Jenkins is an open-source and leading continuous integration tool written in Java. It is an automation tool that helps you to builds and tests your software continuously and monitor the execution and status of remote jobs. It makes it easier for team members to regularly obtain the latest code. Jenkins is just a framework, it achieves continuous integration with the help of plugins. It supports over 1000+ plugins.
Features
- Free and Open-source.
- Increase the reliability of the CI/CD process.
- Supports 1000+ plugins to extend its functionality.
- Integration with other CI/CD tools.
- Simple, easy to install and use.
- Allows to build, test, and deploy applications across multiple servers.
In this guide, we will explain how to install Jenkins with Nginx as a reverse proxy and Let’s Encrypt SSL support on CentOS 8.
Install Java
Jenkins is written in Java So Java must be installed on your server. If not installed, you can install it using the following command:
dnf install java-11-openjdk -y
After installing Java, you can verify the Java installation with the following command:
java --version
You should see the following output:
openjdk 11.0.12 2021-07-20 LTS
OpenJDK Runtime Environment 18.9 (build 11.0.12+7-LTS)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.12+7-LTS, mixed mode, sharing)
Add Jenkins Repo
By default, the Jenkins package is not included in the CentOS 8 default repository. So you will need to add the Jenkins repo to your system. You can add it using the following command:
wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
Next, import the Jenkins key with the following command:
rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
Next, verify the Jenkins repo using the following command:
dnf repolist
You should see the Jenkins repo in the following output:
repo id repo name
AppStream CentOS-8 - AppStream
BaseOS CentOS-8 - Base
extras CentOS-8 - Extras
jenkins Jenkins-stable
Install Jenkins
You can now install the Jenkins using the following command:
dnf install jenkins --nobest
Once the Jenkins is installed, start the Jenkins service and enable it to start at system reboot:
systemctl start jenkins
systemctl enable jenkins
You can check the status of the Jenkins with the following command:
systemctl status jenkins
You should see the following output:
● jenkins.service - LSB: Jenkins Automation Server
Loaded: loaded (/etc/rc.d/init.d/jenkins; generated)
Active: active (running) since Thu 2021-09-23 11:48:37 EDT; 4s ago
Docs: man:systemd-sysv-generator(8)
Process: 1494 ExecStart=/etc/rc.d/init.d/jenkins start (code=exited, status=0/SUCCESS)
Tasks: 13 (limit: 12524)
Memory: 138.7M
CGroup: /system.slice/jenkins.service
└─1517 /etc/alternatives/java -Dcom.sun.akuma.Daemon=daemonized -Djava.awt.headless=true -DJENKINS_HOME=/var/lib/jenkins -jar /usr/l>
Sep 23 11:48:35 jenkins systemd[1]: Starting LSB: Jenkins Automation Server...
Sep 23 11:48:35 jenkins runuser[1501]: pam_unix(runuser:session): session opened for user jenkins by (uid=0)
Sep 23 11:48:37 jenkins runuser[1501]: pam_unix(runuser:session): session closed for user jenkins
Sep 23 11:48:37 jenkins jenkins[1494]: Starting Jenkins [ OK ]
Sep 23 11:48:37 jenkins systemd[1]: Started LSB: Jenkins Automation Server.
At this point, Jenkins is started and listening on port 8080. You can verify it using the following command:
ss -antpl | grep 8080
Sample output:
LISTEN 0 50 *:8080 *:* users:(("java",pid=1517,fd=135))
Configure Nginx as a Reverse Proxy for Jenkins
It is recommended to install and configure Nginx as a reverse proxy for Jenkins. So you can access the Jenkins through ports 80 and 443.
First, install the Nginx package with the following command:
dnf install nginx -y
Once the Nginx package is installed, create an Nginx virtual host configuration file for Jenkins with the following command:
nano /etc/nginx/conf.d/jenkins.conf
Add the following lines:
upstream jenkins_backend {
server 127.0.0.1:8080 fail_timeout=0;
}
server {
listen 80;
server_name jenkins.yourdomain.com;
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://jenkins_backend;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off; # Required for HTTP-based CLI to work over SSL
}
}
Save and close the file then verify the Nginx for any syntax error with the following command:
nginx -t
You should get the following output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Finally, start the Nginx service and enable it to start at system reboot:
systemctl start nginx
systemctl enable nginx
Secure Jenkins with Let's Encrypt SSL
It is also recommended to secure your Jenkins website with Let’s Encrypt free SSL. To do so, you will need to install the Certbot client to manage the SSL certificates. You can install it using the following command:
dnf install epel-release -y
dnf install letsencrypt python3-certbot-nginx -y
Once the Certbot client has been installed, run the following command to install the Let’s Encrypt SSL for your Jenkins website:
certbot --nginx -d jenkins.yourdomain.com
You will be asked to accept the term of service and provide your valid email address to install the Let’s Encrypt SSL:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): hitjethva@gmail.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Requesting a certificate for jenkins.yourdomain.com
Performing the following challenges:
http-01 challenge for jenkins.yourdomain.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/jenkins.conf
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/jenkins.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://jenkins.yourdomain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Subscribe to the EFF mailing list (email: hitjethva@gmail.com).
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/jenkins.yourdomain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/jenkins.yourdomain.com/privkey.pem
Your certificate will expire on 2021-06-09. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again with the "certonly" option. To non-interactively
renew *all* of your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Configure Firewall
If a firewalld firewall is installed on your server. You will need to allow ports 80 and 443 through the firewalld. You can allow them using the following command:
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp
Next, reload the firewalld service to apply the changes:
firewall-cmd --reload
Access Jenkins Web Installation Wizard
At this point, Jenkins is installed and configured. Now, open your web browser and access the Jenkins setup wizard using the URL https://jenkins.yourdomain.com. You should see the Jenkins initial setup password page:
Open your terminal and run the following command to retrieve the Jenkins setup password:
cat /var/lib/jenkins/secrets/initialAdminPassword
You should see the Jenkins password in the following output:
22c4dc0232454aef9a06cdd5c432b596
Now, paste the password from the above output and click on the Continue button. You should see the Plugins installation page:
Select Install suggested plugins or Select plugins to install. Once all the plugins are installed, you will be redirected to the Admin user creation page:
Provide your Jenkins admin user, password, email and click on the Save and Continue button. Once the installation has been finished, you should see the following screen:
Click on the Save and Finish button. You should see the following screen:
Now, click on the Start using Jenkins to open the Jenkins dashboard as shown below:
Conclusion
In the above guide, you learned how to install the Jenkins on CentOS 8. You also learned how to configure Nginx as a reverse proxy for Jenkins and enable Let’s Encrypt SSL support on Jenkins website. I hope this will helps you to install Jenkins to your server.
