6 January, 2017
Jenkins, SSL, and cPanel
Straight to the point. The basic idea is to hide Jenkins behind an Apache reverse proxy. I’m using cPanel on CentOS – and cPanel doesn’t like fiddling with httpd.conf. You’ll find lines like this in it:
# To customize this VirtualHost use an include file at the following location # Include "/usr/local/apache/conf/userdata/std/2_4/user/domain.com/*.conf"
I created two config files – I want to set up proxy and redirect non-HTTPS requests to HTTPS:
"/usr/local/apache/conf/userdata/ssl/2_4/user/domain.com/ssl.conf":
ProxyRequests Off ProxyPreserveHost On AllowEncodedSlashes NoDecode <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / http://localhost:8080/ nocanon ProxyPassReverse / http://localhost:8080/ RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443"
"/usr/local/apache/conf/userdata/std/2_4/user/domain.com/redirect.conf"
RewriteCond %{REQUEST_URI} !^/.well-known RewriteRule (.*) https://jenkins.domain.com/$1 [R=301,L]
After that, run commands to refresh the configs and restart Apache:
$ /usr/local/cpanel/bin/apache_conf_distiller --update $ /usr/local/cpanel/bin/build_apache_conf $ service httpd restart
And we’re done!
UPDATE – iptables rule to block port 8080 traffic outside of localhost:
iptables -A INPUT -p tcp --dport 8080 -s localhost -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j DROP