How to set up HTTPS for Jenkins with a self-signed certificate on Ubuntu 20.04.
I’ve struggled to find a simple guide for this, so here is one! I’m going on the assumption you have a standard Jenkins setup already in /var/lib/jenkins
and running it as the jenkins user.
Now let us get down to business on Jenkins:
In order to get Jenkins to use HTTPS, we need to be able to access your certificate and key from somewhere. Make sure you become the Jenkins user otherwise it will not have permission to read the files you make. Let’s make a folder inside /var/lib/jenkins
to put our cert and key in.
$ sudo su jenkins
$ mkdir /var/lib/jenkins/.ssl
$ cd /var/lib/jenkins/.ssl
Now we generate our certificate and key in the directory we have created(still as the jenkins user)…we first generate the cert and key then need to convert the key format to PKCS #1:
$ cd /var/lib/jenkins/.ssl
$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes
$ openssl rsa -in key.pem -out private.pk1.key
Now we need to edit the Jenkin config to tell it to use HTTPS and where the certificate and key are located. For those who use Ubuntu, this is /etc/default/jenkins
. We tell Jenkins to run access via HTTPS on port 8443 (--httpsPort=8443
) using the certificate we made earlier(--httpsCertificate=/var/lib/jenkins/.ssl/cert.pem
) and the key as well (--httpsPrivateKey=/var/lib/jenkins/.ssl/private.pk1.key
). We append this to the config with the command below (as root hence the sudo su ).
$ sudo su -
$ echo 'JENKINS_ARGS=" $JENKINS_ARGS --httpsPort=8443 --httpsPrivateKey=/var/lib/jenkins/.ssl/private.pk1.key --httpsCertificate=/var/lib/jenkins/.ssl/cert.pem"' >> /etc/default/jenkins# Your config should look like this at the bottom
$ tail -3 /etc/default/jenkinsJENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT"
JENKINS_ARGS="$JENKINS_ARGS --httpsPort=8443 --httpsPrivateKey=/var/lib/jenkins/.ssl/private.pk1.key --httpsCertificate=/var/lib/jenkins/.ssl/cert.pem"
Now let's restart Jenkins, so it will re-read its config:
$ sudo systemctl restart jenkins
Now you should be able to access your Jenkins server via HTTPS. It should be accessible via https://YOUR_JENKINS_URL:8443/
or for automatic redirecting set HTTP to HTTPS by adding the arg--httpsRedirectHttp=true
.
Note: if you want to disable HTTP, you will need to set HTTP_PORT=-1
in /etc/default/jenkins
and restart Jenkins again.
Those who prefer a video guide, try this one by cloudbees, which formed the basis of this guide: https://www.youtube.com/watch?v=2uYL4az1BVU