Running Jenkins on Azure with SSL

First of all, you should already have installed Jenkins on Azure. If you haven’t please view this blog post before you move on.

Here is the big picture of what we want to accomplish.

  • Client tries to access the Jenkins instance like https://yourjenkins.whicheverregion.cloudapp.azure.com
  • Azure firewall passes the HTTPS traffic to 443 to the NGINX layer running on the VM.
  • NGINX accepts the request and routes the traffic to the Jenkins instance that is listening to the port 8080 (HTTP).

Here are the steps.

Create SSL Certificate

We will use Free SSL to generate SSL certificate.

  1. Open a browser and navigate to https://www.sslforfree.com/
  2. Enter the URL that you want to protect with SSL and click “Create Free SSL Certificate” button.
  3. On the next screen, select “Manual Verification”.
  4. According to the instruction in the next screen, download the verification file to your machine. The file looks like _R2LvVULg7e32u997rpRPcbgKODAjRNIRMuJnXoMuiY
    This file will have to be uploaded to the Jenkins server for validation.
  5. ssh into the VM on which Jenkins is hosted on Azure.
  6. Open default configuration file for NGINX.
    $ sudo vi /etc/nginx/sites-available/default
  7. Add the following setting in the file at the top of the file. Save it and close it. (use any text editor you like such as vi, nano or whatever)
    server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name yourjenkinsname.region.cloudapp.azure.com;
    root /var/www/html;
    }
  8. Restart NGINX.
    $ sudo systemctl restart nginx
  9. Create the directory where the downloaded file will be uploaded to.
    $ sudo mkdir -p /var/www/html/.well-known/acme-challenge
  10. Back to your desktop, upload the file downloaded in the step 4. Use a tool like FileZilla.
  11. Copy the uploaded file to acme-challenge directory.
    $ sudo cp ~/_R2LvVULg7e32u997rpRPcbgKODAjRNIRMuJnXoMuiY /var/www/html/.well-known/acme-challenge
  12. Once the file is uploaded, click the link to download the uploaded file from the Create SSL Certificate page.
  13. Click “Download SSL Certificates” button.

Upload SSL Certificate and Configure NGINX

  1. Extract the downloaded sslforfree.zip.
  2. Upload private.key and certificate.crt to the VM where Jenkins server is hosted using a tool like FileZilla.
  3. Copy private.key and certificate.crt to /etc/nginx/conf.d
    sudo cp private.key /etc/nginx/conf.d
    sudo cp certificate.crt /etc/nginx/conf.d
  4. Enable SSL in /etc/nginx/sites-available/default
    $ sudo vi /etc/nginx/sites-available/default
    The following configuration 1) redirects HTTP port 80 traffic to HTTPS port 443, 2) enables SSL, 3) routes HTTPS 443 traffic to Jenkins service that is listening to port 8080 (reverse proxy).
  5. Restart NGINX daemon.
    sudo systemctl restart nginx

Open port 443

  1. Login to Azure Portal.
  2. Click Resource groups.
  3. Click the resource group that the Jenkins VM belongs to.
  4. Click the item whose type is Network security group. In this example, it’s jenkins.nsg.
  5. Click Inbound security rules and then click Add.
  6. Make sure 443 (HTTPS) traffic can come through to the VM where Jenkins server is hosted. Click Add button to commit the change.
  7. We could optionally delete port 80 but we set HTTP port 80 redirect to port 443 in NGINX configuration, so we will leave 80 open for convenience for uesrs.

Jenkins on Azure with SSL!

If you try to access the URL like https://yourjenkinsname.whicheverregion.cloudapp.azure.com, you can access Jenkins on Azure with SSL. This means that the traffic between your browser (or any client to the Jenkins server) is encrypted and the communication is much safer. You can see the lock icon on the browser indicating that SSL is enabled on the server.

Recap

Installing Jenkins server on Azure is quite easy but configuring takes some knowledge to maneuver the Ubuntu (Linux) VM, but if Jenkins server is used often and it plays an important role in any organization or even privately, configuring Jenkins with SSL is a must thing to do. I hope this blog post will help someone out there.

 

Author: admin

A software engineer in greater Seattle area

2 thoughts on “Running Jenkins on Azure with SSL”

  1. Nice post!  Just a quick reminder to those reading that after following this step and replacing the default file with what’s listed:

    Enable SSL in /etc/nginx/sites-available/default$ sudo vi /etc/nginx/sites-available/defaultThe following configuration 1) redirects HTTP port 80 traffic to HTTPS port 443, 2) enables SSL, 3) routes HTTPS 443 traffic to Jenkins service that is listening to port 8080 (reverse proxy).

     
    They want to run this to restart nginx for the changes to take affect:
    $ sudo systemctl restart nginx

  2. Hi, Josh.

    Yes, you are exactly right. I guess I missed sudo systemctl restart nginx. I will edit the post.

    Thanks for pointing that out! 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *