From 8cf0c19275c8bbc6a1a71198c120139f2fe15c70 Mon Sep 17 00:00:00 2001 From: Gutium Alexei Date: Thu, 6 Jun 2024 17:44:28 +0300 Subject: [PATCH 1/2] Use nginx as reverse proxy for jenkins --- .../files/etc/nginx/sites-available/default | 71 +++++++++++++++++++ .../lib/cloud/scripts/per-instance/001_onboot | 8 --- jenkins-22-04/scripts/012-jenkins.sh | 12 ++++ jenkins-22-04/template.json | 8 ++- 4 files changed, 90 insertions(+), 9 deletions(-) create mode 100644 jenkins-22-04/files/etc/nginx/sites-available/default create mode 100644 jenkins-22-04/scripts/012-jenkins.sh diff --git a/jenkins-22-04/files/etc/nginx/sites-available/default b/jenkins-22-04/files/etc/nginx/sites-available/default new file mode 100644 index 0000000..50fafc2 --- /dev/null +++ b/jenkins-22-04/files/etc/nginx/sites-available/default @@ -0,0 +1,71 @@ +upstream jenkins { + keepalive 32; # keepalive connections + server 127.0.0.1:8080; # jenkins ip and port +} + +# Required for Jenkins websocket agents +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +server { + listen 80; # Listen on port 80 for IPv4 requests + + #server_name jenkins.example.com; # replace 'jenkins.example.com' with your server domain name + + # this is the jenkins web root directory + # (mentioned in the output of "systemctl cat jenkins") + root /var/run/jenkins/war/; + + access_log /var/log/nginx/jenkins.access.log; + error_log /var/log/nginx/jenkins.error.log; + + # pass through headers from Jenkins that Nginx considers invalid + ignore_invalid_headers off; + + location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" { + # rewrite all static files into requests to the root + # E.g /static/12345678/css/something.css will become /css/something.css + rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last; + } + + location /userContent { + # have nginx handle all the static requests to userContent folder + # note : This is the $JENKINS_HOME dir + root /var/lib/jenkins/; + if (!-f $request_filename){ + # this file does not exist, might be a directory or a /**view** url + rewrite (.*) /$1 last; + break; + } + sendfile on; + } + + location / { + sendfile off; + proxy_pass http://jenkins; + proxy_redirect default; + proxy_http_version 1.1; + + # Required for Jenkins websocket agents + proxy_set_header Connection $connection_upgrade; + proxy_set_header Upgrade $http_upgrade; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_max_temp_file_size 0; + + #this is the maximum upload size + client_max_body_size 10m; + client_body_buffer_size 128k; + + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_request_buffering off; # Required for HTTP CLI commands + } + +} \ No newline at end of file diff --git a/jenkins-22-04/files/var/lib/cloud/scripts/per-instance/001_onboot b/jenkins-22-04/files/var/lib/cloud/scripts/per-instance/001_onboot index e9c5047..9f68e92 100755 --- a/jenkins-22-04/files/var/lib/cloud/scripts/per-instance/001_onboot +++ b/jenkins-22-04/files/var/lib/cloud/scripts/per-instance/001_onboot @@ -1,13 +1,5 @@ #!/bin/sh -sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \ - https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key -echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \ - https://pkg.jenkins.io/debian-stable binary/ | sudo tee \ - /etc/apt/sources.list.d/jenkins.list > /dev/null - -apt -qqy update - DEBIAN_FRONTEND=noninteractive apt -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' install jenkins # Remove the ssh force logout command diff --git a/jenkins-22-04/scripts/012-jenkins.sh b/jenkins-22-04/scripts/012-jenkins.sh new file mode 100644 index 0000000..8ba1a98 --- /dev/null +++ b/jenkins-22-04/scripts/012-jenkins.sh @@ -0,0 +1,12 @@ +sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \ + https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key +echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \ + https://pkg.jenkins.io/debian-stable binary/ | sudo tee \ + /etc/apt/sources.list.d/jenkins.list > /dev/null + +apt -qqy update + +ufw allow http +ufw allow https +ufw limit ssh +ufw --force enable diff --git a/jenkins-22-04/template.json b/jenkins-22-04/template.json index 2b2a9a0..1319d2e 100644 --- a/jenkins-22-04/template.json +++ b/jenkins-22-04/template.json @@ -3,7 +3,7 @@ "variables": { "do_api_token": "{{env `DIGITALOCEAN_API_TOKEN`}}", "image_name": "jenkins-22-04-snapshot-{{timestamp}}", - "apt_packages": "openjdk-11-jdk net-tools", + "apt_packages": "openjdk-11-jdk net-tools nginx", "application_name": "Jenkins", "application_version": "2.445" }, @@ -36,6 +36,11 @@ "source": "jenkins-22-04/files/var/", "destination": "/var/" }, + { + "type": "file", + "source": "jenkins-22-04/files/etc/", + "destination": "/etc/" + }, { "type": "shell", "environment_vars": [ @@ -64,6 +69,7 @@ ], "scripts": [ "common/scripts/018-force-ssh-logout.sh", + "jenkins-22-04/scripts/012-jenkins.sh", "common/scripts/020-application-tag.sh", "common/scripts/900-cleanup.sh" ] From d1a1dd8355d2186f8779f76fceca8bcc8687e31a Mon Sep 17 00:00:00 2001 From: Gutium Alexei Date: Thu, 6 Jun 2024 18:47:06 +0300 Subject: [PATCH 2/2] Add nginx to jenkins 1click --- .../files/var/lib/cloud/scripts/per-instance/001_onboot | 2 -- jenkins-22-04/scripts/012-jenkins.sh | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jenkins-22-04/files/var/lib/cloud/scripts/per-instance/001_onboot b/jenkins-22-04/files/var/lib/cloud/scripts/per-instance/001_onboot index 9f68e92..27643d4 100755 --- a/jenkins-22-04/files/var/lib/cloud/scripts/per-instance/001_onboot +++ b/jenkins-22-04/files/var/lib/cloud/scripts/per-instance/001_onboot @@ -1,7 +1,5 @@ #!/bin/sh -DEBIAN_FRONTEND=noninteractive apt -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' install jenkins - # Remove the ssh force logout command sed -e '/Match User root/d' \ -e '/.*ForceCommand.*droplet.*/d' \ diff --git a/jenkins-22-04/scripts/012-jenkins.sh b/jenkins-22-04/scripts/012-jenkins.sh index 8ba1a98..a49b508 100644 --- a/jenkins-22-04/scripts/012-jenkins.sh +++ b/jenkins-22-04/scripts/012-jenkins.sh @@ -6,6 +6,8 @@ echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \ apt -qqy update +DEBIAN_FRONTEND=noninteractive apt -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' install jenkins + ufw allow http ufw allow https ufw limit ssh