How to create a local mirror of public Jenkins update site?

Question

We are running Jenkins on a server that does not have internet access (even through proxy). Installing and keeping the Jenkins installation up-to-date is a pain!

My idea

Answer 1

For generating update site (update-center.json) you can use https://github.com/jenkins-infra/backend-update-center2 project

My steps:

1. Generate self signed certificate

    openssl genrsa -out your-update-center.key 1024
    openssl req -new -x509 -days 1095 -key your-update-center.key -out your-update-center.crt

2. put all plugins into your Nexus 2 maven repository
3. Clone and build backend-update-center2 project
4. generate update-center.json

mvn exec:java -Dexec.args="-id default -h /dev/null 
    -o update-center.json -repository ULR_TO_NEXUS_REPO 
    -remoteIndex .index/nexus-maven-repository-index.gz -repositoryName YOUR_REPO_NAME 
    -directLink -pretty -nowiki -key your-update-center.key 
    -certificate your-update-center.crt 
    -root-certificate your-update-center.crt"

3. publish your update-center.json. Has to be accessible via http/https
4. copy generated your-update-center.crt to the JENKINS_HOME/update-center-rootCAs folder
5. "Jenkins → Plugin manage → Advanced → Update site" define link to the published update-center.json

PS. don't forget to generate and publish Nexus 2 nexus-maven-repository-index.gz index file. Use the "Publish the indexes" task for that.

Some additional information about Updater Center you can find at https://github.com/ikedam/backend-update-center2/wiki/How-to-create-your-own-Jenkins-Update-Center

Answer 2

Where is the issue in downloading the war file manually, stopping the server, replacing the war, and starting the server again? The same is true for Plugins.

if I think about it, there is probably a better way, by having a sandbox Jenkins on a system that has access to the internet. You update the server using the UI and then you can test that updated Jenkins thoroughly. When done, you just need to copy the war and hpi files over to your 'production' Jenkins. now you have even a nice process and QA in place.