Description
We are going to install Jenkins in a Amazon Linux 2 AMI, but this set-up can be done in any server.
Installation
#1 First Step - Launching Instance
Selecting the AMI
We are going to go to EC2 in the AWS Console. Select the service and in the section "Instances" select "Launch Instance". We choose, to this set-up an Amazon Linux 2 AMI.
Type of Instance
In the next step you need to select an Instance Type, you can select t2.micro for the eligible free tier or any Instance according to your needs. We selected for this testing the t3.medium Instance.
Configure Instance
Here you need to select the configuration that better work for your needs. The only thing that I set here is an "Auto-assign Public IP", because after the set-up we are going to integrate with github and we are going to need a public IP.
Selecting the storage
For this installation we selected 40gb, you can use the size that you need.
Adding Tags
Set some tags that came be useful for you. I personally use the organization and the name of the instance.
Security Group
Here set the firewall rules, to allow access to your instance. I personally select a security group that I set before for other Instances.
Review and launch
In the last step you can review the total configuration and set the key pair to connect throught SSH to your instance. We going to use this key pair in the next steps.
#2 Second Step - Assigning an Elastic IP address to the instance and setting a domain.
In the EC2 service, select Elastic IPs option from the nav bar, under "Network & Security" option:
Then click in "Allocate new address" and Allocate a new address, I use "Amazon pool" option. Here you receive the new IP, for example 127.0.0.1. Then select the IP and go to the option "Associate address".
In the next form you need to select the Instance and then click in Associate.
With this now you have the new Instance allocated to the new Elastic IP, so the IP of your instance has changed.
Now we are going to set-up a subdomain, if you have any registered in aws is registered in Route 53. Go to Route 53 service and select "Create Record Set".
Complete the subdomain that you want and:
- Type: A - IPv4 Address
- Alias: NO
- Value: Put the IP that your instance have
- Routing Policy: Simple
Then click on "Save Record Set" and the subdomain it's ready.
#3 Third Step - Shorcut to connect the instance via SSH
You can use this command in your terminal to access the instance via SSH:
ssh -i /Path/to/file/pem/file.pem user@ipOrServerName
There you have 3 variables:
- file.pem, accordingly to the screenshot the name of our file is jenkins-v2.pem
- user - If you selected the Amazon Linux 2 the user is ec2-user
- IP - The IP assigned to your instance
We are going to set an easy way to connect this to not remember always the command, for this you need to:
Create a new file named "config" in the ~/.ssh folder and paste the next code, replacing with your vars:
Host ci
HostName InstanceIP or ServerName
User ec2-user
IdentityFile /Path/to/file/pem/file.pem
After this we are going to set the proper permissions to the .pem file.
sudo chmod 600 /Path/to/file/pem/file.pem
Now you can access with this command to the server:
ssh ci
Or, for more comfortable way you can create an alias in you .bashrc profile.
#4 Fourth Step - Installing Jenkins
To install Jenkins run the following commands in order:
sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
sudo rpm --import https://jenkins-ci.org/redhat/jenkins-ci.org.key
sudo yum install jenkins -y
sudo yum install java -y
At this point jenkins it's already installed and the config file path is:
/etc/sysconfig/jenkins
Now you can start Jenkins and see it in your browser in the port 8080.
sudo service jenkins start
And finally enable Jenkins for boot with:
sudo chkconfig jenkins on
Now you can see your jenkins runinng in http://domain:8080 you can change the port or set a revers proxy to redirect the traffic to your domain.
#5 Fifth Step - Configuring Jenkins Installation
On this setp you have already Jenkins installed and now it's necessarily configure some steps. You are going to see this image, for Jenkins 2.1.*
To get the initial admin password run in the server:
sudo cat /var/lib/jenkins/secrets/initialAdminPassword
Copy the ouput and pasted to conitnue the Jenkins configuration.
In the next step I selected that Jenkins installed for me some recomended Plugins, but fell free to install the plugins manually.
After this finish, set the Admin user and password and continue, that's it Jenkins it's installed.
#6 Sixth Step - Extra nginx configuration with SSL
We are going to install nginx, if I run:
sudo yum install nginx
I receive this output
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
amzn2-core | 2.4 kB 00:00:00
No package nginx available.
Error: Nothing to do
nginx is available in Amazon Linux Extra topic "nginx1.12"
To use, run
# sudo amazon-linux-extras install nginx1.12
Learn more at
https://aws.amazon.com/amazon-linux-2/faqs/#Amazon_Linux_Extras
So, I installed nginx with the suggested command:
sudo amazon-linux-extras install nginx1.12 -y
Now we need to tell to jenkins that run in other port and in another address. To do this we are going to edit the file:
/etc/sysconfig/jenkins
And modified the var JENKINS_ARGS, with the next value:
JENKINS_ARGS="--httpPort=4433 --httpListenAddress=127.0.0.1"
Then in the section server of you nginx config file /etc/nginx/nginx.conf, modify with the following instructions:
Under http add:
upstream jenkins {
server 127.0.0.1:4433;
}
And in the server section:
server {
server_name servername.com;
listen 443;
resolver 8.8.8.8 valid=360s;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/certs/domain.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_stapling on;
ssl_stapling_verify on;
location / {
try_files $uri @app;
}
location @app {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_next_upstream error;
proxy_pass http://jenkins;
proxy_redirect http:// https://;
proxy_read_timeout 150;
}
}
Here you need to ensure that you have your certs file in /etc/ssl/certs/ and set you servername.
After this restart the services:
sudo service nginx restart
sudo service jenkins restart
And now you can go to:
https://domain.com
And you are going to see the jenkins interface and if you try to go https://domain.com:8080 it's going to be unavailable.
Please let me know any issues or suggestions.
Thanks !
Top comments (0)