Preface to installing Jenkins
This is important! I highly recommend that you require SSL to access your Jenkins instance and that you use an AWS security group with IP restrictions. We tend to give Jenkins a lot of power to manage our AWS resources and as such it's an intruder's dream. Treat it as such and apply multiple levels of security for your build server.
Installing Jenkins
I usually use a T2 Medium for my Jenkins instance on AWS. With ~4GB ram and 2 cores it's a minimally viable server type with a great price point. This is an easy reserved instance purchase for most businesses -- at rates as of 01/11/2016 we'd pay $26.28/month with no upfront commitment on a reserved instance. You can check AWS EC2 instance rates to see what the current price would be or to find other instance sizes.
Since we're building a new server we may as well get updates first:
sudo yum -y update
Next we'll install nginx to act as our reverse proxy and git because we'll need to checkout sources. We'll also install the Java JDK and configure the system to use it by default.
sudo yum install -y git nginx java-1.8.0-openjdk-devel aws-cli
sudo alternatives --config java
If you need apache maven to build Java sources you can install it as follows:
sudo wget http://repos.fedorapeople.org/repos/dchen/apache-maven/epel-apache-maven.repo -O /etc/yum.repos.d/epel-apache-maven.repo
sudo sed -i s/\$releasever/6/g /etc/yum.repos.d/epel-apache-maven.repo
sudo yum install -y apache-maven
mvn –v
We'll need to add the Jenkins repository to available packages:
sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
sudo rpm --import http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
sudo yum install jenkins
Let's start Jenkins up and make sure it starts every time we reboot:
sudo service jenkins start
sudo chkconfig --add jenkins
OK. Jenkins is actually up and running at this point. We can verify this by accessing localhost on port 8080 with curl.
curl http://localhost:8080
We'll proxy jenkins via nginx and handle SSL termination there as well. Here's a sample nginx.conf:
error_log /var/log/nginx/error.log; pid /var/run/nginx.pid;
events { worker_connections 1024; }
http { include /etc/nginx/mime.types; default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on; tcp_nopush on; tcp_nodelay on;
#keepalive_timeout 0; keepalive_timeout 65; types_hash_max_size 2048;
gzip on;
server { listen 443; server_name jenkins.ajmoss.com;
ssl on;
ssl_certificate /opt/ssl/ssl.crt;
ssl_certificate_key /opt/ssl/ssl.key;
ssl_protocols TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#this is the jenkins web root directory (mentioned in the /etc/default/jenkins file)
root /var/run/jenkins/war/;
access_log /var/log/nginx/jenkins.access.log;
error_log /var/log/nginx/jenkins.error.log;
location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
}
location /userContent {
root /var/lib/jenkins/;
if (!-f $request_filename) {
rewrite (.*) /$1 last;
break;
}
sendfile on;
}
location @jenkins {
sendfile off;
proxy_pass http://127.0.0.1:8080;
proxy_redirect http:// https://;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_max_temp_file_size 0;
#this is the maximum upload size
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location / {
# Optional configuration to detect and redirect iPhones
if ($http_user_agent ~* '(iPhone|iPod)') {
rewrite ^/$ /view/iphone/ redirect;
}
try_files $uri @jenkins;
}
} }
Configure nginx and then restart the service:
service nginx restart
OK! Jenkins is up and running now and you can now access it in a browser. The first thing to do is to configure security. See https://wiki.jenkins-ci.org/display/JENKINS/Securing+Jenkins for security options and best practices.
Next you may want to install some Jenkins plugins.
Go to Manage Jenkins > Configure System and configure the JDK as well as Git:
We'll want to create an ssh key pair for Jenkins for accessing git resources:
sudo -u jenkins ssh-keygen -t rsa
cat /var/lib/jenkins/.ssh/id_rsa.pub
See also:
comments powered by Disqus