.work;
     return 301 https://testautomation.work$request_uri;
 }

server {

    listen 443;
    server_name testautomation.work;

    ssl_certificate           /etc/nginx/cert.crt;
    ssl_certificate_key       /etc/nginx/cert.key;

    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log                /var/log/nginx/jenkins.access.log;

    location / {

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      proxy_pass          http://localhost:8080;
      proxy_read_timeout  90;

      proxy_redirect      http://localhost:8080 https://testautomation.work;
    }
  }
  • Setup Letsencrypt

sudo apt-get install software-properties-common

sudo add-apt-repository universe

sudo add-apt-repository ppa:certbot/certbot

sudo apt-get update

sudo apt-get install certbot python-certbot-nginx

sudo apt-get install python3-certbot-dns-digitalocean

  • Create certificates

sudo certbot --nginx

  • Install Jenkins

sudo apt-get install jenkins

  • Configure Jenkins

sudo nano /etc/default/jenkins

find in the end line JENKINS_ARGS and change that to new line
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpListenAddress=127.0.0.1 --httpPort=$HTTP_PORT -ajp13Port=$AJP_PORT"

sudo service jenkins restart

sudo service nginx restart

It is all, your Jenkins is available by [yourdomain.name]

Leave a Reply

Your email address will not be published. Required fields are marked *