How to Configure Jenkins on Azure

It’s quite easy to install Jenkins on Azure like I wrote about it in my previous blog, but it doesn’t work right out of the box. First thing first, let’s ssh into the VM of the Jenkins instance.

$ ssh yourusername@jenkinsname.whicheverarea.cloudapp.azure.com

The command above with the right name should get you right into the SSH session. You can see that it’s a Ubuntu VM. Let’s do apt-get upgrade first.

$ sudo apt-get update
$ sudo apt-get upgrade -y

Before we go on to the next step, here is the big picture.

When HTTP traffic comes to Azure, it sends the traffic to the target VM. NGINX gets the request and then forwards it to port 8080 on the same machine.

Let’s enable firewall of the VM instance where the Jenkins is hosted and open port 8080 as Jenkins listens to it by default.

$ sudo ufw enable
$ sudo ufw allow 22
$ sudo ufw allow 8080
$ sudo ufw allow 80
$ sudo ufw status

When you try to hit http://jenkinsservername.whicheverarea.cloudapp.azure.com, you will get something like the following.

Actually, NGINX is used as a reverse proxy. When you try hit the port 80, it routes the HTTP traffic to the local port 8080. Let’s check /etc/nginx/sites-available/default The following block shows the content of the configuration file. The highlighted line redirects the HTTP traffic to the error page that was set up by Microsoft.

server {
    listen 80;
    server_name jks.westus.cloudapp.azure.com;
    error_page 403 /jenkins-on-azure;
    location / {
        proxy_set_header        Host $host:$server_port;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;


        # Fix the “It appears that your reverse proxy set up is broken" error.
        proxy_pass          http://localhost:8080;
        proxy_redirect      http://localhost:8080 http://jks.westus.cloudapp.azure.com;
        proxy_read_timeout  90;
    }
    location /cli {
        rewrite ^ /jenkins-on-azure permanent;
    }

    location ~ /login* {
        rewrite ^ /jenkins-on-azure permanent;
    }
    location /jenkins-on-azure {
      alias /usr/share/nginx/azure;
    }
}

Let’s make some changes to this file and get it to the point where we can access Jenkins. Again, we are configuring NGINX to route the HTTP traffic to Jenkins that is listening to port 8080. In other words, configuring NGINX to serve us as a reverse proxy. We will configure NGINX to route HTTP port 80 traffic to localhost port 8080 where Jenkins is listening to requests.

Edit /etc/nginx/sites-available/default with vi.

$ sudo vi /etc/nginx/sites-available/default

The configuration below is basically what was in the original default configuration file without the highlighted lines above.

server {
    listen 80;
    server_name jks.westus.cloudapp.azure.com;
    location / {
        proxy_set_header        Host $host:$server_port;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;


        # Fix the “It appears that your reverse proxy set up is broken" error.
        proxy_pass          http://localhost:8080;
        proxy_redirect      http://localhost:8080 http://jks.westus.cloudapp.azure.com;
        proxy_read_timeout  90;
    }
}

Next restart NGINX daemon.

$ sudo systemctl restart nginx

When you try to hit the URL like
http://jenkinsservername.whicheverarea.cloudapp.azure.com with your browser, you will see a page like the following.

Back to the ssh terminal Window, get the content of /var/lib/jenkins/secrets/initialAdminPassword by typing the following command.

$ sudo cat /var/lib/jenkins/secrets/initialAdminPassword

Copy the printed password and paste it to “Administrator password” on the Unlock Jenkins page. The next screen will ask you to install some plugins, so just choose your options and follow the screen.

Once the plugin installation is complete, you will be asked to enter admin information. It will be used to administer the instance of Jenkins, so don’t forget the username and its password.

When all is done, you will start to be able use and administer the instance of Jenkins.

But wait, do you really want users, Jenkins slaves and external processes to communicate with the Jenkins master via plain HTTP connection? I think not if you are mindful about security. HTTP basically sends pretty much all data in raw format. It means that if you send password, it’s sent in clear text. That’s not good.

In the next blog, I will write about how to configure Jenkins on Azure with SSL (HTTPS) connection enabled.

Author: admin

A software engineer in greater Seattle area

Leave a Reply

Your email address will not be published. Required fields are marked *