Nuxtstop

For all things nuxt.js

Add SSL to Jenkins on CentOS 8

#jenkins #ssl #certbot #centos
1 0

Run Certbot to create a new certificate and a new private key on the Jenkins Machine and follow the steps inside the command:

sudo certbot certonly --standalone
Enter fullscreen mode Exit fullscreen mode

Then run the following to extract the JKS (Java Key Store) file:

openssl pkcs12 -export -in /etc/letsencrypt/live/<yourdomainname>/fullchain.pem -inkey /etc/letsencrypt/live/<yourdomainname>/privkey.pem -out /var/lib/jenkins/.ssl/certificate.p12 -name "certificate"

keytool -importkeystore -srckeystore certificate.p12 -srcstoretype pkcs12 -destkeystore cert.jks
Enter fullscreen mode Exit fullscreen mode

Create a folder inside /var/lib/jenkins and call it ".ssl":

mkdir /var/lib/jenkins/.ssl
Enter fullscreen mode Exit fullscreen mode

Copy the JKS file into the .ssl folder:

cp cert.jks /var/lib/jenkins/.ssl/
Enter fullscreen mode Exit fullscreen mode

Change the mode and owner of the JKS file:

cd /var/lib/jenkins/
chmod 700 .ssl/cert.jks
chown -R jenkins:jenkins .ssl/
Enter fullscreen mode Exit fullscreen mode

Edit the following in the /etc/sysconfig/jenkins file:

JENKINS_HTTPS_PORT="8443"
JENKINS_HTTPS_KEYSTORE="/var/lib/jenkins/.ssl/cert.jks"
JENKINS_HTTPS_KEYSTORE_PASSWORD="<your passkey here>"
Enter fullscreen mode Exit fullscreen mode

then reroute port 443 to port 8443:

firewall-cmd --zone=public --add-service=https
firewall-cmd --add-forward-port=port=443:proto=tcp:toport=8443
firewall-cmd --runtime-to-permanent
firewall-cmd --reload
firewall-cmd --list-all
Enter fullscreen mode Exit fullscreen mode
Add comment