Setup secured Jenkins master with docker

Question

I would like to set up a secured Jenkins master server on ec2 with docker. I'm using standard Jenkins docker file from here: https://registry.hub.docker.com/_/jenkins/

By default, it opens an unsecured 8080 http port. However, I want it to use a standard 443 port with https (at first I want to use a self-signed ssl certificate).

I researched this topic a little bit and found several possible solutions. I'm not really experienced with docker so I still couldn't find a simple one I can use or implement. Here are some options I found:

• Use standard Jenkins docker on 8080 but configure a secured apache or nginx server on my ec2 instance that will redirect the traffic. I don't like this because the server will be outside the docker so I can not keep it in the version control
• Somehow modify the Jenkins docker file to start Jenkins with an https configured according to https://wiki.jenkins-ci.org/display/JENKINS/Starting+and+Accessing+Jenkins. I'm not sure how to do that though. Do I need to create my own docker container?
• use docker file with secured nginx like this one https://registry.hub.docker.com/u/marvambass/nginx-ssl-secure/ and somehow combine two docker containers or make them communicate? Not sure how to that either.

Please recommend me the best solution?

Answer 1

Let's say you have your Keystore as jenkins_keystore.jks in the home folder of EC2 Ubuntu instance. Do this to generate one:

keytool -genkey -keyalg RSA -alias selfsigned -keystore jenkins_keystore.jks -storepass mypassword -keysize 2048

Now you'll easily set up Jenkins to run on https only while not making your own docker image:

Now, you can easily set up Jenkins to run on HTTPs while you are not making your own docket image:

docker run -v /home/ubuntu:/var/jenkins_home -p 443:8443 jenkins --httpPort=-1 --httpsPort=8443 --httpsKeyStore=/var/jenkins_home/jenkins_keystore.jks --httpsKeyStorePassword=mypassword

• -v /home/ubuntu:/var/jenkins_home Jenkins docker container gets the exposed host home folder.
• -p 443:8443 this will map Jenkins port 8443 in the container to the 443 port of the host
• --httpPort=-1 --httpsPort=8443 blocks jenkins http and exposes it with https on port 8443 inside the container
• --httpsKeyStore=/var/jenkins_home/jenkins_keystore.jks --httpsKeyStorePassword=mypassword provides your Keystore that has been mapped from the host home folder to the container /var/jenkins_home/ folder.