DEV Community

loading...

Installing and configuring Jenkins in AWS with SSL

diegonalvarez profile image Diego ・5 min read

Description

We are going to install Jenkins in a Amazon Linux 2 AMI, but this set-up can be done in any server.

Installation

#1 First Step - Launching Instance

Selecting the AMI

We are going to go to EC2 in the AWS Console. Select the service and in the section "Instances" select "Launch Instance". We choose, to this set-up an Amazon Linux 2 AMI.

Step 1 - Selecting Instance.png

Type of Instance

In the next step you need to select an Instance Type, you can select t2.micro for the eligible free tier or any Instance according to your needs. We selected for this testing the t3.medium Instance.

Configure Instance

Here you need to select the configuration that better work for your needs. The only thing that I set here is an "Auto-assign Public IP", because after the set-up we are going to integrate with github and we are going to need a public IP.

Step 2 - Configure Instance.png

Selecting the storage

For this installation we selected 40gb, you can use the size that you need.

Adding Tags

Set some tags that came be useful for you. I personally use the organization and the name of the instance.

Security Group

Here set the firewall rules, to allow access to your instance. I personally select a security group that I set before for other Instances.

Review and launch

In the last step you can review the total configuration and set the key pair to connect throught SSH to your instance. We going to use this key pair in the next steps.

Step 1 - Review and Launch.png

#2 Second Step - Assigning an Elastic IP address to the instance and setting a domain.

In the EC2 service, select Elastic IPs option from the nav bar, under "Network & Security" option:

Step 2 - elastic IP.png

Then click in "Allocate new address" and Allocate a new address, I use "Amazon pool" option. Here you receive the new IP, for example 127.0.0.1. Then select the IP and go to the option "Associate address".

In the next form you need to select the Instance and then click in Associate.

Step 2 - Associate Elastic IP.png

With this now you have the new Instance allocated to the new Elastic IP, so the IP of your instance has changed.

Now we are going to set-up a subdomain, if you have any registered in aws is registered in Route 53. Go to Route 53 service and select "Create Record Set".

Complete the subdomain that you want and:

  • Type: A - IPv4 Address
  • Alias: NO
  • Value: Put the IP that your instance have
  • Routing Policy: Simple

Then click on "Save Record Set" and the subdomain it's ready.

#3 Third Step - Shorcut to connect the instance via SSH

You can use this command in your terminal to access the instance via SSH:

ssh -i /Path/to/file/pem/file.pem user@ipOrServerName

There you have 3 variables:

  • file.pem, accordingly to the screenshot the name of our file is jenkins-v2.pem
  • user - If you selected the Amazon Linux 2 the user is ec2-user
  • IP - The IP assigned to your instance

We are going to set an easy way to connect this to not remember always the command, for this you need to:

Create a new file named "config" in the ~/.ssh folder and paste the next code, replacing with your vars:

Host ci
    HostName InstanceIP or ServerName
    User ec2-user
    IdentityFile /Path/to/file/pem/file.pem

After this we are going to set the proper permissions to the .pem file.

sudo chmod 600 /Path/to/file/pem/file.pem

Now you can access with this command to the server:

ssh ci

Or, for more comfortable way you can create an alias in you .bashrc profile.

#4 Fourth Step - Installing Jenkins

To install Jenkins run the following commands in order:

sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
sudo rpm --import https://jenkins-ci.org/redhat/jenkins-ci.org.key
sudo yum install jenkins -y
sudo yum install java -y

At this point jenkins it's already installed and the config file path is:

/etc/sysconfig/jenkins

Now you can start Jenkins and see it in your browser in the port 8080.

sudo service jenkins start

And finally enable Jenkins for boot with:

sudo chkconfig jenkins on

Now you can see your jenkins runinng in http://domain:8080 you can change the port or set a revers proxy to redirect the traffic to your domain.

#5 Fifth Step - Configuring Jenkins Installation

On this setp you have already Jenkins installed and now it's necessarily configure some steps. You are going to see this image, for Jenkins 2.1.*

Step 5 - Jenkins Unlock.png

To get the initial admin password run in the server:

sudo cat /var/lib/jenkins/secrets/initialAdminPassword

Copy the ouput and pasted to conitnue the Jenkins configuration.

In the next step I selected that Jenkins installed for me some recomended Plugins, but fell free to install the plugins manually.

Step 5 - Plugins Installation.png

After this finish, set the Admin user and password and continue, that's it Jenkins it's installed.

#6 Sixth Step - Extra nginx configuration with SSL

We are going to install nginx, if I run:

sudo yum install nginx

I receive this output

Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
amzn2-core                                                                                                                                                                                                                                                     | 2.4 kB  00:00:00
No package nginx available.
Error: Nothing to do


nginx is available in Amazon Linux Extra topic "nginx1.12"

To use, run
# sudo amazon-linux-extras install nginx1.12

Learn more at
https://aws.amazon.com/amazon-linux-2/faqs/#Amazon_Linux_Extras

So, I installed nginx with the suggested command:

sudo amazon-linux-extras install nginx1.12 -y

Now we need to tell to jenkins that run in other port and in another address. To do this we are going to edit the file:

/etc/sysconfig/jenkins

And modified the var JENKINS_ARGS, with the next value:

JENKINS_ARGS="--httpPort=4433 --httpListenAddress=127.0.0.1"

Then in the section server of you nginx config file /etc/nginx/nginx.conf, modify with the following instructions:

Under http add:

upstream jenkins {
  server 127.0.0.1:4433;
}

And in the server section:

server {
  server_name servername.com;
  listen 443;
  resolver 8.8.8.8 valid=360s;
  ssl on;
  ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
  ssl_certificate_key /etc/ssl/certs/domain.com.key;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  ssl_prefer_server_ciphers on;

  ssl_session_cache shared:SSL:10m;
  ssl_stapling on;
  ssl_stapling_verify on;

  location / {
    try_files $uri @app;
  }

  location @app {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_next_upstream error;
    proxy_pass http://jenkins;
    proxy_redirect http:// https://;
    proxy_read_timeout 150;
  }
}

Here you need to ensure that you have your certs file in /etc/ssl/certs/ and set you servername.

After this restart the services:

sudo service nginx restart
sudo service jenkins restart

And now you can go to:

https://domain.com

And you are going to see the jenkins interface and if you try to go https://domain.com:8080 it's going to be unavailable.

Please let me know any issues or suggestions.

Thanks !

Discussion

pic
Editor guide