This article assumes you know how to setup an EC2 instance with a running Apache web server and SSL. If you don’t know how to setup an EC2 instance with an Apache web server and a Let’s Encrypt SSL certificate please refer to this link: Migrating WordPress site from a legacy hosting provider to AWS
Step 1: Download & Install Git and Java
Login to your AWS EC2 instance and run the following:
$ sudo su $ yum -y update $ yum install -y git java-1.8.0-openjdk-devel $ alternatives --config java
Set the default JDK to 1.8.
Step 2: Download & Install Jenkins
We’ll need to add the Jenkins repository to available packages:
$ wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo $ rpm --import http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key $ yum install jenkins
Step 3: Start Jenkins and configure it to start automatically on reboot
$ service jenkins start $ chkconfig jenkins on
Open your browser and navigate to http://
Note: If you cannot access it via port 8080, you might need to login to your AWS console and enable port 8080 in you inbound rules under your security groups.
Step 4: Use Jenkins via SSL
$ nano /etc/httpd/conf.d/ssl.conf and make sure you add the following to the end of the file:
ServerName jenkins.my.domain ServerAlias www.jenkins.my.domain SSLEngine On SSLCertificateFile /etc/letsencrypt/live/fizzbuzzer.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/fizzbuzzer.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/fizzbuzzer.com/chain.pem ProxyRequests Off AllowEncodedSlashes NoDecode ProxyPass /jenkins http://localhost:8080/jenkins nocanon ProxyPassReverse /jenkins http://localhost:8080/jenkins ProxyPassReverse / https://fizzbuzzer.com/ RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "8443" Order allow,deny Allow from allProxyPreserveHost on
ProxyPass directive allows remote servers to be mapped into the space of the local server. The local server does not act as a proxy in the conventional sense but appears to be a mirror of the remote server. The local server is often called a reverse proxy or gateway. The
/jenkins path is the name of a local virtual path.
http://localhost:8080/jenkins url is a partial URL for the remote server and cannot include a query string.
ProxyPassReverse directive adjusts the URL in HTTP response
URI headers sent from a reverse proxied server. For example, suppose the local server has address
ProxyPass "/mirror/foo/" "http://backend.example.com/" ProxyPassReverse "/mirror/foo/" "http://backend.example.com/" ProxyPassReverseCookieDomain "backend.example.com" "public.example.com" ProxyPassReverseCookiePath "/" "/mirror/foo/"
will not only cause a local request for the
http://example.com/mirror/foo/bar to be internally converted into a proxy request to
http://backend.example.com/bar (the functionality which
ProxyPass provides here). It also takes care of redirects which the server
backend.example.com sends when redirecting
http://backend.example.com/quux . Apache
httpd adjusts this to
http://example.com/mirror/foo/quux before forwarding the HTTP redirect response to the client.
mod_proxy will canonicalise ProxyPassed URLs. But this may be incompatible with some backends, particularly those that make use of PATH_INFO. The optional
nocanon keyword suppresses this and passes the URL path “raw” to the backend. Note that this keyword may affect the security of your backend, as it removes the normal limited protection against URL-based attacks provided by the proxy.
Set the context path by adding
Again a guide on how to generate the SSL certificates can be found here: Migrating WordPress site from a legacy hosting provider to AWS
Finally restart Jenkins and Apache:
$ service jenkins restart $ service httpd restart
Open your browser and navigate to
https://<Elastic-IP>:8443/jenkins. You will see the Jenkins dashboard.
Note: If you cannot access it via port 8443, you might need to login to your AWS console and enable port 8443 in you inbound rules under your security groups. You can also disable port 8080 in your security group to prevent users from accessing Jenkins without SSL.
You can continue with Part 2 to learn how to run your Django application behind Apache.