This is just a simple post about configuring Nginx to proxy Jenkins, with HTTPS. This example assumes Jenkins is hosted on the same machine as Nginx, and at the default port (e.g. 8080). It does not include how to obtain an SSL server certificate.
my.domain.com.conf:
server {
listen 443;
server_name my.domain.com;
## Remove this when the following issue is resolved:
## https://issues.jenkins-ci.org/browse/JENKINS-7518
ignore_invalid_headers off;
ssl on;
ssl_certificate /full/path/to/my.domain.com/cert.pem;
ssl_certificate_key /full/path/to/my.domain.com/cert.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
## Reference:
## https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy
location / {
## Convert inbound WAN requests for https://domain.tld/ to
## local network requests for http://internal:port/
proxy_pass http://127.0.0.1:8080;
## Rewrite HTTPS requests from WAN to HTTP requests on LAN
proxy_redirect http:// https://;
## The following settings from:
## https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx
sendfile off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_max_temp_file_size 0;
## This is the maximum upload size
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
## Applicable only when Jenkins and Nginx are on the same machine.
## Allow Jenkins userContent to be served directly with Nginx.
## Also good idea to set "server_tokens off;" with this.
location /userContent {
autoindex on;
root /var/lib/jenkins;
## Just in case
index index.html;
}
}
References:
Leave a Reply