Install and Configure Apache as Reverse Proxy for Jenkins

2 min readMar 7, 2021

My previous article is install Jenkins on Ubuntu server and running on default port 8080 , Now let’s upgrade it to HTTPS protocol or you say port 443 by using reverse proxy.

Step 1: Install apache2 on server

I am going install apache2 web server from Ubuntu repository.

$ sudo apt-get install apache2

When the installation is done, enable the proxy and proxy_http modules so we can configure Apache as fronted server/reverse proxy for Jenkins.

$ a2enmod proxy
$ a2enmod proxy_http
$ a2enmod rewrite

Step 2: Create virtual host file conf

Next, create a new virtual host file in the sites-available directory.

$ nano /etc/apache2/sites-available/jenkins-ssl.conf

Copy and Paste virtual host configuration below.

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerAdmin webmaster@localhost

        ServerName        jenkins.mydomain.com
        ProxyRequests     Off
        ProxyPreserveHost On
        AllowEncodedSlashes NoDecode

        <Proxy *>
              Order deny,allow
              Allow from all
        </Proxy>

        ProxyPass         /  http://localhost:8081/ nocanon
        ProxyPassReverse  /  http://localhost:8081/
        ProxyPassReverse  /  http://jenkins.mydomain.com/
        RequestHeader set X-Forwarded-Proto "https"
        RequestHeader set X-Forwarded-Port "443"

        # Redirect http to https
        RewriteEngine On
        RewriteCond %{HTTPS} off [OR]
        RewriteCond %{HTTP_HOST} ^www\. [NC]
        RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
        RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
    
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        #   SSL Engine Switch:
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   SSLCertificateFile directive is needed.
        
        SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
        
       
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

       
    </VirtualHost>
</IfModule>

Save the file.

Step 3: Enable sites-available

Then activate the Jenkins virtual host with the a2ensite command.

$ a2ensite jenkins

Final Step: Update configuration of Jekins

change the JenkinshttpListenAddress from its default of 0.0.0.0 to 127.0.0.1

$ nano /etc/default/jenkins

add the following line somewhere:

HTTP_HOST=127.0.0.1

Scroll down to find JENKINS_ARGS to add --httpListenAddress=$HTTP_HOST

JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=$HTTP_HOST"

Restart Apache and Jenkins.

$ systemctl restart apache2
$ systemctl restart jenkins

In conclusion

I’m sure, the information above will be useful for you. But there are hundreds of other creative people whom it might be useful for as well. So Clap! Clap! :)👏🏼