In our previous post, we've installed Jenkins on Ubuntu 22.04 but its running on http and in this post we will use Caddy to install and configure a reverse proxy and SSL Termination with LetsEncrypt.
Reconfigure Jenkins Listen Address
If you were following my previous post, jenkins is listening on all interfaces 0.0.0.0
and we would like to change it to 127.0.0.1
so that our Caddy proxy listens on 0.0.0.0:443
and reverse proxy the traffic to 127.0.0.1:8080
.
Edit the systemd unit file in /lib/systemd/system/jenkins.service
and set the JENKINS_LISTEN_ADDRESS
environment variable under the [Service]
directive to 127.0.0.1
:
[Service]
...
Environment="JENKINS_LISTEN_ADDRESS=127.0.0.1"
Then reload systemd:
$ sudo systemctl daemon-reload
Then restart jenkins:
$ sudo systemctl restart jenkins
Then we can validate if Jenkins is listening on localhost:
$ sudo netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp6 0 0 127.0.0.1:8080 :::* LISTEN 4297/java
Install Caddy Reverse Proxy
Install Caddy from consulting their documentation:
$ sudo apt install debian-keyring debian-archive-keyring apt-transport-https -y
$ curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | $ sudo tee /etc/apt/trusted.gpg.d/caddy-stable.asc
$ curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
Then update the indexes and install Caddy:
$ sudo apt update
$ sudo apt install caddy -y
As root, change to the caddy directory:
$ sudo su -
$ cd /etc/caddy
Create the file /etc/caddy/Caddyfile
with the following content (assumption that your fully qualified domain name is jenkins.yourdomain.com
:
jenkins.yourdomain.com {
reverse_proxy http://127.0.0.1:8080
}
Allow port 80 and 443 on the iptables firewall:
$ iptables -I INPUT -p tcp --dport 80 -j ACCEPT
$ iptables -I INPUT -p tcp --dport 443 -j ACCEPT
Then restart caddy:
$ systemctl restart caddy
Then after some time visit your jenkins url and if you inspect the certificate, you should see that the certificate is valid:
The last step is to configure the Jenkins URL to the new https url, and that you can do by heading to "Manage Jenkins" -> "Configure System" and under "Jenkins Location" you should see a "Jenkins URL" input field, where you can provide the https url.
Thank You
Thanks for reading, if you like my content, check out my website, read my newsletter or follow me at @ruanbekker on Twitter.
Comments