背景:运维思路来讲,前两篇文章详细介绍到jenkins部署,仅仅是对于体验于学习,但运维任重而道远,往往生产不可轻易暴露自己的IP,因此前面我们学习到的IP+端口号的方式就不合适了,基于安全考虑,我们实现IP与端口封堵与反向代理,以至于更好的在生产环境落地;一、前提:1、Jenkins已安装,详细步骤移步《基于阿里云ECS Centos8.0系统yum部署jenkins-2.277.3-1.1详情》;2、Nginx已安装,本文手把手介绍;二、基于YUM仓库部署Nginx1.201、创建nginx.repo源,cat <<EOF > /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
2、完成nginx-mainline配置yum-config-manager –enable nginx-mainline
3、安装Nginxyum install nginx -y
4、启动并查看监听端口80,如图常用命令(基于yum安装systemctl好使)systemctl start nginx.service 启动nginx服务 #
systemctl stop nginx.service 停止服务 #
systemctl restart nginx.service 重新启动服务 #
systemctl list-units –type=service 查看所有已启动的服务 #
systemctl status nginx.service 查看服务当前状态 #
systemctl enable nginx.service 设置开机自启动 #
systemctl disable nginx.service 停止开机自启动
nginx -v
需在nginx目录下运行
nginx -s [signal]
nginx -s reload 刷新配置
nginx -s fast 快速stop
nginx -s graceful 优雅stop
三、Jenkins反向代理实现1、nginx目录下/etc/nginx/conf.d/,新建jenkins.confvim /etc/nginx/conf.d/jenkins.conf
2、粘贴如下内容upstream jenkins {
keepalive 32; # keepalive connections
server IP:8089; # jenkins ip and port
}
# Required for Jenkins websocket agents
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80; # Listen on port 80 for IPv4 requests
server_name jenkins.10691.cn; # replace 'jenkins.10691.cn' with your server domain name
# this is the jenkins web root directory
# (mentioned in the /etc/default/jenkins file)
root /usr/share/nginx/jenkins/;
access_log /var/log/nginx/jenkins/access.log; ##需自行新建目录
error_log /var/log/nginx/jenkins/error.log; ##需自行新建目录
# pass through headers from Jenkins that Nginx considers invalid
ignore_invalid_headers off;
location ~ "^/static/[0-9a-fA-F]{8}\/(.*)#34; {
# rewrite all static files into requests to the root
# E.g /static/12345678/css/something.css will become /css/something.css
rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
}
location /userContent {
# have nginx handle all the static requests to userContent folder
# note : This is the $JENKINS_HOME dir
root /var/lib/jenkins/;
if (!-f $request_filename){
# this file does not exist, might be a directory or a /**view** url
rewrite (.*) /$1 last;
break;
}
sendfile on;
}
location / {
sendfile off;
proxy_pass http://jenkins;
proxy_redirect default;
proxy_http_version 1.1;
# Required for Jenkins websocket agents
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;
#this is the maximum upload size
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffering off;
proxy_request_buffering off; # Required for HTTP CLI commands
proxy_set_header Connection ""; # Clear for keepalive
}
}
3、如果在某些URL路径方面遇到问题 Blue Ocean的 ,则可能需要在代理配置中添加以下代码段if ($request_uri ~* "/blue(/.*)") {
proxy_pass http://YOUR_SERVER_IP:YOUR_JENKINS_PORT/blue$1;
break;
}
4、重启Nginx,浏览器http://jenkins.10691.cn,验证即可;