Nginx + Jenkins Configuration

This is just a simple post about configuring Nginx to proxy Jenkins, with HTTPS. This example assumes Jenkins is hosted on the same machine as Nginx, and at the default port (e.g. 8080). It does not include how to obtain an SSL server certificate.

my.domain.com.conf:

server {
    listen 443;
    server_name my.domain.com;

    ## Remove this when the following issue is resolved:
    ## https://issues.jenkins-ci.org/browse/JENKINS-7518
    ignore_invalid_headers      off;

    ssl                         on;
    ssl_certificate             /full/path/to/my.domain.com/cert.pem;
    ssl_certificate_key         /full/path/to/my.domain.com/cert.key;
    ssl_session_timeout         5m;

    ssl_protocols               SSLv2 SSLv3 TLSv1;
    ssl_ciphers                 HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    ## Reference:
    ## https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy
    location / {
        ## Convert inbound WAN requests for https://domain.tld/ to
        ## local network requests for http://internal:port/
        proxy_pass http://127.0.0.1:8080;

        ## Rewrite HTTPS requests from WAN to HTTP requests on LAN
        proxy_redirect http:// https://;

        ## The following settings from:
        ## https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx
        sendfile off;

        proxy_set_header           Host $host;
        proxy_set_header           X-Real-IP $remote_addr;
        proxy_set_header           X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_max_temp_file_size   0;

        ## This is the maximum upload size
        client_max_body_size       10m;
        client_body_buffer_size    128k;

        proxy_connect_timeout      90;
        proxy_send_timeout         90;
        proxy_read_timeout         90;

        proxy_buffer_size          4k;
        proxy_buffers              4 32k;
        proxy_busy_buffers_size    64k;
        proxy_temp_file_write_size 64k;
    }

    ## Applicable only when Jenkins and Nginx are on the same machine.
    ## Allow Jenkins userContent to be served directly with Nginx.
    ## Also good idea to set "server_tokens off;" with this.
    location /userContent {
        autoindex  on;
        root       /var/lib/jenkins;
        ## Just in case
        index      index.html;
    }
}

References:

Leave a Reply