In this article I want to explain you how to setup Jenkins with SSL on DigitalOcean step by step. You will get $100 in credit over 60 days. If you join DigitalOcean using my referral link.
I use this flow always if I need to set up the server from scratch. I am assuming that you have:
- a domain name;
- your droplet is up and running;
- you added your domain name to your droplet;
- you did set up SSH Key for your droplet.
The Ubuntu is just installed and you didn’t even update your packages.
- Create a new user
sudo adduser [username]
- Add permissions
sudo visudo
find the line: User privilege specification and add under that line a new one:
[username] ALL=(ALL:ALL) ALL
- Add the user to the group sudo
usermod -aG sudo [username]
- Synchronize ssh file to have ssh access for a new user
rsync --archive --chown=[username]:[username]~/.ssh /home/[username]
- Exit as root and login with the new user to check that it works
exit
ssh [username]@yourdomainname.com
exit
- Login again with as root
ssh root@yourdomainname.com
- Preparing to setup Jenkins
wget -q -O - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | apt-key add -
echo deb http://pkg.jenkins-ci.org/debian binary/ > /etc/apt/sources.list.d/jenkins.list
- Disable root
nano /etc/ssh/sshd_config
find #PermitRootLogin yes and change to PermitRootLogin no
Disable login by password in the same file sshd_config: PasswordAuthentication no
- Restart ssh service
/etc/init.d/ssh restart
- Logout as root
exit
- Logins as [username]
ssh [username]@yourdomainname.com
- Update packages
sudo apt-get upgrade
sudo apt-get update
- Install java and javac
sudo apt install openjdk-8-jdk-headless
- Setup $JAVA_HOME
Ubuntu 18.04 has the path /usr/lib/jvm/java-8-openjdk-amd64/
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
To check the path make command
echo $JAVA_HOME
- Install Nginx
sudo apt-get install nginx
cd /etc/nginx
- Creating temporaries certificates
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/cert.key -out /etc/nginx/cert.crt
sudo nano /etc/nginx/sites-enabled/default
and paste in the end of file
Instead of “testautomation.work” you should write your domain name
server {
listen 80;
server_name testautomation.work www.testautomation.work;
return 301 https://testautomation.work$request_uri;
}
server {
listen 443;
server_name testautomation.work;
ssl_certificate /etc/nginx/cert.crt;
ssl_certificate_key /etc/nginx/cert.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/jenkins.access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080;
proxy_read_timeout 90;
proxy_redirect http://localhost:8080 https://testautomation.work;
}
}
- Setup Letsencrypt
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-nginx
sudo apt-get install python3-certbot-dns-digitalocean
- Create certificates
sudo certbot --nginx
- Install Jenkins
sudo apt-get install jenkins
- Configure Jenkins
sudo nano /etc/default/jenkins
find in the end line JENKINS_ARGS and change that to new lineJENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpListenAddress=127.0.0.1 --httpPort=$HTTP_PORT -ajp13Port=$AJP_PORT"
sudo service jenkins restart
sudo service nginx restart
It is all, your Jenkins is available by [yourdomain.name]