Protect Jenkins with nginx http auth except callback url

空扰寡人 提交于 2019-12-09 11:19:22

问题


I installed jenkins on my server and I want to protected it with nginx http auth so that requests to:

http://my_domain.com:8080
http://ci.my_domain.com

will be protected except one location:

http://ci.my_domain.com/job/my_job/build

needed to trigger build. I am kinda new to nginx so I stuck with nginx config for that.

upstream jenkins {
  server  127.0.0.1:8080;
}

server {
  listen x.x.x.x:8080;
  server_name *.*;

  location '/' {
    proxy_pass http://jenkins;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    auth_basic "Restricted";
    auth_basic_user_file /path/.htpasswd;    
  }
}

I tried smth like above config but when I visit http://my_domain.com:8080 there is no http auth.


回答1:


Finally I figured out how to solve this problem. At first we need to uncheck "Enable security" option at Manage Jenkins page. With security disabled we can trigger our jobs with requests like http://ci.your_domain.com/job/job_name/build.

If you want to add token to trigger URL we need to Enable Security, choose "Project-based Matrix Authorization Strategy" and give Admin rights to Anonymous user. After it in Configure page of your project will be "Trigger builds remotely" option where you can specify token so your request will look like JENKINS_URL/job/onru/build?token=TOKEN_NAME

So with disabled security we need to protect http://ci.your_domain.com with nginx http_auth except urls like /job/job_name/build'.

And of course we need to hide 8080 port from external requests. Since my server is on Ubuntu I can use iptables firewall:

iptables -A INPUT -p tcp --dport 8080 -s localhost -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j DROP

But! On ubuntu (I am not sure about other linux oses) iptables will disappear after reboot. So we need to save them with:

iptables-save

And it is not the end. With this command we just get a file with iptables. On startup we need to load iptables and the easiest way is to use 'uptables-persistent' package:

sudo apt-get install iptables-persistent
iptables-save > /etc/iptables/rules

Take a closer look at iptables if needed https://help.ubuntu.com/community/IptablesHowTo#Saving_iptables and good luck with Jenkins!

And there is good example for running jenkins on subdomain of your server: https://wiki.jenkins-ci.org/display/JENKINS/Running+Hudson+behind+Nginx



来源:https://stackoverflow.com/questions/11644774/protect-jenkins-with-nginx-http-auth-except-callback-url

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!