I’m trying to setup a Jenkins instance inside a docker container to use Jenkins built in https, I have a wildcard keystore that I’m attempting to use (we’ve used it before on a Jira instance) that’s in jks format. Yet always after the server starts and I try to access it the browser tells me that the certificate isn’t valid and won’t serve https. It also claims that the cert is self signed (it isn’t)
Your configuration looks good to me.
The main difference I see with what I’ve already seen elsewhere is that most of the time, the whole keystore and port configuration is done via docker-compose and not Dockerfile, using the supplied Jenkins LTS docker image, and the http port is disabled.
The image I’m using is a fork of the official (can’t pull from Docker hub for various reasons) but I did make the changes you recommended but get the same issue, curl returns this
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
There are two entries the keystore, a cert issued by a CA and an SSL keypair
docker-compose up -d
WARN[0000] The "SSL_PASS" variable is not set. Defaulting to a blank string.
validating /Users/syedahmed/TXG_ASK_AN_EXPERT/SETUP_LOCAL_DEV_ENV_JENKINS-NEXUS-GITLAB-DOCKER/JENKINS-DOCKER-COMPOSE-COMMUNITY/docker-compose.yml: (root) Additional property jenkins is not allowed
Using this docker-compose.yml I get the error:
docker-compose ps
validating /Users/syedahmed/TXG_ASK_AN_EXPERT/SETUP_LOCAL_DEV_ENV_JENKINS-NEXUS-GITLAB-DOCKER/JENKINS-DOCKER-COMPOSE-COMMUNITY/docker-compose.yml: (root) Additional property jenkins is not allowed
To be honest, I never tried to let Jenkins handle the SSL part by itself.
The last successful attempt I saw was using certbot and nginx.
The configuration shown earlier in this thread should start Jenkins on port 8443 with SSL.
Here’s a breakdown of what each part does, at least to my understanding:
“8443:8443”: This maps port 8443 in the container to port 8443 on the host machine. This is the port that Jenkins will be accessible on.
JENKINS_OPTS: --httpPort=-1 --httpsPort=8443 --httpsKeyStore=/etc/jenkins/keystore --httpsKeyStorePassword=${SSL_PASS}: This sets the options for the Jenkins server.
The --httpPort=-1 option disables the non-secure HTTP port.
The --httpsPort=8443 option sets the secure HTTPS port to 8443.
The --httpsKeyStore=/etc/jenkins/keystore option specifies the path to the keystore file that contains the SSL certificate.
The --httpsKeyStorePassword=${SSL_PASS} option sets the password for the keystore.
SSL_PASS: changeit: This sets the password for the keystore to “changeit”. This password is used in the JENKINS_OPTS environment variable.
certs:/certs/client: This mounts the certs volume at /certs/client in the container. This is where Jenkins will look for the SSL certificate.
You will have to make sure that the SSL certificate is properly set up and the keystore is correctly configured at the specified path (/etc/jenkins/keystore).
Also, make sure to replace changeit with your actual keystore password.
Remember, exposing Jenkins to the internet without proper security measures can pose a security risk.
Always ensure that your Jenkins instance is secured, especially when enabling HTTPS.