Jenkins Docker Compose
#
Folder Structure
#
# Create folder structure
sudo mkdir -p /opt/jenkins/jenkins_home && cd /opt/jenkins/
Docker Compose File
#
# Create Docker Compose file
sudo vi docker-compose.yml
# docker-compose.yaml
version: "3.8"
services:
jenkins:
image: jenkins/jenkins:lts
container_name: jenkins
restart: unless-stopped
privileged: true
user: root
ports:
- "8080:8080"
- "50000:50000"
volumes:
- ./jenkins_home:/var/jenkins_home
- /var/run/docker.sock:/var/run/docker.sock
Start Container
#
# Start / create container
sudo docker compose up -d
Admin PW
#
# Find initial Admin PW
docker exec jenkins cat /var/jenkins_home/secrets/initialAdminPassword
# Shell output:
e1334a198bca4a56bf3cb4a28e400959
# Or find initial Admin PW in logs
docker logs jenkins | less
Reverse Proxy
#
Certbot
#
# Install Certbot
sudo apt install certbot -y
# Create certificate
sudo certbot certonly --standalone -d jenkins.jklug.work
Nginx
#
# Install nginx
sudo apt install nginx -y
# Copy default config
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/jenkins.jklug.work
# Edit config
sudo vi /etc/nginx/sites-available/jenkins.jklug.work
# jenkins.jklug.work
upstream jenkins {
keepalive 32; # keepalive connections
server 127.0.0.1:8080; # jenkins ip and port
}
# Required for Jenkins websocket agents
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443;
server_name jenkins.jklug.work;
ssl_certificate /etc/letsencrypt/live/jenkins.jklug.work/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jenkins.jklug.work/privkey.pem;
# this is the jenkins web root directory
# (mentioned in the output of "systemctl cat jenkins")
root /var/run/jenkins/war/;
access_log /var/log/nginx/jenkins.access.log;
error_log /var/log/nginx/jenkins.error.log;
# pass through headers from Jenkins that Nginx considers invalid
ignore_invalid_headers off;
location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
# rewrite all static files into requests to the root
# E.g /static/12345678/css/something.css will become /css/something.css
rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
}
location /userContent {
# have nginx handle all the static requests to userContent folder
# note : This is the $JENKINS_HOME dir
root /var/lib/jenkins/;
if (!-f $request_filename){
# this file does not exist, might be a directory or a /**view** url
rewrite (.*) /$1 last;
break;
}
sendfile on;
}
location / {
sendfile off;
proxy_pass http://jenkins;
proxy_redirect default;
proxy_http_version 1.1;
# Required for Jenkins websocket agents
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;
#this is the maximum upload size
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_request_buffering off; # Required for HTTP CLI commands
}
}
# Disable default config
sudo rm /etc/nginx/sites-enabled/default
# Enable config
sudo ln -s /etc/nginx/sites-available/jenkins.jklug.work /etc/nginx/sites-enabled/
# Restart Nginx
sudo systemctl restart nginx
Jenkins GUI
#
# Open URL
jenkins.jklug.work
# Use initial Admin PW
Links
#
# Reverse Proxy
https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-with-jenkins/reverse-proxy-configuration-nginx/#permissions