How to configure Jenkins with SSL using an apache reverse proxy

After successful installation of Jenkins, we need to set up reverse proxy with apache as Jenkins listening to port 8080 by default.

Prerequisites

• Jenkins installed
• Apache installed
• An SSL certificate for a domain provided by Let’s Encrypt

Add SSL certificate

• First we need to install certbot and apache

• apt install python-certbot-apache
• apt –assume -yes install python3-certbot-apache
• Obtain SSL certificate using
• certbot –apache -d your_domain
• Restart apache service
•  systemctl restart apache2

Set up Reverse proxy

mod_proxy 

• mod _proxy works by making Apache perform ‘reverse proxy’ when a request arrives for certain Urls. apache becomes a proxy and forwards that request to jenkins.then forwards the response from jenkins back to the client

• The following Apache modules must be installed

• sudo a2enmod proxy
• sudo systemctl restart apache2
• sudo a2enmod proxy_http
• sudo systemctl restart apache2
• sudo a2enmod headers
• sudo systemctl restart apache2

• Next we want to configure reverse proxy

• cd /etc/apache2/sites-available/
• touch jenkins.conf
• nano jenkins.conf

_{<VirtualHost *:80>}

       _{ServerName your_domain}

_{ProxyRequests     Off}

_{ProxyPreserveHost On}

_{AllowEncodedSlashes NoDecode}

_{<Proxy http://localhost:8080/*>}

   _{Order deny,allow}

   _{Allow from all}

_</Proxy>

_{ProxyPass     /http://localhost:8080/ nocanon}

_{ProxyPassReverse  /http://localhost:8080/}

_{ProxyPassReverse  /http://your_domain/}

_{</VirtualHost>}

(copy and paste these content on jenkins.conf file)

• Enable Apache site & restart services of apache and jenkins

• sudo a2ensite jenkins.conf
• systemctl restart apache2
• systemctl restart jenkins

• Set the following firewall rules only if you enabled firewall while installing jenkins

• ufw allow ssh
• ufw allow http
• ufw allow https
• ufw enable

That’s it… Now call your site with your IP or domain in browser(without “:8080”)