• Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • core
    • None

      It would be nice if the RPM allowed you to simply configure https as well as http

          [JENKINS-11673] Support https in RPM service scripts

          James Nord created issue -

          Yury Zaytsev added a comment -

          What is your suggestion more specifically? You can easily change flags in /etc/sysconfig/jenkins to use https instead of http... What can be easier?

          Yury Zaytsev added a comment - What is your suggestion more specifically? You can easily change flags in /etc/sysconfig/jenkins to use https instead of http... What can be easier?

          James Nord added a comment -

          add an option HTTPS_PORT

          If set then enable the http port.
          otherwise you can't do it without knowing the parameters that you need to pass to the jar.

          Fix is done - just need to get the file so I can push it.

          James Nord added a comment - add an option HTTPS_PORT If set then enable the http port. otherwise you can't do it without knowing the parameters that you need to pass to the jar. Fix is done - just need to get the file so I can push it.
          Yury Zaytsev made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]

          Yury Zaytsev added a comment -

          Hi,

          Thanks for clarifying. I don't think this gonna help though, really. You also need to generate the key and provide the path to the key and keystore password. So if you automate those steps in the SPEC file, then it would totally make sense to add such an option, because it will just work.

          FYI, I used the following commands (generates a self-signed certificate valid for the next 10 years):

          keytool -genkey -keyalg RSA -alias selfsigned -keystore /var/lib/jenkins/ssl/keystore.jks -validity 3650 -dname "cn=FQDN" -storepass XXX
          

          The FQDN can be determined via

          hostname -f

          .

          The command to use HTTPS is

          --httpsPort=443 --httpsKeyStore=/var/lib/jenkins/ssl/keystore.jks --httpsKeyStorePassword=XXX
          

          Also it would make sense to add an option to disable AJP port:

          --ajp13Port=-1 
          

          If you will make a working patch, I can try to help to make a pull request, unless you can also do it yourself.

          Yury Zaytsev added a comment - Hi, Thanks for clarifying. I don't think this gonna help though, really. You also need to generate the key and provide the path to the key and keystore password. So if you automate those steps in the SPEC file, then it would totally make sense to add such an option, because it will just work. FYI, I used the following commands (generates a self-signed certificate valid for the next 10 years): keytool -genkey -keyalg RSA -alias selfsigned -keystore / var /lib/jenkins/ssl/keystore.jks -validity 3650 -dname "cn=FQDN" -storepass XXX The FQDN can be determined via hostname -f . The command to use HTTPS is --httpsPort=443 --httpsKeyStore=/ var /lib/jenkins/ssl/keystore.jks --httpsKeyStorePassword=XXX Also it would make sense to add an option to disable AJP port: --ajp13Port=-1 If you will make a working patch, I can try to help to make a pull request, unless you can also do it yourself.
          Nathan Felton made changes -
          Assignee Original: James Nord [ teilo ] New: Nathan Felton [ n8felton ]

          Nathan Felton added a comment -

          Per the current configuration suggestions at https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins:

          If you're setting up Jenkins using the built-in Winstone server and want to use an existing certificate for HTTPS:

          --httpPort=-1 --httpsPort=443 --httpsKeyStore=path/to/keystore --httpsKeyStorePassword=keystorePassword

          The keystore should be in JKS format (as created by the JDK 'keytool') and the keystore and target key must have the same password. (Placing the keystore arguments after Jenkins-specific parameters does not seem to work; either they are not forwarded to Winstone or Winstone ignores them coming after unknown parameters. So, make sure they are adjacent to the working --httpsPort argument.)

          As such, I am writing a pull request that adds the --httpsKeyStore and --httpsKeyStorePassword arguments to the init script and the sysconfig file.

          Nathan Felton added a comment - Per the current configuration suggestions at https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins: If you're setting up Jenkins using the built-in Winstone server and want to use an existing certificate for HTTPS: --httpPort=-1 --httpsPort=443 --httpsKeyStore=path/to/keystore --httpsKeyStorePassword=keystorePassword The keystore should be in JKS format (as created by the JDK 'keytool') and the keystore and target key must have the same password. (Placing the keystore arguments after Jenkins-specific parameters does not seem to work; either they are not forwarded to Winstone or Winstone ignores them coming after unknown parameters. So, make sure they are adjacent to the working --httpsPort argument.) As such, I am writing a pull request that adds the --httpsKeyStore and --httpsKeyStorePassword arguments to the init script and the sysconfig file.

          Code changed in jenkins
          User: n8felton
          Path:
          rpm/SOURCES/jenkins.init.in
          rpm/SOURCES/jenkins.sysconfig.in
          http://jenkins-ci.org/commit/jenkins/00b6d99be6b5a23fbef3b53e34368c4e5c30de9d
          Log:
          [FIXES JENKINS-11673] - Support https in RPM service scripts

          Adding support for --httpsKeyStore and --httpsKeyStorePassword agruments.
          Follows guide at https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: n8felton Path: rpm/SOURCES/jenkins.init.in rpm/SOURCES/jenkins.sysconfig.in http://jenkins-ci.org/commit/jenkins/00b6d99be6b5a23fbef3b53e34368c4e5c30de9d Log: [FIXES JENKINS-11673] - Support https in RPM service scripts Adding support for --httpsKeyStore and --httpsKeyStorePassword agruments. Follows guide at https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          rpm/SOURCES/jenkins.init.in
          rpm/SOURCES/jenkins.sysconfig.in
          http://jenkins-ci.org/commit/jenkins/3e191ba236d768c53dee92afb1651971c49999b9
          Log:
          Merge pull request #1227 from n8felton/JENKINS-11673

          [FIXES JENKINS-11673] - Support https in RPM service scripts

          Compare: https://github.com/jenkinsci/jenkins/compare/a3d07dcb19ab...3e191ba236d7

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: rpm/SOURCES/jenkins.init.in rpm/SOURCES/jenkins.sysconfig.in http://jenkins-ci.org/commit/jenkins/3e191ba236d768c53dee92afb1651971c49999b9 Log: Merge pull request #1227 from n8felton/ JENKINS-11673 [FIXES JENKINS-11673] - Support https in RPM service scripts Compare: https://github.com/jenkinsci/jenkins/compare/a3d07dcb19ab...3e191ba236d7
          Oleg Nenashev made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: In Progress [ 3 ] New: Resolved [ 5 ]

            n8felton Nathan Felton
            teilo James Nord
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: