• Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • core
    • None

      It would be nice if the RPM allowed you to simply configure https as well as http

          [JENKINS-11673] Support https in RPM service scripts

          Yury Zaytsev added a comment -

          What is your suggestion more specifically? You can easily change flags in /etc/sysconfig/jenkins to use https instead of http... What can be easier?

          Yury Zaytsev added a comment - What is your suggestion more specifically? You can easily change flags in /etc/sysconfig/jenkins to use https instead of http... What can be easier?

          James Nord added a comment -

          add an option HTTPS_PORT

          If set then enable the http port.
          otherwise you can't do it without knowing the parameters that you need to pass to the jar.

          Fix is done - just need to get the file so I can push it.

          James Nord added a comment - add an option HTTPS_PORT If set then enable the http port. otherwise you can't do it without knowing the parameters that you need to pass to the jar. Fix is done - just need to get the file so I can push it.

          Yury Zaytsev added a comment -

          Hi,

          Thanks for clarifying. I don't think this gonna help though, really. You also need to generate the key and provide the path to the key and keystore password. So if you automate those steps in the SPEC file, then it would totally make sense to add such an option, because it will just work.

          FYI, I used the following commands (generates a self-signed certificate valid for the next 10 years):

          keytool -genkey -keyalg RSA -alias selfsigned -keystore /var/lib/jenkins/ssl/keystore.jks -validity 3650 -dname "cn=FQDN" -storepass XXX
          

          The FQDN can be determined via

          hostname -f

          .

          The command to use HTTPS is

          --httpsPort=443 --httpsKeyStore=/var/lib/jenkins/ssl/keystore.jks --httpsKeyStorePassword=XXX
          

          Also it would make sense to add an option to disable AJP port:

          --ajp13Port=-1 
          

          If you will make a working patch, I can try to help to make a pull request, unless you can also do it yourself.

          Yury Zaytsev added a comment - Hi, Thanks for clarifying. I don't think this gonna help though, really. You also need to generate the key and provide the path to the key and keystore password. So if you automate those steps in the SPEC file, then it would totally make sense to add such an option, because it will just work. FYI, I used the following commands (generates a self-signed certificate valid for the next 10 years): keytool -genkey -keyalg RSA -alias selfsigned -keystore / var /lib/jenkins/ssl/keystore.jks -validity 3650 -dname "cn=FQDN" -storepass XXX The FQDN can be determined via hostname -f . The command to use HTTPS is --httpsPort=443 --httpsKeyStore=/ var /lib/jenkins/ssl/keystore.jks --httpsKeyStorePassword=XXX Also it would make sense to add an option to disable AJP port: --ajp13Port=-1 If you will make a working patch, I can try to help to make a pull request, unless you can also do it yourself.

          Nathan Felton added a comment -

          Per the current configuration suggestions at https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins:

          If you're setting up Jenkins using the built-in Winstone server and want to use an existing certificate for HTTPS:

          --httpPort=-1 --httpsPort=443 --httpsKeyStore=path/to/keystore --httpsKeyStorePassword=keystorePassword

          The keystore should be in JKS format (as created by the JDK 'keytool') and the keystore and target key must have the same password. (Placing the keystore arguments after Jenkins-specific parameters does not seem to work; either they are not forwarded to Winstone or Winstone ignores them coming after unknown parameters. So, make sure they are adjacent to the working --httpsPort argument.)

          As such, I am writing a pull request that adds the --httpsKeyStore and --httpsKeyStorePassword arguments to the init script and the sysconfig file.

          Nathan Felton added a comment - Per the current configuration suggestions at https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins: If you're setting up Jenkins using the built-in Winstone server and want to use an existing certificate for HTTPS: --httpPort=-1 --httpsPort=443 --httpsKeyStore=path/to/keystore --httpsKeyStorePassword=keystorePassword The keystore should be in JKS format (as created by the JDK 'keytool') and the keystore and target key must have the same password. (Placing the keystore arguments after Jenkins-specific parameters does not seem to work; either they are not forwarded to Winstone or Winstone ignores them coming after unknown parameters. So, make sure they are adjacent to the working --httpsPort argument.) As such, I am writing a pull request that adds the --httpsKeyStore and --httpsKeyStorePassword arguments to the init script and the sysconfig file.

