Jenkins的配置和安全性问题 [英] Jenkins configuration and security issues
问题描述
这是我第一次使用Jenkins,我浏览了几篇在线文章,但找不到满意的答案.我们有.Net项目,并且正在使用私有GitHub存储库.现在,我正在尝试使用Jenkins构建CI服务器.想法是,每当开发人员将代码推送到GitHub时,我们都希望在CI服务器上构建项目. 我已经在CI服务器上安装了Jenkins(v 1.646)和GitHub,Git和MSBuild插件.在与詹金斯一起工作了几个小时之后,我现在有几个问题.
This is the first time I am using Jenkins and I have gone through several online articles but couldn’t find satisfactory answers. We have .Net project, and we are using private GitHub repository. Now I am trying to build CI server with Jenkins. Idea is to whenever developer push the code to GitHub we want to build the project on CI server. I have already installed Jenkins (v 1.646) and GitHub,Git and MSBuild Plugin on CI server. After working with Jenkins for last several hours i have now have several questions.
1>默认情况下,Jenkins在端口8080上运行.但是,要使持续集成正常工作,Jenkins必须从GitHub接收通知.默认情况下,端口8080被外界阻止,CI服务器上的端口80已打开.我在Jenkins.xml文件中更新了httpport,因此Jenkins在端口80上运行. 我可以从公共互联网访问Jenkins,并且Web挂钩URL现在为 http://ipaddress/github-webhook ,但这开设一个大安全漏洞,因为现在任何人都可以访问Jenskins.为了解决这个问题,我配置了全局安全性->基于项目的矩阵授权策略.因此,现在只有我可以登录和管理项目.但是,任何人仍然可以键入IP地址,登陆Jenkins页面并创建新用户帐户.虽然该用户无法访问任何内容,但仍然会在Jenkins的数据库中创建一个新用户 因此,有一种方法可以照常在端口8080上运行Jenkins管理,但在端口80上接收通知
1> By default Jenkins runs on port 8080. But for continuous integration to work Jenkins must receive notification from GitHub. The port 8080 is by default blocked from the outside world, on CI server port 80 is open. I updated httpport in Jenkins.xml file so Jenkins is running on port 80.
I can access Jenkins from public internet and the web hook url is now http://ipaddress/github-webhook but this opens a big security hole because now anyone can access Jenskins. To solve this issue I have configured global security -> Project-based Matrix Authorization Strategy. So now only I can login and manage the projects. However any person can still type the IP address, land on Jenkins page and Create new user account. Ofcource that user cannot access anything but still it creates a new user in Jenkins’s database
So is there a way to run Jenkins management on port 8080 as usual, but receive notification on port 80
2>在Jenkins的系统配置"页面上,我仅看到"Git"和"GitHub插件配置".我没有看到"GitHub Web Hook"选项,也没有看到让Jenkins自动管理钩子URL"在1.646版本中对此进行了更改
2> On Jenkins’s System Configuration page I only see "Git" and "GitHub Plugin Configuration". I do not see "GitHub Web Hook" option, and also I don’t see "Let Jenkins auto-manage hook URLs" has this changed in version 1.646
3>由于我们使用的是专用存储库,因此我们的项目URL为 https://github.com/MyCompanyName/reponame ,存储库URL为 https://github.com/MyCompanyName/reponame.git 请注意,该URL具有公司名称而不是用户名.但是我看到错误的詹金斯日志
3> Since we are using private repository, our project URL is https://github.com/MyCompanyName/reponame and repository URL is https://github.com/MyCompanyName/reponame.git note that the url has company name not the username. But I see error Jenkins log
无法从以下位置删除钩子 GitHubRepositoryName [host = github.com,username = MyCompanyName,repository = reponame] java.lang.NullPointerException:没有管理员凭证 访问管理挂钩 GitHubRepositoryName [host = github.com,username = MyCompanyName,repository = reponame] 在 com.google.common.base.Preconditions.checkNotNull(Preconditions.java:231)
Failed to remove hook from GitHubRepositoryName[host=github.com,username=MyCompanyName,repository=reponame] java.lang.NullPointerException: There is no credentials with admin access to manage hooks on GitHubRepositoryName[host=github.com,username=MyCompanyName,repository=reponame] at com.google.common.base.Preconditions.checkNotNull(Preconditions.java:231)
为什么要尝试使用公司名称作为用户名?我已经设置了正确的用户凭据,并且能够拉出代码.
Why its trying to use companyname as username? I have setup proper user credentials and it was able to PULL the code.
推荐答案
1)转到配置全局安全性",然后取消选中允许用户注册"以防止创建新帐户.
1) Go to Configure global Security and uncheck "Allow users to sign up" to prevent creation of new accounts.
2& 3)如果您没有管理员权限或不想从Jenkins管理钩子,请转到配置系统/Github插件配置"部分,然后取消选中管理钩子".
2&3) Go to Configure System/Github Plugin Configuration section and uncheck "Manage hook" if you don't have admin access or don't want to manage hooks from Jenkins.
这篇关于Jenkins的配置和安全性问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
