堆栈内存溢出
  简体   繁体   English

如何在 ubuntu 18.04 服务器的 apache2 下使用 SSL 保护 Jenkins 端口 8080?

[英]How can I secure Jenkins port 8080 with SSL under apache2 in ubuntu 18.04 Server?

 原文  2018-05-09 00:39:56       apache/ ubuntu/ jenkins/ https

问题描述

I have been able to successfully install and configure Apache2 server to served on HTTPS.我已经能够成功安装和配置 Apache2 服务器以在 HTTPS 上提供服务。 I have been having issues getting Jenkins to use the same SSL certificates and run on Secured port 443. This is my configurations and please, any help will be appreciated.我一直在让 Jenkins 使用相同的 SSL 证书并在安全端口 443 上运行时遇到问题。这是我的配置,请提供任何帮助,我们将不胜感激。 Thank you.谢谢你。

I have the server currently serving a static WordPress site which launches successfully on https port 80 or 443. I also have Jenkins serving successfully on the route of the server but with port 8080.我的服务器目前为静态 WordPress 站点提供服务,该站点在 https 端口 80 或 443 上成功启动。我也让 Jenkins 在服务器的路由上成功提供服务,但端口为 8080。

Is there any way I can get Jenkins to serve right under the Apache2 server like jenkins.server.com/jenkins instead of jenkins.server.com:8080?有什么方法可以让 Jenkins 直接在 Apache2 服务器下提供服务,例如 jenkins.server.com/jenkins 而不是 jenkins.server.com:8080?

    <VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerName jenkins.server.com
        ServerAlias www.jenkins.server.com
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        <Directory /var/www/html>
            Options +FollowSymlinks
            AllowOverride All
            Require all granted
        </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =jenkins.server.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>

        SSLEngine on
        SSLProxyEngine on

        # SSL certificate and keys. Edit paths to whereever your SSL files are located
        SSLCertificateFile /etc/letsencrypt/live/jenkins.server.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/jenkins.server.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf

        ProxyRequests Off
        ProxyPreserveHost On
        RewriteEngine On
        RequestHeader set X-Forwarded-Proto "https"
        AllowEncodedSlashes NoDecode

        ProxyPass / http://jenkins.server.com:8080 nocanon
        ProxyPreserveHost On
        RewriteEngine On
        RequestHeader set X-Forwarded-Proto "https"
        AllowEncodedSlashes NoDecode

        ProxyPass / http://jenkins.server.com:8080 nocanon
        ProxyPassReverse / http://jenkins.server.com:8080

        <Proxy http://jenkins.server.com:8080/*>
                Order deny,allow
                Allow from all
        </Proxy>

</VirtualHost>

1 个解决方案

解决方案1
 0 已采纳  2018-05-09 20:14:41

I was able to fix this problem by modifying the generated file by Apache2 with the name 000-default-le-ssl.conf under /etc/apache2/sites-available/000-default-le-ssl.conf This file was generated automatically and I modified the proxy settings.我能够通过修改Apache2在/etc/apache2/sites-available/000-default-le-ssl.conf下生成的名为000-default-le-ssl.conf的文件来解决这个问题这个文件是自动生成的我修改了代理设置。

I also had to maintain "localhost" instead of jenkins.server.com even though localhost will not launch Jenkins in the browser.即使 localhost 不会在浏览器中启动 Jenkins,我也必须维护“localhost”而不是 jenkins.server.com。

This is my updated and working file...这是我的更新和工作文件...

<IfModule mod_ssl.c>
<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerName jenkins.server.com
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

        ProxyPass         /jenkins  http://localhost:8080/jenkins nocanon
        ProxyPassReverse  /jenkins  http://localhost:8080/jenkins
        ProxyRequests     Off
        AllowEncodedSlashes NoDecode
        RequestHeader set X-Forwarded-Proto "https"
        RequestHeader set X-Forwarded-Port "443"

        # Local reverse proxy authorization override
        # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu)
        <Proxy http://localhost:8080/jenkins*>
          Order deny,allow
          Allow from all
        </Proxy>

SSLCertificateFile /etc/letsencrypt/live/jenkins.server.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/jenkins.server.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何让 Django 在 Ubuntu 18.04 上使用 Apache2 服务 React? - How can I have Django serve React using Apache2 on Ubuntu 18.04? 如何在 ubuntu 18.04 中修复 apache2 安装 - how to fix apache2 installation in ubuntu 18.04 如何删除安装在Ubuntu apache2服务器上的letsencrypt SSL - How to remove letsencrypt ssl installed on Ubuntu apache2 server 如何获得状态代码 307 而不是 200? 我在 ubuntu 18.04 中使用 apache2 - How do I get the status code 307 instead of 200? I am using apache2 in ubuntu 18.04 为什么我不能让 Apache2 mod_dumpio 在 Lucid Lynx Ubuntu 下工作? - Why can't I get Apache2 mod_dumpio working under Lucid Lynx Ubuntu? 在端口8080保护Apache服务器 - Securing Apache Server at port 8080 服务器监听localhost:8080,Apache仍然可以监听端口80吗? - Server listening to localhost:8080 can Apache still listen to port 80? 我如何让Apache2 httpd使用ubuntu的CA证书进行Apache的出站SSL连接? - How do I have Apache2 httpd use the ubuntu's CA cert for outbound SSL connections from Apache? 如何杀死运行在本地主机端口8080上的Apache / PHP服务器? - How to kill Apache / PHP server running on local host port 8080? 在Ubuntu 14.04 / Apache2上为Vhost启用SSL - Enabling SSL for Vhost on Ubuntu 14.04 / Apache2
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM