jenkins 部署 + nginx 反向代理配置

ec2 安装 jenkins 并配置反向代理

安装

# 获取jenkins的远程仓库包
# 获取Jenkins repository key
wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo
rpm --import http://pkg.jenkins-ci.org/redhat-stable/jenkins-ci.org.key

yum install -y java-1.8.0-openjdk jenkins 
systemctl enable jenkins.service --now


# 获取启动密钥
cat /var/lib/jenkins/secrets/initialAdminPassword
3d54ba4d1f1b48babe41c802bae087ad

配置 nginx 反向代理

官方参考链接：反向代理 - Nginx (jenkins.io)

步骤：

# epel 源
amazon-linux-extras install epel -y

# 安装certbot
yum install certbot python2-certbot-nginx -y

# nginx
yum install nginx -y

nginx 配置文件如下：

# 将域名改为自己的
# egrep -v "^$|#" nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
    worker_connections 1024;
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    include /etc/nginx/conf.d/*.conf;
    upstream jenkins {
    }
    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }
    # 防止恶意解析，禁止IP地址解析
    server {
        listen       80  default_server;
        server_name  _;
        access_log   off;
        return       444;
    }
    server {
        listen       80;
        listen       [::]:80;
        server_name  jenkinsxx.xxxx.com;
        root         /var/lib/jenkins;
	access_log      /var/log/nginx/jenkins.access.log;
        error_log       /var/log/nginx/jenkins.error.log;
        ignore_invalid_headers off;
        location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
          rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
        }
        location /userContent {
          root /var/lib/jenkins/;
          if (!-f $request_filename){
            rewrite (.*) /$1 last;
            break;
          }
          sendfile on;
        }
        location / {
            if ($request_uri ~* "/blue(/.*)") {
                 proxy_pass http://YOUR_SERVER_IP:YOUR_JENKINS_PORT/blue$1;
                 break;
             }
            sendfile off;
            proxy_pass         http://jenkins;
            proxy_redirect     default;
            proxy_http_version 1.1;
            proxy_set_header   Connection        $connection_upgrade;
            proxy_set_header   Upgrade           $http_upgrade;
            proxy_set_header   Host              $host;
            proxy_set_header   X-Real-IP         $remote_addr;
            proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
            proxy_max_temp_file_size 0;
            client_max_body_size       10m;
            client_body_buffer_size    128k;
            proxy_connect_timeout      90;
            proxy_send_timeout         90;
            proxy_read_timeout         90;
            proxy_buffering            off;
        }
        include /etc/nginx/default.d/*.conf;
        error_page 404 /404.html;
        location = /404.html {
        }
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }
}

要授予 Nginx 读取 Jenkins Web 根文件夹的权限，请将用户添加到 Jenkins 组：nginx

usermod -aG jenkins nginx

ssl 配置

暂时先不弄了。因为做了安全组的配置。ssl暂时不弄。没时间；

# 这里使用免费的ssl证书
# 签发证书
certbot --agree-tos certonly --email liulei@xx.tech --webroot -w /var/lib/jenkins/ -d jenkins-hk.xxx.com;