In this post I will share several security tips for Jenkins and Nexus applications and how to put them both behind same nginx as reverse proxy.
You have a limited budget of
60 us$/month and you need Jenkins and Nexus as part of your continuous integration CI environment.
As Jenkins can do a lot of “things” with your server, that means that hacker can do a lot of nasty things using your CI environment. Here is minimal security configuration that COULD help you to make hacker job not so easy.
You know what is Jenkins, Nginx and Nexus
You need to have:
- Simple http authentication with strong passowrd
- nginx as reverse proxy that will terminate https
- real https certificate
Nexus and jenkins behind same nginx
Google offered nginx reverse proxy solutions for Jenkins and Nexus separated. So I needed to do add value and give back to the community this blog post.
Here is gist:
In this configuration, Jenkins will be available at
/jenkins route, and nexus on
So you need to set up Jenkins to use /jenkins route by default. In `/etc/default/jenkins` at last line add
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1 --prefix=/jenkins"
I could not find that option for nexus 3.0, so nexus was delivered at `/`