Jenkins networking configuration parameters are to be used when installing or when running jenkins?
After installing Jenkins (the old fashioned way, not a docker container) I've realised that the current Jenkins network configuration (all its defaults) does not allow me to proxy https requests from an nginx.
So I've come across the jenkins networking configuration, but from the way it's been written I don't get if I must stop jenkins, and re-run it with these flags; or if I need to uninstall it and somehow reinstall it using these.
How should I configure Jenkins?
Those networking options are command line options/parameters to Jenkins when you launch Jenkins, so stop, and relaunch w/PARAMS, however you have configured.
The basic sequence is:
java -jar jenkins.war [--option=value] [--option=value],
or, more completely:
$JAVA_HOME/bin/java $JENKINS_JAVA_OPTIONS -DJENKINS_HOME=$JENKINS_HOME -jar $JENKINS_WAR $PARAMS
Do not confuse JAVA_OPTS and JENKINS_OPTS (PARAMS).
You can get all the options by running: java -jar jenkins.war --help for your current war. The options as of 2.303.2 (latest LTS at this time) are below.
You can see examples of the launch command in the source for the Docker image, rpm package, suse init, debian init and so on.
C:\apps\j2>java -jar jenkins-2.303.2.war --help
Running from: C:\apps\j2\jenkins-2.303.2.war
webroot: $user.home/.jenkins
Jenkins Automation Server Engine 2.303.2
Options:
Usage: java -jar jenkins.war [--option=value] [--option=value]
--webroot = folder where the WAR file is expanded into. Default is ${JENKINS_HOME}/war
--pluginroot = folder where the plugin archives are expanded into. Default is ${JENKINS_HOME}/plugins
(NOTE: this option does not change the directory where the plugin archives are stored)
--extractedFilesFolder = folder where extracted files are to be located. Default is the temp folder
--daemon = fork into background and run as daemon (Unix only)
--logfile = redirect log messages to this file
--enable-future-java = allows running with new Java versions which are not fully supported (class version 52 and above)
--javaHome = Override the JAVA_HOME variable
--toolsJar = The location of tools.jar. Default is JAVA_HOME/lib/tools.jar
--config = load configuration properties from here. Default is ./winstone.properties
--prefix = add this prefix to all URLs (eg http://localhost:8080/prefix/resource). Default is none
--commonLibFolder = folder for additional jar files. Default is ./lib
--extraLibFolder = folder for additional jar files to add to Jetty classloader
--logThrowingLineNo = show the line no that logged the message (slow). Default is false
--logThrowingThread = show the thread that logged the message. Default is false
--debug = set the level of debug msgs (1-9). Default is 5 (INFO level)
--httpPort = set the http listening port. -1 to disable, Default is 8080
--httpListenAddress = set the http listening address. Default is all interfaces
--httpKeepAliveTimeout = how long idle HTTP keep-alive connections are kept around (in ms; default 5000)?
--httpsPort = set the https listening port. -1 to disable, Default is disabled
--httpsListenAddress = set the https listening address. Default is all interfaces
--httpsKeepAliveTimeout = how long idle HTTPS keep-alive connections are kept around (in ms; default 5000)?
--httpsKeyStore = the location of the SSL KeyStore file. Default is ./winstone.ks
--httpsKeyStorePassword = the password for the SSL KeyStore file. Default is null
--httpsKeyManagerType = the SSL KeyManagerFactory type (eg SunX509, IbmX509). Default is SunX509
--httpsPrivateKey = this switch with --httpsCertificate can be used to run HTTPS with OpenSSL secret key
/ --httpsCertificate file and the corresponding certificate file
--httpsRedirectHttp = redirect http requests to https (requires both --httpPort and --httpsPort)
--http2Port = set the http2 listening port. -1 to disable, Default is disabled
--http2ListenAddress = set the http2 listening address. Default is all interfaces
--excludeCipherSuites = set the ciphers to exclude (comma separated, use blank quote " " to exclude none) (default is
// Exclude weak / insecure ciphers
"^.*_(MD5|SHA|SHA1)$",
// Exclude ciphers that don't support forward secrecy
"^TLS_RSA_.*$",
// The following exclusions are present to cleanup known bad cipher
// suites that may be accidentally included via include patterns.
// The default enabled cipher list in Java will not include these
// (but they are available in the supported list).
"^SSL_.*$",
"^.*_NULL_.*$",
"^.*_anon_.*$"
--controlPort = set the shutdown/control port. -1 to disable, Default disabled
--useJasper = enable jasper JSP handling (true/false). Default is false
--sessionTimeout = set the http session timeout value in minutes. Default to what webapp specifies, and then to 60 minutes
--sessionEviction = set the session eviction timeout for idle sessions in seconds. Default value is 180. -1 never evict, 0 evict on exit
--mimeTypes=ARG = define additional MIME type mappings. ARG would be EXT=MIMETYPE:EXT=MIMETYPE:...
(e.g., xls=application/vnd.ms-excel:wmf=application/x-msmetafile)
--requestHeaderSize=N = set the maximum size in bytes of the request header. Default is 8192.
--maxParamCount=N = set the max number of parameters allowed in a form submission to protect
against hash DoS attack (oCERT #2011-003). Default is 10000.
--useJmx = Enable Jetty Jmx
--qtpMaxThreadsCount = max threads number when using Jetty Queued Thread Pool
--jettyAcceptorsCount = Jetty Acceptors number
--jettySelectorsCount = Jetty Selectors number
--usage / --help = show this message
Security options:
--realmClassName = Set the realm class to use for user authentication. Defaults to ArgumentsRealm class
--argumentsRealm.passwd.<user> = Password for user <user>. Only valid for the ArgumentsRealm realm class
--argumentsRealm.roles.<user> = Roles for user <user> (comma separated). Only valid for the ArgumentsRealm realm class
--fileRealm.configFile = File containing users/passwds/roles. Only valid for the FileRealm realm class
Access logging:
--accessLoggerClassName = Set the access logger class to use for user authentication. Defaults to disabled
--simpleAccessLogger.format = The log format to use. Supports combined/common/resin/custom (SimpleAccessLogger only)
--simpleAccessLogger.file = The location pattern for the log file(SimpleAccessLogger only)
NOTE:
There are also additional "Jenkins Features Controlled with System Properties". These are counter-intuitively (ie: JENKINS_JAVA_OPTIONS):
System properties are defined by passing
-Dproperty=valueto the java command line to start Jenkins. Make sure to pass all of these arguments before the -jar argument, otherwise they will be ignored.
Additional Networking Notes:
- Reverse proxy configuration
- Cloudbees Proxy Configuration notes
- Jenkins Reverse Proxy Authentication and Authorization Plugin
- Managing plugins - Advanced installation