Docker configure docker-compose and nginx to have jenkins behind nginx
Question
I am new in docker and nginx, I managed to get nginx with HTTPS running in a container and I would like to add jenkins behind nginx. I don't want to open new ports on my server, I want all traffic to pass through my nginx.
How do I write my docker-compose.yaml and my app.conf (nginx's config file) to get it working all together? Here are my config files, I've replaced my domain name by a dummy one example.com , and I would like jenkins to be availabe at jenkins.example.com .
docker-compose.yml
nginx:
image: nginx:1.17-alpine
container_name: nginx-docker
ports:
- "80:80"
- "443:443"
volumes:
- ./data/nginx:/etc/nginx/conf.d
- ./data/html:/etc/nginx/html
jenkins:
image: "jenkins/jenkins:lts"
container_name: jenkins-docker
volumes:
- ./data/jenkins:/var/jenkins_home
expose:
- "8080"
ports:
- "50000:50000"
app.conf
server {
listen 80;
server_name example.com;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
root html;
index index.html;
}
}
2 answers
solution1
2 ACCPTED 2019-08-23 08:08:03
For a working configuration of nginx to work as a reverse proxy for Jenkins, you should have a look at the Official Jenkins Wiki . There you can find many examples for different use cases (with/without SSL, AWS, …)
Something you have to change here, given that nginx also runs in a Docker container (in the same network), is that you don't redirect to localhost:8080 , but jenkins:8080 (the Docker service's name under which containers in the same network can communicate).
Other than that, your docker-compose.yml looks fine. Only thing here is that you map port 50000 to the host's port 50000. If you don't want to open any new ports on the machine, and you want all traffic to go through nginx, I don't really see a point in doing that. Exposing it (like you did with port 8080) would be enough, then you can add a line to nginx to direct requests of a specific subdomain there, for example.
solution2
0 2019-08-23 12:41:34
Here is the final version of my config files :
docker-compose
nginx:
image: nginx:1.17-alpine
container_name: nginx-docker
ports:
- "80:80"
- "443:443"
volumes:
- ./data/nginx:/etc/nginx/conf.d
- ./data/html:/etc/nginx/html
jenkins:
image: "jenkins/jenkins:lts"
container_name: jenkins-docker
volumes:
- ./data/jenkins:/var/jenkins_home
expose:
- "8080"
app.conf
server {
listen 80;
server_name example.com *.example.com;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
root html;
index index.html;
}
}
upstream jenkins {
server jenkins:8080 fail_timeout=0;
}
server {
listen 443 ssl;
server_name jenkins.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// https://;
proxy_pass http://jenkins;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off; # Required for HTTP-based CLI to work over SSL
# workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
add_header 'X-SSH-Endpoint' 'jenkins.domain.tld:50022' always;
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.