Ubuntu 16.04 & Nginx & SSL + Jenkins

Ubuntu 16.04 & Nginx & SSL + Jenkins

  • Ubuntu Initial setup
    1. Connect and upgrade

    2. Increase SSL session time

      Apply below, if exist, change value, if not exist, add the line.

    3. Create a New User, avoid using root all the time

      Give new user Root privileges

    4. Switch to the new user, install public key

      Copy the public key content you want to use and paste into the remote ssh folder:

      After copy, restrict the permissions:

    5. Testing the new user login with ssh key:

      If you can login, then all settings are good.

      If not, check all above steps.

    6. Disable Password Authentication

      Find the line that specifies PasswordAuthentication, uncomment it by deleting the preceding #, then change its value to “no”.

      It should look like this after you have made the change:

      Reload SSH daemon:

    7. Open a new terminal, test login

    8. Setup basic firewall

  • Nginx and Let’s Encrypt
    1. Install Nginx, allow firewall rules

    2. Check the Nginx install

    3. Domain DNS change: create an A Record that points your domain to the public IP address of your server.

    4. Install certbot

    5. Use certbot Webroot Plugin
      Edit Nginx default file to allow /.well-known for Webroot Plugin

      Inside the server block, add this location block:

      check for syntac errors:

      Use Webroot plugin to request an SSL

    6. Certificate Files
      After obtaining the cert, you will have the following PEM-encoded files:

      cert.pem : Your domain’s certificate

      chain.pem : The Let’s Encrypt chain certificate

      fullchain.pem : cert.pem and chain.pem combined

      privkey.pem : Your certificate’s private key

      Check that the files exist by running this command (substituting in your domain name):

    7. Generate Strong Diffie-Hellman Group

      This may take a few minutes but when it’s done you will have a strong DH group at /etc/ssl/certs/dhparam.pem .

    8. Configure TLS/SSL on Web Server (Nginx)

      • We will create a configuration snippet containing our SSL key and certificate file locations.
        Within this file, we just need to set the ssl_certificate directive to our certificate file and the ssl_certificate_key to the associated key.
        In our case, this will look like this:

      • We will create a configuration snippet containing strong SSL settings that can be used with any certificates in the future.

      • We will adjust the Nginx server blocks to handle SSL requests and use the two snippets above.
        Backup server block

        Eventally, the server block should looks like:

      This method of configuring Nginx will allow us to keep clean server blocks and put common configuration segments into reusable modules.

    9. check if the nginx setting is right

  • check firewall

  • Enabling the Changes in Nginx

    use the Qualys SSL Labs Report to see how your server configuration scores:

  • Setup auto renewal

  • Install Jenkins

    Starting Jenkins


    http:// ip_address_or_domain_name :8080

    Get password

  • Config Nginx

  • Config Jenkins

    Locate the JENKINS_ARGS line and add —httpListenAddress= to the existing arguments:

  • Restart Jenkins and Nginx

    • In your web browser, enter “http://[your.ssl.domain.name]”, substituting your domain for your.ssl.domain.name. After you press enter, the URL should start with https and the location bar should indicate that the connection is secure.
    • We’ll enter admin in the “User” field and the auto-generated password that Jenkins created and stored when we installed it.







Leave a Reply