在 jenkins 中启用 HTTPS? [英] Enable HTTPS in jenkins?
问题描述
我有一个带有本地 IP 的专用网络.我想为我的 Jenkins 服务器启用 HTTPS,它是静态 IP W.X.Y.Z:8080.
I have a private network with a local IP. I want to Enable HTTPS for my Jenkins server which is static IP W.X.Y.Z:8080.
Jenkins version 2.9
java version "1.7.0_111"
OpenJDK Runtime Environment (IcedTea 2.6.7) (7u111-2.6.7-0ubuntu0.14.04.3)
OpenJDK 64-Bit Server VM (build 24.111-b01, mixed mode)
我尝试在/etc/defaults/jenkins 文件中配置以下参数
I have tried configuring in /etc/defaults/jenkins file the following arguments
HTTP_PORT=-1
JENKINS_ARGS="--webroot=/var/cache/$NAME/war -DsessionTimeout=1 --httpPort=$HTTP_PORT --httpsPort=8081"
但我收到以下错误.请帮忙
But I get the following errors. Please help
Running from: /usr/share/jenkins/jenkins.war
webroot: $user.home/.jenkins
Oct 19, 2016 2:18:48 PM org.eclipse.jetty.util.log.JavaUtilLog info
INFO: Logging initialized @811ms
Oct 19, 2016 2:18:48 PM winstone.Logger logInternal
INFO: Beginning extraction from war file
Oct 19, 2016 2:18:48 PM org.eclipse.jetty.util.log.JavaUtilLog warn
WARNING: Empty contextPath
Using one-time self-signed certificate
Oct 19, 2016 2:18:48 PM winstone.Logger logInternal
INFO: Winstone shutdown successfully
Oct 19, 2016 2:18:48 PM winstone.Logger logInternal
SEVERE: Container startup failed
java.io.IOException: Failed to start a listener
winstone.HttpsConnectorFactory
at winstone.Launcher.spawnListener(Launcher.java:207)
at winstone.Launcher.<init>(Launcher.java:149)
at winstone.Launcher.main(Launcher.java:352)`enter code here`
at sun.reflect.NativeMethodAccessorImpl.invoke0
我发现这里解决了类似的问题,但对我不起作用
I found similar issues resolved here but it didn't work for me
编辑 1:已在/etc/defaults/jenkins 文件中尝试了以下更改并重新启动了 jenkins,但对我不起作用.
The following changes have been tried in /etc/defaults/jenkins file and restarted jenkins but it didn't work for me.
HTTP_PORT=-1
JENKINS_ARGS="--webroot=/var/cache/$NAME/war -DsessionTimeout=1 --httpPort=$HTTP_PORT --httpsPort=8443 --httpsCertificate=cert.pem --httpsPrivateKey=key.pem
https://issues.jenkins-ci.org/browse/JENKINS-34463
https://issues.jenkins-ci.org/browse/JENKINS-25333
推荐答案
您可以按照以下步骤通过 HTTPS 启用 Jenkins:
You can enable Jenkins via HTTPS with following steps:
使用 Java 创建证书
keytool -genkey -keyalg RSA -alias "localhost" -keystore "C:UsersusernameDesktopNew folderlocalhost.jks" -validity 365 -keysize 2048 -dname "CN=localhost, OU=OU_name, O=OU_name, L=city, ST=State_name, C=two_letter_country_code" -ext SAN=dns:localhost,ip:ip_address -storepass changeit
从密钥库文件导出p12
公共证书
Export p12
Public Certificate from key-store file
keytool -importkeystore -srckeystore "C:UsersusernameDesktopNew folderlocalhost.jks" -storepass changeit -destkeystore "C:UsersusernameDesktopNew folderlocalhost.p12" -srcstoretype JKS -deststoretype PKCS12 -deststorepass changeit
使用密钥库 (JKS) 文件托管 Jenkins
java -jar jenkins.war --httpsPort=8082 --httpPort=-1 --httpsKeyStore="C:UsersusernameDesktopNew folderlocalhost.jks" --httpsKeyStorePassword=changeit
将证书导入浏览器
您可能会有这样的问题,比如我们为什么要导出 *.p12
证书……好吧,我们将把这个证书导入到我们访问 Jenkins 的浏览器中.同一个 p12 证书可以在多个用户之间共享.
You may have a question like why we have exported *.p12
certificate...well, this certificate we are going to import into our browser from where we access Jenkins. The same p12 certificate can be shared between multiple users.
例如在 Chrome 中转到设置>搜索-管理证书"然后点击管理证书"您将获得证书";窗户.将证书导入每个选项卡(人员、其他人员、中间证书颁发机构、受信任的根证书颁发机构、受信任的发布者和不受信任的发布者).
For example in Chrome go to Setting>Search - "Manage Certificate" and click on "Manage Certificate" you will get an "Certificate" window. Import the certificate into each tab (Personnel, Other People, Intermediate Certificate Authorities, Trusted Root Certification Authorities, Trusted Publishers, and Untrusted Publishers).
这篇关于在 jenkins 中启用 HTTPS?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!