jenkins redirect from 80 to 443 in AWS

2
votes

I just installed Jenkins EC2 instance in AWS. I tried to configure the redirection from http to https (i.e. http://myjenkins.com to https://myjenkins.com). Do I configure in AWS or in Jenkins? I only found https://aws.amazon.com/premiumsupport/knowledge-center/redirect-http-https-elb/ but does not help much. Please advise. Thanks

2
amazon-web-servicesjenkins

2 Answers

1
votes

If you are trying to get to the jenkins web UI on port 443, i would suggest using a web server like nginx to proxy requests to your jenkins installation. That way, you can have a fairly vanilla jenkins installation and handle all of the SSL configuration and port redirection in nginx (which is much easier to do).

Here's an example outline of how you might accomplish what are you asking:

  1. Set up your server and install Jenkins normally, serving on port 8080.
  2. Install nginx and configure it to proxy "/" to port 8080 on localhost.
  3. Install your SSL certs. Using certbot with Let's Encrypt makes this step pretty easy as it handles all of the SSL config for you. (Note that for the install to work, your Security Group will have to allow all traffic to access your instance while you're doing the install. You can make it more restrictive once everything is configured. You also need a URL that is publicly accessible for your SSL certs to be valid).
  4. Access your site using the bare domain and look for it to be forwarded to https.

And here are the actual steps I used to get mine working on a Ubuntu EC2 VM (you might have to hum along to the tune of the install but you will get the idea):

apt-get update
apt-get upgrade -y
apt-get install nginx -y
cd /etc/nginx/sites-enabled/
vim default (see config below)
systemctl restart nginx
wget -q -O - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | apt-key add -
echo "deb http://pkg.jenkins-ci.org/debian binary/" | tee -a /etc/apt/sources.list
add-apt-repository ppa:webupd8team/java -y
apt-get update
apt-get install oracle-java8-installer -y
apt-get install jenkins –y
systemctl status jenkins
cd /var/lib/jenkins/secrets/
cat initialAdminPassword
ufw enable
sudo add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-nginx
ufw allow 'Nginx Full'
ufw allow OpenSSH
ufw status
certbot --nginx -d jenkins.example.com

Your default nginx config will look something like this:

server {
listen 80 default_server;
listen [::]:80 default_server;

root /var/www/html;

index index.html index.htm index.nginx-debian.html;

server_name jenkins.example.com;
location / {
    proxy_pass       http://localhost:8080;
    proxy_set_header Host      $host;
    proxy_set_header X-Real-IP $remote_addr;
}

if ($scheme != "https") {
    return 301 https://$host$request_uri;
}

When you run the certbot --nginx -d jenkins.example.com step, it will also insert some lines into your nginx config to set up the SLL and cert specifics.

After that, you should be good!

0
votes

You need to configure Jenkins settings to HTTPS inside your EC2;

And if you are using Load Balance in front of the EC2, you also need to configure ELB to forward port to HTTPS.