0

Jenkins and nexus behind same nginx reverse proxy

Reading Time: 1 minute

TL;DR

In this post I will share several security tips for Jenkins and Nexus applications and how to put them both behind same nginx as reverse proxy.

Context

You have a limited budget of 60 us$/month and you need Jenkins and Nexus as part of your continuous integration CI environment.

Must have

As Jenkins can do a lot of “things” with your server, that means that hacker can do a lot of nasty things using your CI environment. Here is minimal security configuration that COULD help you to make hacker job not so easy.

Precondition knowledge

You know what is Jenkins, Nginx and Nexus

You need to have:

  • Simple http authentication with strong passowrd
  • nginx as reverse proxy that will terminate https
  • real https certificate

Nexus and jenkins behind same nginx

Google offered nginx reverse proxy solutions for Jenkins and Nexus separated. So I needed to do add value and give back to the community this blog post.

Here is gist:

In this configuration, Jenkins will be available at /jenkins route, and nexus on /.

So you need to set up Jenkins to use /jenkins route by default. In `/etc/default/jenkins` at last line add --prefix option:

JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1 --prefix=/jenkins"

I could not find that option for nexus 3.0, so nexus was delivered at `/`

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Karlo Smid

Leave a Reply

Your email address will not be published. Required fields are marked *