Jenkins subdomain using SSL

October 4, 2018 1.2k views
Nginx Networking Let's Encrypt Ubuntu 18.04

Hi,

I'm trying to get a jenkins subdomain up and running alongside my normal site with both forcing HTTPS. I've looked around at all the available articles and I must be missing something. I think I correctly followed all of the steps in the ubuntu server setup, nginx setup and let's encrypt tutorials. I sort of followed the jenkins one but because I want it to work with a subdomain I tried to modify some stuff.

Involved domains & subdomains:

Situation currently is:

  • Everything correctly forwards to HTTPS as expected
  • My root domain is displaying the html I have placed in /var/www/example.com
  • When I navigate to jenkins.example.com or www.jenkins.example.com I see the nginx startup page.

Here is my /etc/nginx/sites-available/example.com file:

server {
    root /var/www/example.com/html;
    index index.html index.htm index.nginx-debian.html;

    server_name example.com www.example.com;

    location / {
        try_files $uri $uri/ =404;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    access_log /var/log/nginx/example.access.log;
    error_log /var/log/nginx/example.error.log;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;

    server_name example.com www.example.com;
    return 404; # managed by Certbot
}

Here is my /etc/nginx/sites-available/jenkins.example.com file:

server {
    server_name jenkins.example.com;
    return 301 https://$host$request_uri;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location / {
        include /etc/nginx/proxy_params;
        proxy_set_header    Host $host;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto $scheme;

        proxy_pass http://127.0.0.1:8080;
        proxy_read_timeout 90;

        proxy_redirect http://127.0.0.1:8080 https://jenkins.example.com;
    }
}

I think I correctly symlinked them, when I do an ls in the /etc/nginx/sites-enabled directory I see both example.com and jenkins.example.com. The only thing I did to the jenkins installation was modify the startup args as directed in the jenkins nginx tutorial:

JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1"

Let me know if there is any other information I can provide. I appreciate the help, sorry if the answer is out there and I didn't look hard enough.

3 comments
  • Just to be clear, I am not actually using example.com. :)

  • and I have A records from all of my domains but that is it, no CNAME or anything since I don't know what it is and none of the guides told me to make those records.

  • Part of my issue was that I still had the nginx default server in /etc/nginx/sites-enabled/, so I deleted that. Now my subdomain displays the web page from my core domain, so I think I'm getting closer.

1 Answer
lukedowell October 4, 2018
Accepted Answer

My problem was that my server block didn't have *.jenkins.example.com in addition to jenkins.example.com, and my browser or DNS or something always routed to www.jenkins.example.com. I hope this question helps someone in the future. :)

Have another answer? Share your knowledge.