一、概要
1. 环境
(1) Rocky Linux 9.1
2. 硬件要求
(1) 底线要求
内存:256 MB
硬盘:1 GB
(2) 推荐要求
内存:4 GB
硬盘:50 GB
二、安装
1. 依赖
(1) OpenJDK
sudo dnf install java-11-openjdk -y
(2) 仓库
sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io-2023.key sudo yum upgrade -y
2. 安装
sudo dnf install jenkins -y
3. 安装后
(1) 服务
sudo systemctl daemon-reload sudo systemctl enable jenkins sudo systemctl start jenkins systemctl status jenkins
(2) 防火墙
如果需要立即通过端口号访问Jenkins,则可以通过以下配置实现:
sudo firewall-cmd --permanent --add-port=8080/tcp sudo firewall-cmd --reload
4. HTTPS
(1) 生成证书和密钥
https://www.cnblogs.com/eagle6688/p/16974768.html
(2) 创建日志目录
sudo mkdir -p /var/log/nginx/jenkins
(3) Nginx配置
a. 创建配置文件
sudo vi /etc/nginx/conf.d/jenkins.conf
b. 初始化
upstream jenkins {
keepalive 32; # keepalive connections
server 127.0.0.1:8080; # jenkins ip and port
}
# Required for Jenkins websocket agents
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80; # Listen on port 80 for IPv4 requests
server_name jenkins.example.com;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name jenkins.example.com;
root /var/run/jenkins/war/;
access_log /var/log/nginx/jenkins.access.log;
error_log /var/log/nginx/jenkins.error.log;
ssl_certificate /etc/ssl/certs/jenkins.example.com.crt.pem;
ssl_certificate_key /etc/ssl/private/jenkins.example.com.key.pem;
ssl_session_timeout 1d;
ssl_session_tickets on;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5';
ssl_prefer_server_ciphers on;
# pass through headers from Jenkins that Nginx considers invalid
ignore_invalid_headers off;
location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
}
location /userContent {
root /var/lib/jenkins/;
if (!-f $request_filename) {
rewrite (.*) /$1 last;
break;
}
sendfile on;
}
location / {
sendfile off;
proxy_pass http://jenkins;
proxy_redirect default;
proxy_http_version 1.1;
# Required for Jenkins websocket agents
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;
#this is the maximum upload size
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffering off;
proxy_request_buffering off; # Required for HTTP CLI commands
proxy_set_header Connection ""; # Clear for keepalive
}
}
Placeholder
四、参考
1. 官方
https://www.jenkins.io/doc/book/installing/linux/
https://www.jenkins.io/doc/book/installing/war-file/
https://www.jenkins.io/doc/book/managing/system-properties/
https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-nginx/
标签:sudo,---,ssl,EECDH,proxy,https,jenkins,Jenkins,安装 From: https://www.cnblogs.com/eagle6688/p/17502872.html