JZTXT

Jenkins 系列1 --- 安装与配置

发布时间 2023-06-30 23:04:55作者: 白马黑衣

一、概要

1. 环境

(1) Rocky Linux 9.1

2. 硬件要求

(1) 底线要求

内存:256 MB

硬盘:1 GB

(2) 推荐要求

内存:4 GB

硬盘:50 GB

二、安装

1. 依赖

(1) OpenJDK

sudo dnf install java-11-openjdk -y

(2) 仓库

sudo wget -O /etc/yum.repos.d/jenkins.repo  https://pkg.jenkins.io/redhat-stable/jenkins.repo
sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io-2023.key
sudo yum upgrade -y

2. 安装

sudo dnf install jenkins -y

3. 安装后

(1) 服务

sudo systemctl daemon-reload
sudo systemctl enable jenkins
sudo systemctl start jenkins
systemctl status jenkins

(2) 防火墙

如果需要立即通过端口号访问Jenkins,则可以通过以下配置实现:

sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload

4. HTTPS

(1) 生成证书和密钥

https://www.cnblogs.com/eagle6688/p/16974768.html

(2) 创建日志目录

sudo mkdir -p /var/log/nginx/jenkins

(3) Nginx配置

a. 创建配置文件

sudo vi /etc/nginx/conf.d/jenkins.conf

b. 初始化

upstream jenkins {
    keepalive 32; # keepalive connections
    server 127.0.0.1:8080; # jenkins ip and port
}

# Required for Jenkins websocket agents
map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
    listen 80; # Listen on port 80 for IPv4 requests
    server_name jenkins.example.com;
    rewrite ^(.*)$ https://${server_name}$1 permanent;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name jenkins.example.com;

    root /var/run/jenkins/war/;
    access_log /var/log/nginx/jenkins.access.log;
    error_log /var/log/nginx/jenkins.error.log;

    ssl_certificate /etc/ssl/certs/jenkins.example.com.crt.pem;
    ssl_certificate_key /etc/ssl/private/jenkins.example.com.key.pem;
    ssl_session_timeout 1d;
    ssl_session_tickets on;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5';
    ssl_prefer_server_ciphers on;

    # pass through headers from Jenkins that Nginx considers invalid
    ignore_invalid_headers off;

    location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
        rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
    }

    location /userContent {
        root /var/lib/jenkins/;

        if (!-f $request_filename) {
            rewrite (.*) /$1 last;
            break;
        }

        sendfile on;
    }

    location / {
        sendfile off;
        proxy_pass http://jenkins;
        proxy_redirect default;
        proxy_http_version 1.1;

        # Required for Jenkins websocket agents
        proxy_set_header   Connection        $connection_upgrade;
        proxy_set_header   Upgrade           $http_upgrade;

        proxy_set_header   Host              $host;
        proxy_set_header   X-Real-IP         $remote_addr;
        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_max_temp_file_size 0;

        #this is the maximum upload size
        client_max_body_size       10m;
        client_body_buffer_size    128k;

        proxy_connect_timeout      90;
        proxy_send_timeout         90;
        proxy_read_timeout         90;
        proxy_buffering            off;
        proxy_request_buffering    off; # Required for HTTP CLI commands
        proxy_set_header Connection ""; # Clear for keepalive
    }
}

Placeholder

四、参考

1. 官方

https://www.jenkins.io/doc/book/installing/linux/

https://www.jenkins.io/doc/book/installing/war-file/

https://www.jenkins.io/doc/book/managing/system-properties/

https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-nginx/