          Code changed in jenkins
          User: n8felton
          Path:
          rpm/SOURCES/jenkins.init.in
          rpm/SOURCES/jenkins.sysconfig.in
          http://jenkins-ci.org/commit/jenkins/00b6d99be6b5a23fbef3b53e34368c4e5c30de9d
          Log:
          [FIXES JENKINS-11673] - Support https in RPM service scripts

          Adding support for --httpsKeyStore and --httpsKeyStorePassword agruments.
          Follows guide at https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: n8felton Path: rpm/SOURCES/jenkins.init.in rpm/SOURCES/jenkins.sysconfig.in http://jenkins-ci.org/commit/jenkins/00b6d99be6b5a23fbef3b53e34368c4e5c30de9d Log: [FIXES JENKINS-11673] - Support https in RPM service scripts Adding support for --httpsKeyStore and --httpsKeyStorePassword agruments. Follows guide at https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          rpm/SOURCES/jenkins.init.in
          rpm/SOURCES/jenkins.sysconfig.in
          http://jenkins-ci.org/commit/jenkins/3e191ba236d768c53dee92afb1651971c49999b9
          Log:
          Merge pull request #1227 from n8felton/JENKINS-11673

          [FIXES JENKINS-11673] - Support https in RPM service scripts

          Compare: https://github.com/jenkinsci/jenkins/compare/a3d07dcb19ab...3e191ba236d7

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: rpm/SOURCES/jenkins.init.in rpm/SOURCES/jenkins.sysconfig.in http://jenkins-ci.org/commit/jenkins/3e191ba236d768c53dee92afb1651971c49999b9 Log: Merge pull request #1227 from n8felton/ JENKINS-11673 [FIXES JENKINS-11673] - Support https in RPM service scripts Compare: https://github.com/jenkinsci/jenkins/compare/a3d07dcb19ab...3e191ba236d7

          dogfood added a comment -

          Integrated in jenkins_main_trunk #3422
          [FIXES JENKINS-11673] - Support https in RPM service scripts (Revision 00b6d99be6b5a23fbef3b53e34368c4e5c30de9d)

          Result = SUCCESS
          n8felton : 00b6d99be6b5a23fbef3b53e34368c4e5c30de9d
          Files :

          • rpm/SOURCES/jenkins.sysconfig.in
          • rpm/SOURCES/jenkins.init.in

          dogfood added a comment - Integrated in jenkins_main_trunk #3422 [FIXES JENKINS-11673] - Support https in RPM service scripts (Revision 00b6d99be6b5a23fbef3b53e34368c4e5c30de9d) Result = SUCCESS n8felton : 00b6d99be6b5a23fbef3b53e34368c4e5c30de9d Files : rpm/SOURCES/jenkins.sysconfig.in rpm/SOURCES/jenkins.init.in

          Code changed in jenkins
          User: n8felton
          Path:
          SOURCES/jenkins.init.in
          SOURCES/jenkins.sysconfig.in
          http://jenkins-ci.org/commit/packaging/9d5bc8c24cd289d177b2c28f889fe54a30809a59
          Log:
          [FIXES JENKINS-11673] - Support https in RPM service scripts

          Adding support for --httpsKeyStore and --httpsKeyStorePassword agruments.
          Follows guide at https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins

          Originally-From: jenkins-ci.org/commit/core/00b6d99be6b5a23fbef3b53e34368c4e5c30de9d

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: n8felton Path: SOURCES/jenkins.init.in SOURCES/jenkins.sysconfig.in http://jenkins-ci.org/commit/packaging/9d5bc8c24cd289d177b2c28f889fe54a30809a59 Log: [FIXES JENKINS-11673] - Support https in RPM service scripts Adding support for --httpsKeyStore and --httpsKeyStorePassword agruments. Follows guide at https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins Originally-From: jenkins-ci.org/commit/core/00b6d99be6b5a23fbef3b53e34368c4e5c30de9d

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          SOURCES/jenkins.init.in
          SOURCES/jenkins.sysconfig.in
          http://jenkins-ci.org/commit/packaging/86cb8af737465be3290905548942ff700f0fb173
          Log:
          Merge pull request #1227 from n8felton/JENKINS-11673

          [FIXES JENKINS-11673] - Support https in RPM service scripts
          Originally-From: jenkins-ci.org/commit/core/3e191ba236d768c53dee92afb1651971c49999b9

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: SOURCES/jenkins.init.in SOURCES/jenkins.sysconfig.in http://jenkins-ci.org/commit/packaging/86cb8af737465be3290905548942ff700f0fb173 Log: Merge pull request #1227 from n8felton/ JENKINS-11673 [FIXES JENKINS-11673] - Support https in RPM service scripts Originally-From: jenkins-ci.org/commit/core/3e191ba236d768c53dee92afb1651971c49999b9

            n8felton Nathan Felton
            teilo James Nord
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: