-
Improvement
-
Resolution: Fixed
-
Minor
-
None
-
Powered by SuggestiMate
It would be nice if the RPM allowed you to simply configure https as well as http
[JENKINS-11673] Support https in RPM service scripts
add an option HTTPS_PORT
If set then enable the http port.
otherwise you can't do it without knowing the parameters that you need to pass to the jar.
Fix is done - just need to get the file so I can push it.
Hi,
Thanks for clarifying. I don't think this gonna help though, really. You also need to generate the key and provide the path to the key and keystore password. So if you automate those steps in the SPEC file, then it would totally make sense to add such an option, because it will just work.
FYI, I used the following commands (generates a self-signed certificate valid for the next 10 years):
keytool -genkey -keyalg RSA -alias selfsigned -keystore /var/lib/jenkins/ssl/keystore.jks -validity 3650 -dname "cn=FQDN" -storepass XXX
The FQDN can be determined via
hostname -f
.
The command to use HTTPS is
--httpsPort=443 --httpsKeyStore=/var/lib/jenkins/ssl/keystore.jks --httpsKeyStorePassword=XXX
Also it would make sense to add an option to disable AJP port:
--ajp13Port=-1
If you will make a working patch, I can try to help to make a pull request, unless you can also do it yourself.
Per the current configuration suggestions at https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins:
If you're setting up Jenkins using the built-in Winstone server and want to use an existing certificate for HTTPS:
--httpPort=-1 --httpsPort=443 --httpsKeyStore=path/to/keystore --httpsKeyStorePassword=keystorePassword
The keystore should be in JKS format (as created by the JDK 'keytool') and the keystore and target key must have the same password. (Placing the keystore arguments after Jenkins-specific parameters does not seem to work; either they are not forwarded to Winstone or Winstone ignores them coming after unknown parameters. So, make sure they are adjacent to the working --httpsPort argument.)
As such, I am writing a pull request that adds the --httpsKeyStore and --httpsKeyStorePassword arguments to the init script and the sysconfig file.
Code changed in jenkins
User: n8felton
Path:
rpm/SOURCES/jenkins.init.in
rpm/SOURCES/jenkins.sysconfig.in
http://jenkins-ci.org/commit/jenkins/00b6d99be6b5a23fbef3b53e34368c4e5c30de9d
Log:
[FIXES JENKINS-11673] - Support https in RPM service scripts
Adding support for --httpsKeyStore and --httpsKeyStorePassword agruments.
Follows guide at https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins
Code changed in jenkins
User: Oleg Nenashev
Path:
rpm/SOURCES/jenkins.init.in
rpm/SOURCES/jenkins.sysconfig.in
http://jenkins-ci.org/commit/jenkins/3e191ba236d768c53dee92afb1651971c49999b9
Log:
Merge pull request #1227 from n8felton/JENKINS-11673
[FIXES JENKINS-11673] - Support https in RPM service scripts
Compare: https://github.com/jenkinsci/jenkins/compare/a3d07dcb19ab...3e191ba236d7
Integrated in jenkins_main_trunk #3422
[FIXES JENKINS-11673] - Support https in RPM service scripts (Revision 00b6d99be6b5a23fbef3b53e34368c4e5c30de9d)
Result = SUCCESS
n8felton : 00b6d99be6b5a23fbef3b53e34368c4e5c30de9d
Files :
- rpm/SOURCES/jenkins.sysconfig.in
- rpm/SOURCES/jenkins.init.in
Code changed in jenkins
User: n8felton
Path:
SOURCES/jenkins.init.in
SOURCES/jenkins.sysconfig.in
http://jenkins-ci.org/commit/packaging/9d5bc8c24cd289d177b2c28f889fe54a30809a59
Log:
[FIXES JENKINS-11673] - Support https in RPM service scripts
Adding support for --httpsKeyStore and --httpsKeyStorePassword agruments.
Follows guide at https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins
Originally-From: jenkins-ci.org/commit/core/00b6d99be6b5a23fbef3b53e34368c4e5c30de9d
Code changed in jenkins
User: Oleg Nenashev
Path:
SOURCES/jenkins.init.in
SOURCES/jenkins.sysconfig.in
http://jenkins-ci.org/commit/packaging/86cb8af737465be3290905548942ff700f0fb173
Log:
Merge pull request #1227 from n8felton/JENKINS-11673
[FIXES JENKINS-11673] - Support https in RPM service scripts
Originally-From: jenkins-ci.org/commit/core/3e191ba236d768c53dee92afb1651971c49999b9
What is your suggestion more specifically? You can easily change flags in /etc/sysconfig/jenkins to use https instead of http... What can be easier?