CI/CD with Jenkins — Part 1: Install Jenkins on Ubuntu

Prerequisites

  1. Alibaba Cloud ECS instance with Ubuntu 16.04 64-bit installed.
  2. Firewall or Security group rules configured to allow the port “80”, “443”.
  3. A domain name that needs to be pointed towards your ECS instance.

Set Hostname

Set the FQDN or Fully Qualified Domain Name as the hostname of your server. Setting the hostname is not mandatory, however, Jenkins produces warning messages in instances where hostname is incorrectly set.

Install Java

Since Jenkins is written in Java and we may need to build Java applications in the future, we should proceed to install Java Development Kit or JDK. Jenkins supports both Oracle Java 8 and OpenJDK 8. In this tutorial, we will install Oracle Java version 8. Oracle Java is packed with both Java Runtime (JRE) and JDK. Add the PPA repository for Oracle Java.

sudo apt install -y software-properties-common
sudo add-apt-repository --yes ppa:webupd8team/java
sudo apt update
aliyun@jenkins:~$ java -version
java version "1.8.0_171"
Java(TM) SE Runtime Environment (build 1.8.0_171-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.171-b11, mixed mode)
aliyun@jenkins:~$ echo $JAVA_HOME
/usr/lib/jvm/java-8-oracle

Install Jenkins

Jenkins can be easily installed through the repository actively maintained by the project itself. Installation through the repository will also ensure easy upgrades in the future, directly using the apt upgrade command. Import the key used to sign the packages in Jenkins repository. This will ensure that the correct packages are installed.

sudo apt update
sudo apt -y install jenkins git
sudo systemctl start jenkins
sudo systemctl enable jenkins
aliyun@jenkins:~$ sudo systemctl status jenkins
● jenkins.service - LSB: Start Jenkins at boot time
Loaded: loaded (/etc/init.d/jenkins; bad; vendor preset: enabled)
Active: active (exited) since Fri 2018-05-04 12:37:03 UTC; 35s ago
Docs: man:systemd-sysv-generator(8)
May 04 12:37:02 jenkins.liptan.tk systemd[1]: Starting LSB: Start Jenkins at boot time...
May 04 12:37:02 jenkins.liptan.tk jenkins[4787]: * Starting Jenkins Automation Server jenkins
aliyun@jenkins:~$ tail -f /var/log/jenkins/jenkins.log
May 02, 2018 2:14:29 PM hudson.WebAppMain$3 run
INFO: Jenkins is fully up and running

Install Nginx

Although Jenkins has a built-in web server to serve the application on the port “8080”, in a production system it is not recommended to expose such web servers on the internet. In this tutorial, we will use Nginx as a reverse proxy to forward the requests from the client to the Jenkins server. Setting up a reverse proxy with a domain name also increases the accessibility of the instance, you need not remember the IP address of the instance to access Jenkins.

sudo systemctl start nginx
sudo systemctl enable nginx
sudo add-apt-repository --yes ppa:certbot/certbot
sudo apt update
sudo apt -y install certbot
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for jenkins.example.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/jenkins.example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/jenkins.example.com/privkey.pem
...
aliyun@jenkins:~$ sudo crontab -l
36 2 * * * /usr/bin/certbot renew --post-hook "systemctl reload nginx"
upstream jenkins {
keepalive 32;
server 127.0.0.1:8080;
}
server {
listen 80;
server_name jenkins.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name jenkins.example.com;
root /var/cache/jenkins/war/;
ssl_certificate /etc/letsencrypt/live/jenkins.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jenkins.example.com/privkey.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml;
gzip_buffers 16 8k;
gzip_disable "MSIE [1-6].(?!.*SV1)";

access_log /var/log/nginx/jenkins.access.log;
error_log /var/log/nginx/jenkins.error.log;
ignore_invalid_headers off;
location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
}
location /userContent {
root /var/lib/jenkins/;
if (!-f $request_filename){
rewrite (.*) /$1 last;
break;
}
sendfile on;
}

location @jenkins {
sendfile off;
proxy_pass http://jenkins;
proxy_redirect default;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_request_buffering off;
proxy_set_header Connection "";
}
location / {
if ($http_user_agent ~* '(iPhone|iPod)') {
rewrite ^/$ /view/iphone/ redirect;
}
try_files $uri @jenkins;
}
}
aliyun@jenkins:~$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
HTTP_HOST=127.0.0.1JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=$HTTP_HOST"

Final Setup

During the installation, Jenkins generates an initial password. This initial password is required to complete Jenkins setup from the browser. Once you access your Jenkins instance through the browser, you will see that it is asking for an administrator password. Print the initial admin password on the terminal.

aliyun@jenkins:~$ sudo cat /var/lib/jenkins/secrets/initialAdminPassword
84ae7775fec245e69305c6db08389d69

Conclusion

That’s it. We have successfully deployed Jenkins automation server on an Alibaba Cloud ECSUbuntu 16.04. We have also configured Nginx reverse proxy and secured it with Let’s Encrypt SSL. Our Jenkins instance is now ready and we can proceed to create our first build job.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com