SnapShooter Learning Center

Setting up Jenkins with Nginx reverse proxy and SSL on Debian 11

Setting up Jenkins with Nginx reverse proxy and SSL on Debian 11

Simon Bennett]
Simon Bennett
Last Updated: Oct 20, 2021
Table of Contents

# Introduction

Jenkins is a free and open-source automation server that helps you to manage tasks efficiently from building to deploying software. It is a Java-based continuous integration tool used to streamline the continuous development, testing and deployment of newly submitted code. It is very useful in an environment where multiple developers are submitting code to a shared repository. It supports many famous programming languages like Python, C++, PHP, etc. Jenkins allows you to distribute work across multiple machines and speed up builds, tests, and deployments across multiple platforms.

In this post, we will show you how to install Jenkins with Nginx and SSL support on Debian 11.


# Requirements

  • A server running Debian 11 operating system.
  • A valid domain name pointed with your server IP.
  • A root password is set up on your server.

# Install Required Dependencies

Jenkins is written in Java language so Java must be installed on your server. You can install Java with other required dependencies using the following command:

apt-get install default-jdk curl gnupg2 -y

After the successful installation, verify the Java version using the command below:

java --version

You should see the Java version in the following output:

openjdk 11.0.7 2020-04-14
OpenJDK Runtime Environment (build 11.0.7+10-post-Ubuntu-3ubuntu1)
OpenJDK 64-Bit Server VM (build 11.0.7+10-post-Ubuntu-3ubuntu1, mixed mode, sharing)

# Install Jenkins on Debian 11

By default, Jenkins is not included in the Debian 11 default repository. So you will need to add the Jenkins official repository to your system.

You can add the Jenkins GPG key and repository using the following command:

wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io.key | apt-key add -
sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'

Once the repository is added, update the repository and install the Jenkins using the following command:

apt-get update -y
apt-get install jenkins -y

Once the Jenkins has been installed, start the Jenkins service and enable it to start at system reboot:

systemctl start jenkins
systemctl enable jenkins

You can check the status of the Jenkins with the following command:

systemctl status jenkins

You will get the following output:

● jenkins.service - LSB: Start Jenkins at boot time
     Loaded: loaded (/etc/init.d/jenkins; generated)
     Active: active (exited) since Mon 2021-10-18 07:59:22 UTC; 1min 3s ago
       Docs: man:systemd-sysv-generator(8)
      Tasks: 0 (limit: 2353)
     Memory: 0B
     CGroup: /system.slice/jenkins.service
Oct 18 07:59:20 ubuntu systemd[1]: Starting LSB: Start Jenkins at boot time...
Oct 18 07:59:21 ubuntu jenkins[23234]: Correct java version found
Oct 18 07:59:21 ubuntu jenkins[23234]:  * Starting Jenkins Automation Server jenkins
Oct 18 07:59:21 ubuntu su[23276]: (to jenkins) root on none
Oct 18 07:59:21 ubuntu su[23276]: pam_unix(su-l:session): session opened for user jenkins by (uid=0)
Oct 18 07:59:21 ubuntu su[23276]: pam_unix(su-l:session): session closed for user jenkins
Oct 18 07:59:22 ubuntu jenkins[23234]:    ...done.
Oct 18 07:59:22 ubuntu systemd[1]: Started LSB: Start Jenkins at boot time.

By default, Jenkins listens on port 8080. You can check it with the following command:

ss -antpl | grep 8080

You will get the following output:

LISTEN    0         50                       *:8080                   *:*        users:   (("java",pid=23289,fd=121))                                              

# Configure Nginx as a Reverse Proxy for Jenkins

It is a good idea to configure Nginx as a reverse proxy to access the Jenkins on port 80. First, install the Nginx package using the following command:

apt-get install nginx -y

Once Nginx has been installed, create an Nginx virtual host configuration file:

nano /etc/nginx/conf.d/jenkins.conf

Add the following codes:

server {
    listen 80;

    server_name jenkins.linuxbuz.com;

    location / {
        proxy_set_header        Host $host:$server_port;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        proxy_pass          http://127.0.0.1:8080;
        proxy_read_timeout  90;
        proxy_redirect      http://127.0.0.1:8080 https://jenkins.linuxbuz.com;

        proxy_http_version 1.1;
        proxy_request_buffering off;
        add_header 'X-SSH-Endpoint' 'jenkins.linuxbuz.com:50022' always;
    } 
}

Save and close the file then verify the Nginx configuration using the command below:

nginx -t

You will get the following output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Next, restart the Nginx service to apply the configuration changes.

systemctl restart nginx

Next, edit the Jenkins default configuration file and add the Jenkins listen address:

nano /etc/default/jenkins

Add the line --httpListenAddress=127.0.0.1 as shown below:

JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1"

Save and close the file then restart the Jenkins to effect the changes.

systemctl restart jenkins

# Enable SSL Support on Jenkins

Next, you will need to install the Certbot Let's Encrypt client package to download and install the SSL certificate on the Jenkins website. You can install it using the following command:

apt-get install python3-certbot-nginx -y

Once the installation is complete, run the following command to download and install the SSL certificate on the Jenkins website.

certbot --nginx -d jenkins.linuxbuz.com

You will be asked to provide your email address and accept the term of service:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): hitjethva@gmail.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for jenkins.linuxbuz.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/jenkins.conf

Next, select whether or not to redirect HTTP traffic to HTTPS:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Type 2 and press Enter to continue. Once the SSL certificate has been installed, you will get the following output:

Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/jenkins.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://jenkins.linuxbuz.com

# Access Jenkins Installation

Now, open your web browser and access the Jenkins installation wizard using the URL https://jenkins.linuxbuz.com. You will be redirected to the following page:

Jenkins Password Screen

Retrieve the Jenkins installation password using the following command:

cat /var/lib/jenkins/secrets/initialAdminPassword

Sample output:

4aa1cc66daf644d79f4e70edf8d06eaf

Copy the above password and paste it in the Jenkins screen and click on the Continue button. You will be asked to select the appropriate option to install the plugin:

Jenkins Plugin Installation Screen

Click on the Install suggested plugin. You will get the following screen:

Jenkins Admin User Creation Screen

Provide your Jenkins admin username, password, email and click on the Save and Finish button. You should see the Instance configuration screen:

Jenkins Instance Configuration

Provide your Jenkins URL and click on the Save and Finish button. Once the installation has been finished, you will get the Jenkins dashboard as shown below:

Jenkins Dashboard


# Conclusion

In the above guide, we explained how to install Jenkins with Nginx as a reverse proxy. We also explained how to enable the SSL support on Jenkins. You can now implement Jenkins in the development environment to speed up the build and test process.


Did you find this article helpful?