Setup Jenkins On AWS EC2 For Your Python (Django) Application – Part 1
This article assumes you know how to setup an EC2 instance with a running Apache web server and SSL. If you don’t know how to setup an EC2 instance with an Apache web server and a Let’s Encrypt SSL certificate please refer to this link: Migrating WordPress site from a legacy hosting provider to AWS
Step 1: Download & Install Git and Java
Login to your AWS EC2 instance and run the following:
$ sudo su
$ yum -y update
$ yum install -y git java-1.8.0-openjdk-devel
$ alternatives --config java
Set the default JDK to 1.8.
Step 2: Download & Install Jenkins
We’ll need to add the Jenkins repository to available packages:
$ wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
$ rpm --import http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
$ yum install jenkins
Step 3: Start Jenkins and configure it to start automatically on reboot
$ service jenkins start
$ chkconfig jenkins on
Open your browser and navigate to http://
Note: If you cannot access it via port 8080, you might need to login to your AWS console and enable port 8080 in you inbound rules under your security groups.
Step 4: Use Jenkins via SSL
Edit your /etc/httpd/conf.d/ssl.conf
using $ nano /etc/httpd/conf.d/ssl.conf
and make sure you add the following to the end of the file:
Listen 8443ServerName jenkins.my.domain ServerAlias www.jenkins.my.domain SSLEngine On SSLCertificateFile /etc/letsencrypt/live/fizzbuzzer.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/fizzbuzzer.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/fizzbuzzer.com/chain.pem ProxyRequests Off AllowEncodedSlashes NoDecode ProxyPass /jenkins http://localhost:8080/jenkins nocanon ProxyPassReverse /jenkins http://localhost:8080/jenkins ProxyPassReverse / https://fizzbuzzer.com/ RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "8443" Order allow,deny Allow from all ProxyPreserveHost on
The ProxyPass
directive allows remote servers to be mapped into the space of the local server. The local server does not act as a proxy in the conventional sense but appears to be a mirror of the remote server. The local server is often called a reverse proxy or gateway. The /jenkins
path is the name of a local virtual path. http://localhost:8080/jenkins
url is a partial URL for the remote server and cannot include a query string.
The ProxyPassReverse
directive adjusts the URL in HTTP response Location
, Content-Location
and URI
headers sent from a reverse proxied server. For example, suppose the local server has address http://example.com/
, then
ProxyPass "/mirror/foo/" "http://backend.example.com/"
ProxyPassReverse "/mirror/foo/" "http://backend.example.com/"
ProxyPassReverseCookieDomain "backend.example.com" "public.example.com"
ProxyPassReverseCookiePath "/" "/mirror/foo/"
will not only cause a local request for the http://example.com/mirror/foo/bar
to be internally converted into a proxy request to http://backend.example.com/bar
(the functionality which ProxyPass
provides here). It also takes care of redirects which the server backend.example.com
sends when redirecting http://backend.example.com/bar
to http://backend.example.com/quux
. Apache httpd
adjusts this to http://example.com/mirror/foo/quux
before forwarding the HTTP redirect response to the client.
Normally, mod_proxy
will canonicalise ProxyPassed URLs. But this may be incompatible with some backends, particularly those that make use of PATH_INFO. The optional nocanon
keyword suppresses this and passes the URL path “raw” to the backend. Note that this keyword may affect the security of your backend, as it removes the normal limited protection against URL-based attacks provided by the proxy.
Set the context path by adding --prefix=/jenkins
to JENKINS_ARGS
in /etc/sysconfig/jenkins
:
JENKINS_ARGS="--prefix=/jenkins"
Again a guide on how to generate the SSL certificates can be found here: Migrating WordPress site from a legacy hosting provider to AWS
Finally restart Jenkins and Apache:
$ service jenkins restart
$ service httpd restart
Open your browser and navigate to https://<Elastic-IP>:8443/jenkins
. You will see the Jenkins dashboard.
Note: If you cannot access it via port 8443, you might need to login to your AWS console and enable port 8443 in you inbound rules under your security groups. You can also disable port 8080 in your security group to prevent users from accessing Jenkins without SSL.
You can continue with Part 2 to learn how to run your Django application behind Apache.
References
Running Jenkins behind Apache
Apache Module mod_proxy