Tuesday, January 23, 2018

Use tls for Jenkins and gerrit

* Jenkins


If you installed jenkins by using apt install, there should be a file /etc/default/jenkins which is a configuration file, you can simply change the last line to be this to enable tls.
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=-1 --httpsPort=8080"
Notice that httpPort is set to -1 to disable http access. and httpsPort set to 8080 so that the access to port 8080 will need to be using https.

* Gerrit


Assume gerrit's root install directory is /home/ubuntu/review, if your location is a bit different, then you will need to replace that with the correct directory

1. Create a keystore by using the following command:

cd /home/ubuntu/review
mkdir keys; cd keys
keytool -keystore store -alias jetty -genkey -keyalg RSA
chmod 600 keystore
2. Change /home/ubuntu/review/etc/gerrit.config file, to make the following changes:
[gerrit]
    canonicalWebUrl = https://192.168.56.30:9090/
[httpd]
    listenUrl = https://192.168.56.30:9090/
    sslKeyStore = /home/ubuntu/review/keys/store
3. Change /home/ubuntu/review/etc/secure.config file, to add keystore password
[httpd]
    sslKeyPassword = <YOUR_KEYSTORE_PW>

* Deal with self signed certificates when use git.

git config --global http.sslverify false
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)