Protect Jenkins with nginx http auth except callback url

后端 未结 1 1334
囚心锁ツ
囚心锁ツ 2021-02-15 18:34

I installed jenkins on my server and I want to protected it with nginx http auth so that requests to:

http://my_domain.com:8080
http://ci.my_domain.com
         


        
1条回答
  •  醉梦人生
    2021-02-15 19:12

    Finally I figured out how to solve this problem. At first we need to uncheck "Enable security" option at Manage Jenkins page. With security disabled we can trigger our jobs with requests like http://ci.your_domain.com/job/job_name/build.

    If you want to add token to trigger URL we need to Enable Security, choose "Project-based Matrix Authorization Strategy" and give Admin rights to Anonymous user. After it in Configure page of your project will be "Trigger builds remotely" option where you can specify token so your request will look like JENKINS_URL/job/onru/build?token=TOKEN_NAME

    So with disabled security we need to protect http://ci.your_domain.com with nginx http_auth except urls like /job/job_name/build'.

    And of course we need to hide 8080 port from external requests. Since my server is on Ubuntu I can use iptables firewall:

    iptables -A INPUT -p tcp --dport 8080 -s localhost -j ACCEPT
    iptables -A INPUT -p tcp --dport 8080 -j DROP
    

    But! On ubuntu (I am not sure about other linux oses) iptables will disappear after reboot. So we need to save them with:

    iptables-save
    

    And it is not the end. With this command we just get a file with iptables. On startup we need to load iptables and the easiest way is to use 'uptables-persistent' package:

    sudo apt-get install iptables-persistent
    iptables-save > /etc/iptables/rules
    

    Take a closer look at iptables if needed https://help.ubuntu.com/community/IptablesHowTo#Saving_iptables and good luck with Jenkins!

    And there is good example for running jenkins on subdomain of your server: https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx

    0 讨论(0)
提交回复
热议问题