如何配置 jenkins http 到 https

Question

I changed mydomain http to https using certbot and backend side either. (Springboot)
But, I hava a problem. I can not open jenkins page.
it was http://mydomain:9090
I guess it is https problem.
so I would like to change jenkins http to https.
it didn't work.
here is my /etc/default/jenkins:

# defaults for Jenkins automation server

# pulled in from the init script; makes things easier.
NAME=jenkins

# arguments to pass to java

# Allow graphs etc. to work even when an X server is present
JAVA_ARGS="-Djava.awt.headless=true"

#JAVA_ARGS="-Xmx256m"

# make jenkins listen on IPv4 address
#JAVA_ARGS="-Djava.net.preferIPv4Stack=true"

PIDFILE=/var/run/$NAME/$NAME.pid

# user and group to be invoked as (default to jenkins)
JENKINS_USER=$NAME
JENKINS_GROUP=$NAME

# location of the jenkins war file
JENKINS_WAR=/usr/share/java/$NAME.war

# jenkins home location
JENKINS_HOME=/var/lib/$NAME

# set this to false if you don't want Jenkins to run by itself
# in this set up, you are expected to provide a servlet container
# to host jenkins.
RUN_STANDALONE=true

# log location.  this may be a syslog facility.priority
JENKINS_LOG=/var/log/$NAME/$NAME.log
#JENKINS_LOG=daemon.info

# Whether to enable web access logging or not.
# Set to "yes" to enable logging to /var/log/$NAME/access_log
JENKINS_ENABLE_ACCESS_LOG="no"

# OS LIMITS SETUP
#   comment this out to observe /etc/security/limits.conf
#   this is on by default because http://github.com/jenkinsci/jenkins/commit/2fb288474e980d0e7ff9c4a3b768874835a3e92e
#   reported that Ubuntu's PAM configuration doesn't include pam_limits.so, and as a result the # of file
#   descriptors are forced to 1024 regardless of /etc/security/limits.conf
MAXOPENFILES=8192

# set the umask to control permission bits of files that Jenkins creates.
#   027 makes files read-only for group and inaccessible for others, which some security sensitive users
#   might consider benefitial, especially if Jenkins runs in a box that's used for multiple purposes.
#   Beware that 027 permission would interfere with sudo scripts that run on the master (JENKINS-25065.)
#
#   Note also that the particularly sensitive part of $JENKINS_HOME (such as credentials) are always
#   written without 'others' access. So the umask values only affect job configuration, build records,
#   that sort of things.
#
#   If commented out, the value from the OS is inherited,  which is normally 022 (as of Ubuntu 12.04,
#   by default umask comes from pam_umask(8) and /etc/login.defs

# UMASK=027

# port for HTTP connector (default 8080; disable with -1)
HTTP_PORT=9090

# servlet context, important if you want to use apache proxying
PREFIX=/$NAME

# arguments to pass to jenkins.
# full list available from java -jar jenkins.war --help
# --javaHome=$JAVA_HOME
# --httpListenAddress=$HTTP_HOST (default 0.0.0.0)
 --httpPort=$HTTP_PORT (default 8080; disable with -1)
# --httpsPort=$HTTP_PORT
# --argumentsRealm.passwd.$ADMIN_USER=[password]
# --argumentsRealm.roles.$ADMIN_USER=admin
# --webroot=~/.jenkins/war
# --prefix=$PREFIX


JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=-1 --httpsPort=9090 --httpsKeyStore=/var/lib/jenkins/jenkins.jks --httpsKeyStorePassword=PASSWORD_SET_ON_CONVERT_TO_JKS"

here is my error page:
errorpage

here is where I refer to(doesn't work):
https://www.vhinandrich.com/jenkins-standalone-ssl-lets-encrypt

actually I didn't user --standalone when I make my ssl certificate.

anyway, what I wanted to do is to enter jenkins site (http or https I don't mind)
please help me.
thanks:)

Answer 1

The error indicates that you are trying to access Jenkins HTTP port via HTTPs. If you want to access via HTTPS you should be calling the SSL port you configured with this flag. --httpsPort=8443 .

https://mydomain:8443

Also if you don't want to disable HTTP access simply remove this flag from JENKINS_ARGS --httpPort=-1

Also, you seem to have conflicting ports in your configurations. Use a different port other than the 9090 for HTTPS if you want to use HTTP port as well. You seem to pass --httpPort twice in your configurations. Hence Jenkins is using port 9090 as the HTTP port.

Either change the following property to have a different port or remove the duplicate --httpPort flag and pass --httpPort=-1 to disable HTTP and use 9090 for HTTPS.

HTTP_PORT=8080