Skip to main content

Jenkins - Docker Compose Stack with Nginx Reverse Proxy

401 words·
Jenkins Docker-Compose Nginx
Table of Contents

Jenkins Docker Compose
#

Folder Structure
#

# Create folder structure
sudo mkdir -p /opt/jenkins/jenkins_home && cd /opt/jenkins/

Docker Compose File
#

# Create Docker Compose file
sudo vi docker-compose.yml
# docker-compose.yaml
version: "3.8"
services:
  jenkins:
    image: jenkins/jenkins:lts
    container_name: jenkins
    restart: unless-stopped
    privileged: true
    user: root
    ports:
     - "8080:8080"
     - "50000:50000"
    volumes:
     - ./jenkins_home:/var/jenkins_home
     - /var/run/docker.sock:/var/run/docker.sock

Start Container
#

# Start / create container
sudo docker compose up -d

Admin PW
#

# Find initial Admin PW
docker exec jenkins cat /var/jenkins_home/secrets/initialAdminPassword
# Shell output:
e1334a198bca4a56bf3cb4a28e400959

# Or find initial Admin PW in logs
docker logs jenkins | less

Reverse Proxy
#

Certbot
#

# Install Certbot
sudo apt install certbot -y

# Create certificate
sudo certbot certonly --standalone -d jenkins.jklug.work

Nginx
#

# Install nginx
sudo apt install nginx -y

# Copy default config
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/jenkins.jklug.work

# Edit config
sudo vi /etc/nginx/sites-available/jenkins.jklug.work
# jenkins.jklug.work
upstream jenkins {
  keepalive 32; # keepalive connections
  server 127.0.0.1:8080; # jenkins ip and port
}

# Required for Jenkins websocket agents
map $http_upgrade $connection_upgrade {
  default upgrade;
  '' close;
}

server {
  listen          443;

  server_name     jenkins.jklug.work;

  ssl_certificate         /etc/letsencrypt/live/jenkins.jklug.work/fullchain.pem;
  ssl_certificate_key     /etc/letsencrypt/live/jenkins.jklug.work/privkey.pem;



  # this is the jenkins web root directory
  # (mentioned in the output of "systemctl cat jenkins")
  root            /var/run/jenkins/war/;

  access_log      /var/log/nginx/jenkins.access.log;
  error_log       /var/log/nginx/jenkins.error.log;

  # pass through headers from Jenkins that Nginx considers invalid
  ignore_invalid_headers off;

  location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
    # rewrite all static files into requests to the root
    # E.g /static/12345678/css/something.css will become /css/something.css
    rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
  }

  location /userContent {
    # have nginx handle all the static requests to userContent folder
    # note : This is the $JENKINS_HOME dir
    root /var/lib/jenkins/;
    if (!-f $request_filename){
      # this file does not exist, might be a directory or a /**view** url
      rewrite (.*) /$1 last;
      break;
    }
    sendfile on;
  }

  location / {
      sendfile off;
      proxy_pass         http://jenkins;
      proxy_redirect     default;
      proxy_http_version 1.1;

      # Required for Jenkins websocket agents
      proxy_set_header   Connection        $connection_upgrade;
      proxy_set_header   Upgrade           $http_upgrade;

      proxy_set_header   Host              $http_host;
      proxy_set_header   X-Real-IP         $remote_addr;
      proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header   X-Forwarded-Proto $scheme;
      proxy_max_temp_file_size 0;

      #this is the maximum upload size
      client_max_body_size       10m;
      client_body_buffer_size    128k;

      proxy_connect_timeout      90;
      proxy_send_timeout         90;
      proxy_read_timeout         90;
      proxy_request_buffering    off; # Required for HTTP CLI commands
  }

}
# Disable default config
sudo rm /etc/nginx/sites-enabled/default

# Enable config
sudo ln -s /etc/nginx/sites-available/jenkins.jklug.work /etc/nginx/sites-enabled/

# Restart Nginx
sudo systemctl restart nginx

Jenkins GUI
#

# Open URL
jenkins.jklug.work

# Use initial Admin PW

Links #

# Reverse Proxy
https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-with-jenkins/reverse-proxy-configuration-nginx/#permissions