SSL On Linux Redhat 8.3

I followed the step by step guide on installing SSL using port 8443 on to the Linux Jenkins server as shown below:
Let’s create a folder and move the jenkins.jks key to that location.
mkdir -p /etc/jenkins
cp jenkins.jks /etc/jenkins/
Change the permissions of the keys and folder.
chown -R jenkins: /etc/jenkins
chmod 700 /etc/jenkins
chmod 600 /etc/jenkins/jenkins.jks
Step 5: Modify Jenkins Configuration for SSL
All the key Jenkins startup configurations are present in /etc/sysconfig/jenkins file. All the SSL-based configurations go into this file.
Open the file
sudo vi /etc/sysconfig/jenkins
Find and replace the values in the file as shown below.
Note: Replace your-keystore-password with the Keystore password, you set in step 3. Also you can use either 443 or 8443 for ports.
JENKINS_PORT=“-1”
JENKINS_HTTPS_PORT=“8443”
JENKINS_HTTPS_KEYSTORE=“/etc/jenkins/jenkins.jks”
JENKINS_HTTPS_KEYSTORE_PASSWORD=“”
JENKINS_HTTPS_LISTEN_ADDRESS=“0.0.0.0”
Save the configuration and restart Jenkins.
sudo systemctl restart jenkins
Check Jenkins status.
sudo systemctl status jenkins
Step 6: Validate SSL
Now you should be able to access Jenkins over HTTPS with port 8443
https://<jenkins-dns/ip>:8443

When I try to validate it get an error that the site can’t be reached and it says site took too long to respond ERR_CONNECTION_TIMED_OUT.
Not sure why this is happening…does the jenkins.jks file need to go into the Jenkins home directory /var/lib/jenkins? or am I missing a step somewhere in this configuration and getting it to point to 8443 instead of 8080 by default?

are you sure there’s no firewall or loadbalancer dropping that port? Connection refused is usually when something isn’t listening, timed out means the connection is still open but never returned.

No firewall or anything blocking that we can see…however when we look on the system I don’t see port 8443 listening…Could it be that if we leave port 8080 on 0.0.0.0 and port 8443 on the same ip address it will not work? Do I need to switch to like 127.0.0.1?

Guessing that port 8443 not listening is the issue, so where am I missing getting that port to listen? If it is listening I assume it will work?

Hi there,

Jenkins 2.332.1 switched Jenkins from using System V init to use systemd with its Linux package installers for Debian, Ubuntu, Red Hat, Alma, openSUSE, Rocky, and more. The LTS Upgrade Guide describes that transition and how to adapt your environment to the transition.

There is a blog post about it as well at

There is also a video introduction for RPM based distributions like Red Hat Enterprise Linux, Alma Linux, Rocky Linux, Oracle Linux, and Amazon Linux.

There is also a video introduction for deb based distributions like Debian and Ubuntu

Yes we are using 2.387.1 version

image1418×211 10.1 KB

Is it telling me the override.conf is disabled? and is the --httpPort=8080 overriding the https setting in the override.conf file?

I have tried using the override.conf file and even directly editing the jenkins.service file in /usr/lib/systemd/system/jenkins.service. Regardless, adding the various envvar statements makes no difference to the running jenkins instance upon restart. It continues to ONLY listen on port 8080 nothing on port 8443?

The disabled state indicates whether the service is set to start automatically upon reboot. As it says disabled, it will not start up auttomatically. So that is answered, still don’t know why 8443 is overridden and only port 8080 works?

if you look at your process tree (ps xf -A is my goto), what do all the command line arguments look like? does it list 8443? Trying to figure out if its not reading the variables, or something else.

I’ve never added https directly to jenkins before. I always use a reverse proxy like nginx to do ssl termination.

I don’t see anything related to port 8443 on the output of the ps xf -A command. Only 8080:

image1508×25 2.53 KB

That seems to be a problem

can you share the output of your systemctl edit jenkins?

I don’t use any of this functionality myself (I use docker), so we’d need to figure out which variables jenkins actually listens to, but i’m thinking checking if systemd file is correct is a good first step.

[Service]
JENKINS_HOME=“/var/lib/jenkins”
JENKINS_JAVA_CMD=“”
JENKINS_USER=“jenkins”
JENKINS_JAVA_OPTIONS=“-Djava.awt.headless=true”
JENKINS_PORT=“-1”
JENKINS_LISTEN_ADDRESS=“0.0.0.0”
JENKINS_HTTPS_PORT=“8443”
JENKINS_HTTPS_KEYSTORE=“/etc/jenkins/jenkins.jks”
JENKINS_HTTPS_KEYSTORE_PASSWORD=“Password!”
JENKINS_HTTPS_LISTEN_ADDRESS=“0.0.0.0”
JENKINS_HTTP2_PORT=“”
JENKINS_HTTP2_LISTEN_ADDRESS=“”
JENKINS_DEBUG_LEVEL=“5”
JENKINS_ENABLE_ACCESS_LOG=“no”
JENKINS_ARGS=“”

The information I sent you is from the override.conf file, so not sure how the set environment variable helps?

Before the systemd migration, the config was loaded as env variables in the script. I’m assuming it still works that way. I recommend watching the video from the original canned response. It’ll know more

was a semantics error…
had: JENKINS_HTTPS_PORT=“8443”
has to be
Environment="JENKINS_HTTPS_PORT=“8443”

Another questions so when I go to https://jenkins.com:8443 it works fine but when I click on Log In it goes back to port 8080 and http. Is that because I have to tell the system that it is https://jenkins.com:8443 in the system config or is it that I have to shut down port 8080 and use the JENKINS_HTTPS_LISTEN_ADDRESS=“JENKINS_PORT=-1” to shut that from happening…right now I still have 8080 enabled?

Sorry make that Environment=“JENKINS_PORT=-1” to disable the http port?