Install and Configure Apache as Reverse Proxy for Jenkins
My previous article is install Jenkins on Ubuntu server and running on default port 8080
, Now let’s upgrade it to HTTPS
protocol or you say port 443
by using reverse proxy.
Step 1: Install apache2 on server
I am going install apache2 web server from Ubuntu repository.
$ sudo apt-get install apache2
When the installation is done, enable the proxy
and proxy_http
modules so we can configure Apache as fronted server/reverse proxy for Jenkins.
$ a2enmod proxy
$ a2enmod proxy_http
$ a2enmod rewrite
Step 2: Create virtual host file conf
Next, create a new virtual host file in the sites-available directory.
$ nano /etc/apache2/sites-available/jenkins-ssl.conf
Copy and Paste virtual host configuration below.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName jenkins.mydomain.com
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8081/ nocanon
ProxyPassReverse / http://localhost:8081/
ProxyPassReverse / http://jenkins.mydomain.com/
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
# Redirect http to https
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# SSL Engine Switch:
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
Save the file.
Step 3: Enable sites-available
Then activate the Jenkins virtual host with the a2ensite command.
$ a2ensite jenkins
Final Step: Update configuration of Jekins
change the JenkinshttpListenAddress
from its default of 0.0.0.0
to 127.0.0.1
$ nano /etc/default/jenkins
add the following line somewhere:
HTTP_HOST=127.0.0.1
Scroll down to find JENKINS_ARGS
to add --httpListenAddress=$HTTP_HOST
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=$HTTP_HOST"
Restart Apache and Jenkins.
$ systemctl restart apache2
$ systemctl restart jenkins
In conclusion
I’m sure, the information above will be useful for you. But there are hundreds of other creative people whom it might be useful for as well. So Clap! Clap! :)👏🏼