Install Jenkins on AWS Amazon Linux

Preface to installing Jenkins

This is important! I highly recommend that you require SSL to access your Jenkins instance and that you use an AWS security group with IP restrictions. We tend to give Jenkins a lot of power to manage our AWS resources and as such it's an intruder's dream. Treat it as such and apply multiple levels of security for your build server.

Installing Jenkins

I usually use a T2 Medium for my Jenkins instance on AWS. With ~4GB ram and 2 cores it's a minimally viable server type with a great price point. This is an easy reserved instance purchase for most businesses -- at rates as of 01/11/2016 we'd pay $26.28/month with no upfront commitment on a reserved instance. You can check AWS EC2 instance rates to see what the current price would be or to find other instance sizes.

Since we're building a new server we may as well get updates first:

sudo yum -y update

Next we'll install nginx to act as our reverse proxy and git because we'll need to checkout sources. We'll also install the Java JDK and configure the system to use it by default.

sudo yum install -y git nginx java-1.8.0-openjdk-devel aws-cli
sudo alternatives --config java

If you need apache maven to build Java sources you can install it as follows:

sudo wget -O /etc/yum.repos.d/epel-apache-maven.repo
sudo sed -i s/\$releasever/6/g /etc/yum.repos.d/epel-apache-maven.repo
sudo yum install -y apache-maven
mvn –v

We'll need to add the Jenkins repository to available packages:

sudo wget -O /etc/yum.repos.d/jenkins.repo
sudo rpm --import
sudo yum install jenkins

Let's start Jenkins up and make sure it starts every time we reboot:

sudo service jenkins start
sudo chkconfig --add jenkins

OK. Jenkins is actually up and running at this point. We can verify this by accessing localhost on port 8080 with curl.

curl http://localhost:8080

We'll proxy jenkins via nginx and handle SSL termination there as well. Here's a sample nginx.conf:

user  nginx;
worker_processes  auto;

error_log /var/log/nginx/error.log; pid /var/run/;

events { worker_connections 1024; }

http { include /etc/nginx/mime.types; default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on; tcp_nopush on; tcp_nodelay on;

#keepalive_timeout 0; keepalive_timeout 65; types_hash_max_size 2048;

gzip on;

server { listen 443; server_name;

ssl                  on;
ssl_certificate      /opt/ssl/ssl.crt;
ssl_certificate_key  /opt/ssl/ssl.key;

ssl_protocols  TLSv1;
ssl_ciphers  HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers   on;

#this is the jenkins web root directory (mentioned in the /etc/default/jenkins file)
root            /var/run/jenkins/war/;

access_log      /var/log/nginx/jenkins.access.log;
error_log       /var/log/nginx/jenkins.error.log;

location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
  rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;

location /userContent {
  root /var/lib/jenkins/;

  if (!-f $request_filename) {
    rewrite (.*) /$1 last;
  sendfile on;

location @jenkins {
  sendfile off;
  proxy_pass    ;
  proxy_redirect          http:// https://;

  proxy_set_header    X-Forwarded-Proto $scheme;
  proxy_set_header    Host              $host;
  proxy_set_header    X-Real-IP         $remote_addr;
  proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
  proxy_max_temp_file_size 0;

  #this is the maximum upload size
  client_max_body_size       10m;
  client_body_buffer_size    128k;

  proxy_connect_timeout      90;
  proxy_send_timeout         90;
  proxy_read_timeout         90;

  proxy_buffer_size          4k;
  proxy_buffers              4 32k;
  proxy_busy_buffers_size    64k;
  proxy_temp_file_write_size 64k;

location / {

  # Optional configuration to detect and redirect iPhones
  if ($http_user_agent ~* '(iPhone|iPod)') {
    rewrite ^/$ /view/iphone/ redirect;

  try_files $uri @jenkins;

} }

Configure nginx and then restart the service:

service nginx restart

OK! Jenkins is up and running now and you can now access it in a browser. The first thing to do is to configure security. See for security options and best practices.

Next you may want to install some Jenkins plugins.

Go to Manage Jenkins > Configure System and configure the JDK as well as Git:

Configuring Jenkins JDK and Git

We'll want to create an ssh key pair for Jenkins for accessing git resources:

sudo -u jenkins ssh-keygen -t rsa
cat /var/lib/jenkins/.ssh/

See also:

comments powered by Disqus