# Redirect to HTTPS server { listen 80 default_server; server_name host.domain; return 301 https://host.domain$request_uri; } upstream jenkins { server 127.0.0.1:8080; keepalive 16; } server { listen 443 ssl http2; server_name host.domain; ssl_certificate /etc/pki/tls/certs/certificate.crt.pem; ssl_certificate_key /etc/pki/tls/private/certificate.key.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!RC4'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; gzip off; # Kerberos-based Single Sign-On can cause large header lines large_client_header_buffers 4 32k; ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server. location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" { # rewrite all static files into requests to the root # E.g /static/12345678/css/something.css will become /css/something.css rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last; } location /userContent { #have nginx handle all the static requests to the userContent folder files #note : This is the $JENKINS_HOME dir root /opt/jenkins-home; if (!-f $request_filename){ #this file does not exist, might be a directory or a /**view** url rewrite (.*) /$1 last; break; } sendfile on; } location @jenkins { sendfile off; # see https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_max_temp_file_size 0; # this is the maximum upload size client_max_body_size 100m; client_body_buffer_size 128k; proxy_redirect http:// https://; proxy_pass http://jenkins; } location / { # Optional configuration to detect and redirect iPhones if ($http_user_agent ~* '(iPhone|iPod)') { rewrite ^/$ /view/iphone/ redirect; } try_files $uri @jenkins; } }