Looking for good programming challenges?

Use the search below to find our solutions for selected questions!

Setup Jenkins On AWS EC2 For Your Python (Django) Application – Part 1

Sharing is caring!

This article assumes you know how to setup an EC2 instance with a running Apache web server and SSL. If you don’t know how to setup an EC2 instance with an Apache web server and a Let’s Encrypt SSL certificate please refer to this link: Migrating WordPress site from a legacy hosting provider to AWS

Step 1: Download & Install Git and Java
Login to your AWS EC2 instance and run the following:

$ sudo su
$ yum -y update
$ yum install -y git java-1.8.0-openjdk-devel
$ alternatives --config java

Set the default JDK to 1.8.

Step 2: Download & Install Jenkins
We’ll need to add the Jenkins repository to available packages:

$ wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
$ rpm --import http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
$ yum install jenkins

Step 3: Start Jenkins and configure it to start automatically on reboot

$ service jenkins start
$ chkconfig jenkins on

Open your browser and navigate to http://:8080. You will see the Jenkins setup.

Note: If you cannot access it via port 8080, you might need to login to your AWS console and enable port 8080 in you inbound rules under your security groups.

Step 4: Use Jenkins via SSL
Edit your /etc/httpd/conf.d/ssl.conf using $ nano /etc/httpd/conf.d/ssl.conf and make sure you add the following to the end of the file:

Listen 8443


  ServerName jenkins.my.domain
  ServerAlias www.jenkins.my.domain

  SSLEngine On
  SSLCertificateFile    /etc/letsencrypt/live/fizzbuzzer.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/fizzbuzzer.com/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/fizzbuzzer.com/chain.pem

  ProxyRequests     Off
  AllowEncodedSlashes NoDecode
  ProxyPass         /jenkins  http://localhost:8080/jenkins nocanon
  ProxyPassReverse  /jenkins  http://localhost:8080/jenkins
  ProxyPassReverse  /  https://fizzbuzzer.com/
  RequestHeader set X-Forwarded-Proto "https"
  RequestHeader set X-Forwarded-Port "8443"

  
    Order allow,deny
    Allow from all
  
  ProxyPreserveHost on

The ProxyPass directive allows remote servers to be mapped into the space of the local server. The local server does not act as a proxy in the conventional sense but appears to be a mirror of the remote server. The local server is often called a reverse proxy or gateway. The /jenkins path is the name of a local virtual path. http://localhost:8080/jenkins url is a partial URL for the remote server and cannot include a query string.

The ProxyPassReverse directive adjusts the URL in HTTP response Location, Content-Location and URI headers sent from a reverse proxied server. For example, suppose the local server has address http://example.com/, then

ProxyPass         "/mirror/foo/" "http://backend.example.com/"
ProxyPassReverse  "/mirror/foo/" "http://backend.example.com/"
ProxyPassReverseCookieDomain  "backend.example.com"  "public.example.com"
ProxyPassReverseCookiePath  "/"  "/mirror/foo/"

will not only cause a local request for the http://example.com/mirror/foo/bar to be internally converted into a proxy request to http://backend.example.com/bar (the functionality which ProxyPass provides here). It also takes care of redirects which the server backend.example.com sends when redirecting http://backend.example.com/bar to http://backend.example.com/quux . Apache httpd adjusts this to http://example.com/mirror/foo/quux before forwarding the HTTP redirect response to the client.

Normally, mod_proxy will canonicalise ProxyPassed URLs. But this may be incompatible with some backends, particularly those that make use of PATH_INFO. The optional nocanon keyword suppresses this and passes the URL path “raw” to the backend. Note that this keyword may affect the security of your backend, as it removes the normal limited protection against URL-based attacks provided by the proxy.

Set the context path by adding --prefix=/jenkins to JENKINS_ARGS in /etc/sysconfig/jenkins:

JENKINS_ARGS="--prefix=/jenkins"

Again a guide on how to generate the SSL certificates can be found here: Migrating WordPress site from a legacy hosting provider to AWS

Finally restart Jenkins and Apache:

$ service jenkins restart
$ service httpd restart

Open your browser and navigate to https://<Elastic-IP>:8443/jenkins. You will see the Jenkins dashboard.

Note: If you cannot access it via port 8443, you might need to login to your AWS console and enable port 8443 in you inbound rules under your security groups. You can also disable port 8080 in your security group to prevent users from accessing Jenkins without SSL.

You can continue with Part 2 to learn how to run your Django application behind Apache.

References
Running Jenkins behind Apache
Apache Module mod_proxy