Как можно защитить порт Jenkins 8080 с помощью SSL под apache2 в Ubuntu 18.04 Server?

Question

Мне удалось успешно установить и настроить сервер Apache2 для обслуживания по HTTPS.У меня возникли проблемы с тем, чтобы Jenkins использовал те же сертификаты SSL и работал на защищенном порту 443. Это мои конфигурации, и, пожалуйста, любая помощь будет принята с благодарностью.Спасибо.

У меня есть сервер, в настоящее время обслуживающий статический сайт WordPress, который успешно запускается через порт https 80 или 443. У меня также есть Jenkins, успешно обслуживающий на маршруте сервера, но с портом 8080.

Можно ли как-нибудь заставить Дженкинса работать прямо под сервером Apache2, например, jenkins.server.com/jenkins вместо jenkins.server.com:8080?

    <VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerName jenkins.server.com
        ServerAlias www.jenkins.server.com
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        <Directory /var/www/html>
            Options +FollowSymlinks
            AllowOverride All
            Require all granted
        </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =jenkins.server.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>

        SSLEngine on
        SSLProxyEngine on

        # SSL certificate and keys. Edit paths to whereever your SSL files are located
        SSLCertificateFile /etc/letsencrypt/live/jenkins.server.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/jenkins.server.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf

        ProxyRequests Off
        ProxyPreserveHost On
        RewriteEngine On
        RequestHeader set X-Forwarded-Proto "https"
        AllowEncodedSlashes NoDecode

        ProxyPass / http://jenkins.server.com:8080 nocanon
        ProxyPreserveHost On
        RewriteEngine On
        RequestHeader set X-Forwarded-Proto "https"
        AllowEncodedSlashes NoDecode

        ProxyPass / http://jenkins.server.com:8080 nocanon
        ProxyPassReverse / http://jenkins.server.com:8080

        <Proxy http://jenkins.server.com:8080/*>
                Order deny,allow
                Allow from all
        </Proxy>

</VirtualHost>

Answer 1

Мне удалось решить эту проблему, изменив сгенерированный файл Apache2 с именем 000-default-le-ssl.conf в /etc/apache2/sites-available/000-default-le-ssl.conf Этот файл был сгенерирован автоматически, и я изменил настройки прокси.

Мне также пришлось поддерживать "localhost" вместо jenkins.server.com, хотя localhost не будет запускать Jenkins в браузере.

Это мой обновленный и рабочий файл ...

<IfModule mod_ssl.c>
<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerName jenkins.server.com
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

        ProxyPass         /jenkins  http://localhost:8080/jenkins nocanon
        ProxyPassReverse  /jenkins  http://localhost:8080/jenkins
        ProxyRequests     Off
        AllowEncodedSlashes NoDecode
        RequestHeader set X-Forwarded-Proto "https"
        RequestHeader set X-Forwarded-Port "443"

        # Local reverse proxy authorization override
        # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu)
        <Proxy http://localhost:8080/jenkins*>
          Order deny,allow
          Allow from all
        </Proxy>

SSLCertificateFile /etc/letsencrypt/live/jenkins.server.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/jenkins.server.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>