Jenkins基于Nginx实现域名访问,反向代理详细配置总结
背景:运维思路来讲,前两篇文章详细介绍到jenkins部署,仅仅是对于体验于学习,但运维任重而道远,往往生产不可轻易暴露自己的IP,因此前面我们学习到的IP+端口号的方式就不合适了,基于安全考虑,我们
背景:运维思路来讲,前两篇文章详细介绍到jenkins部署,仅仅是对于体验于学习,但运维任重而道远,往往生产不可轻易暴露自己的IP,因此前面我们学习到的IP+端口号的方式就不合适了,基于安全考虑,我们实现IP与端口封堵与反向代理,以至于更好的在生产环境落地;
一、前提:
1、Jenkins已安装,详细步骤移步《基于阿里云ECS Centos8.0系统yum部署jenkins-2.277.3-1.1详情》;
2、Nginx已安装,本文手把手介绍;
二、基于YUM仓库部署Nginx1.20
1、创建nginx.repo源,
cat < /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF 2、完成nginx-mainline配置
yum-config-manager--enable nginx-mainline3、安装Nginx
yuminstall nginx -y4、启动并查看监听端口80,如图常用命令(基于yum安装systemctl好使)
systemctlstartnginx.service 启动nginx服务systemctlstopnginx.service 停止服务systemctl restart nginx.service 重新启动服务systemctllist-units--type=service 查看所有已启动的服务systemctlstatusnginx.service 查看服务当前状态systemctlenablenginx.service 设置开机自启动systemctldisablenginx.service 停止开机自启动
nginx -v
需在nginx目录下运行
nginx -s [signal]
nginx -s reload 刷新配置
nginx -sfast快速stopnginx -s graceful 优雅stop三、Jenkins反向代理实现
1、nginx目录下/etc/nginx/conf.d/,新建jenkins.conf
vim/etc/nginx/conf.d/jenkins.conf2、粘贴如下内容
upstream jenkins {
keepalive32;keepalive connectionsserver IP:8089;jenkins ip and port}Required for Jenkins websocket agentsmap $http_upgrade $connection_upgrade {defaultupgrade;close;
}
server {
listen80;Listen on port 80 for IPv4 requestsserver_name jenkins.10691.cn;replace jenkins.10691.cn with your server domain namethis is the jenkins web root directory(mentioned in the /etc/default/jenkins file)root /usr/share/nginx/jenkins/;
access_log /var/log/nginx/jenkins/access.log;需自行新建目录error_log /var/log/nginx/jenkins/error.log;需自行新建目录pass through headers from Jenkins that Nginx considers invalidignore_invalid_headers off;
location ~"^/static/[0-9a-fA-F]{8}\/(.*)$"{rewrite all static files into requests to the rootE.g /static/12345678/css/something.css will become /css/something.cssrewrite"^/static/[0-9a-fA-F]{8}\/(.*)"/$1last;
}
location /userContent {have nginx handle all the static requests to userContent foldernote : This is the $JENKINS_HOME dirroot /var/lib/jenkins/;if(!-f $request_filename){this file does not exist, might be a directory or a /**view** urlrewrite (.*) /$1last;break;
}
sendfile on;
}
location / {
sendfile off;
proxy_pass http://jenkins;proxy_redirectdefault;
proxy_http_version1.1;Required for Jenkins websocket agentsproxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size0;this is the maximum upload sizeclient_max_body_size10m;
client_body_buffer_size128k;
proxy_connect_timeout90;
proxy_send_timeout90;
proxy_read_timeout90;
proxy_buffering off;
proxy_request_buffering off;Required for HTTP CLI commandsproxy_set_header Connection"";Clear for keepalive}
}3、如果在某些URL路径方面遇到问题 Blue Ocean的 ,则可能需要在代理配置中添加以下代码段
if($request_uri ~*"/blue(/.*)") {
proxy_passhttp://YOUR_SERVER_IP:YOUR_JENKINS_PORT/blue$1;break;
}
