Skip to content

Instantly share code, notes, and snippets.

@marcelotournier

marcelotournier/jenkins_setup.sh

Last active October 16, 2024 15:24
Show Gist options
  • Save marcelotournier/ea0cb8152e627e40b859cf4feaa74aa3 to your computer and use it in GitHub Desktop.
Save marcelotournier/ea0cb8152e627e40b859cf4feaa74aa3 to your computer and use it in GitHub Desktop.
Download ZIP
Setup jenkins with HTTPS in a single script
Raw
jenkins_setup.sh
# Jenkins https simple setup
#
# Shell script to install jenkins in a cloud machine, with https and ssl cert auto-renew
# Tested on ubuntu 20.04
#
# refs:
# - overall setup
# https://computingforgeeks.com/configure-jenkins-behind-nginx-reverse-proxy-and-lets-encrypt-ssl/
# - for changing jenkins conf file:
# https://www.digitalocean.com/community/tutorials/how-to-configure-jenkins-with-ssl-using-an-nginx-reverse-proxy-on-ubuntu-20-04
# To run:
# $> sudo sh jenkins_setup.sh <JENKINS_HOST> <ALERTS_EMAIL>
# args:
# JENKINS_HOST: Your website host to install jenkins, e.g: "jenkins.yoursite.com"
# ALERTS_EMAIL: Your website email, for receiving certbot stuff, e.g: "[email protected]"
# Change parameters below for the host and email
JENKINS_HOST=$1
ALERTS_EMAIL=$2
# Run this inside of the jenkins machine:
sudo apt update &&
sudo apt install openjdk-17-jdk vim wget nginx python3-certbot-nginx -y &&
# add jenkins key
curl -fsSL https://pkg.jenkins.io/debian/jenkins.io-2023.key | sudo tee \
/usr/share/keyrings/jenkins-keyring.asc > /dev/null
# add jenkins repo
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
https://pkg.jenkins.io/debian binary/ | sudo tee \
/etc/apt/sources.list.d/jenkins.list > /dev/null
# update
sudo apt update &&
sudo apt-get install jenkins -y &&
# open ports
# TODO: check if this is really needed in the future.
# sudo ufw allow OpenSSH
# sudo ufw enable
# sudo ufw allow 8080 # don't need anymore.
# start
sudo systemctl start jenkins &&
sudo systemctl status jenkins &&
# Reverse proxy config
echo "################################################
# Jenkins Nginx Proxy configuration
#################################################
upstream jenkins {
server 127.0.0.1:8080 fail_timeout=0;
}
server {
listen 80;
server_name ${JENKINS_HOST};
location / {
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_pass http://jenkins;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off; # Required for HTTP-based CLI to work over SSL
}
}
" > /etc/nginx/conf.d/jenkins.conf &&
# Check and restart nginx
sudo nginx -t &&
sudo systemctl enable --now nginx &&
sudo systemctl restart nginx &&
# install certificates
sudo certbot --nginx --redirect -d $JENKINS_HOST --preferred-challenges http --agree-tos -n -m $ALERTS_EMAIL --keep-until-expiring &&
# change jenkins default 8080 to localhost
cp /etc/default/jenkins /etc/default/jenkins.old &&
sudo grep -v "JENKINS_ARGS=" /etc/default/jenkins > /etc/default/jenkins_tmp &&
mv /etc/default/jenkins_tmp /etc/default/jenkins &&
# inject new config and restart
echo 'JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1"' >> /etc/default/jenkins &&
sudo systemctl restart jenkins &&
(crontab -l ; echo "1 0 1 * * /usr/bin/certbot renew --quiet") | sort - | uniq - | crontab - &&
# TODO: Check if it needs this repeated line, because I saw "no crontab for root" in ubuntu 20
(crontab -l ; echo "1 0 1 * * /usr/bin/certbot renew --quiet") | sort - | uniq - | crontab - &&
# that's all folks!
echo "DONE!
Certificates were automatically set to renew monthly.
"
# Get jenkins password for install
echo "Jenkins Unlock password:" &&
cat /var/lib/jenkins/secrets/initialAdminPassword
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment