I'm trying to set up Jenkins so that I can set up a pipeline on an existing website, but Jenkins does not show up on port 8080.
My project website has been up and running for several months. I'm using Nginx, Gunicorn, Ubuntu 20.04, and Django on an AWS EC2 instance. I'm now trying to set up a pipeline that includes a test/beta environment. This requires Jenkins as per the AWS tutorials. I followed the example from Digital Ocean and this example from Digital Ocean.
When I try the URL https://theafricankinshipreunion.com:8080/, it says the site cannot be reached. When I try the URL https://theafricankinshipreunion.com (without the port), it takes me to the Unlock Jenkins page. After I enter the password from sudo cat /var/lib/jenkins/secrets/initialAdminPassword, the web browser just goes to a blank page. Looking at the page source, this page is the Setup Wizard[Jenkins] page, but the display is blank.
The results from sudo systemctl status jenkins is active.
The results from sudo ufw status for port 8080 is ALLOW. On AWS, the EC2 inbound rules inclues port 8080 TCP 0.0.0.0/0 and ::/0. So it appears that port 8080 is good. Checking for port use, netstat -nlp | grep 8080 resulted in tcp6 0 0 127.0.0.1:8080 :::* LISTEN -. I killed the process and restarted nginx, gunicorn, and jenkins. Same results: the domain with port 8080 cannot connect but the doman goes to the Unlock Jenkins page.
I did look up other help pages, such as the reverse proxy page from Jenkins, but I'm not sure how to integrate that into my current setup. Your assistance is greatly appreciated.
My /etc/nginx/sites-available/myproject file is as follows:
server {
listen 80;
server_name 3.131.27.142;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/ubuntu/myprojectdir;
}
location /media/ {
root /home/ubuntu/myprojectdir;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
}
}
server {
server_name theafricankinshipreunion.com www.theafricankinshipreunion.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/ubuntu/myprojectdir;
}
location /media/ {
root /home/ubuntu/myprojectdir;
}
location / {
include /etc/nginx/proxy_params;
# proxy_pass http://unix:/run/gunicorn.sock;
proxy_pass http://localhost:8080;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
proxy_redirect http://localhost:8080 https://theafricankinshipreunion.com;
}
# SSL Configuration
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/theafricankinshipreunion.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/theafricankinshipreunion.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
access_log /var/log/nginx/jenkins.access.log;
error_log /var/log/nginx/jenkins.error.log;
}
# skipped lines show similar blocks for other domains
server {
if ($host = www.theafricankinshipreunion.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = theafricankinshipreunion.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name theafricankinshipreunion.com www.theafricankinshipreunion.com;
return 404; # managed by Certbot
}
And my /etc/default/jenkins file is as follows (with the last line added because of the instructions from DigitalOcean:
# defaults for Jenkins automation server
# pulled in from the init script; makes things easier.
NAME=jenkins
# arguments to pass to java
# Allow graphs etc. to work even when an X server is present
JAVA_ARGS="-Djava.awt.headless=true"
#JAVA_ARGS="-Xmx256m"
# make jenkins listen on IPv4 address
#JAVA_ARGS="-Djava.net.preferIPv4Stack=true"
PIDFILE=/var/run/$NAME/$NAME.pid
# user and group to be invoked as (default to jenkins)
JENKINS_USER=$NAME
JENKINS_GROUP=$NAME
# location of the jenkins war file
JENKINS_WAR=/usr/share/$NAME/$NAME.war
# jenkins home location
JENKINS_HOME=/var/lib/$NAME
# set this to false if you don't want Jenkins to run by itself
# in this set up, you are expected to provide a servlet container
# to host jenkins.
RUN_STANDALONE=true
# log location. this may be a syslog facility.priority
JENKINS_LOG=/var/log/$NAME/$NAME.log
#JENKINS_LOG=daemon.info
# Whether to enable web access logging or not.
# Set to "yes" to enable logging to /var/log/$NAME/access_log
JENKINS_ENABLE_ACCESS_LOG="no"
# OS LIMITS SETUP
# comment this out to observe /etc/security/limits.conf
# this is on by default because http://github.com/jenkinsci/jenkins/commit/2fb288474e980d0e7ff9c4a3b768874835a3e92e
# reported that Ubuntu's PAM configuration doesn't include pam_limits.so, and as a result the # of file
# descriptors are forced to 1024 regardless of /etc/security/limits.conf
MAXOPENFILES=8192
# set the umask to control permission bits of files that Jenkins creates.
# 027 makes files read-only for group and inaccessible for others, which some security sensitive users
# might consider benefitial, especially if Jenkins runs in a box that's used for multiple purposes.
# Beware that 027 permission would interfere with sudo scripts that run on the master (JENKINS-25065.)
#
# Note also that the particularly sensitive part of $JENKINS_HOME (such as credentials) are always
# written without 'others' access. So the umask values only affect job configuration, build records,
# that sort of things.
#
# If commented out, the value from the OS is inherited, which is normally 022 (as of Ubuntu 12.04,
# by default umask comes from pam_umask(8) and /etc/login.defs
# UMASK=027
# port for HTTP connector (default 8080; disable with -1)
HTTP_PORT=8080
# servlet context, important if you want to use apache proxying
PREFIX=/$NAME
# arguments to pass to jenkins.
# --javahome=$JAVA_HOME
# --httpListenAddress=$HTTP_HOST (default 0.0.0.0)
# --httpPort=$HTTP_PORT (default 8080; disable with -1)
# --httpsPort=$HTTP_PORT
# --argumentsRealm.passwd.$ADMIN_USER=[password]
# --argumentsRealm.roles.$ADMIN_USER=admin
# --webroot=~/.jenkins/war
# --prefix=$PREFIX
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1"
Use the following command to change the port while running jenkins
java -jar jenkins.war --httpPort=9090
If you want to use https use the following command:
java -jar jenkins.war --httpsPort=9090
Related
I have a web backend implemented in Django and running on Gunicorn. Plus, I also have a Vue.js app that uses this backend. I want to run both of them on nginx and also do HTTPS configs.
This is how my "/etc/nginx/nginx.conf" file looks like:
...
server {
server_name .website.com;
listen 80;
return 307 https://$host$request_uri;
}
server {
location / {
proxy_set_header Host $host;
proxy_pass http://localhost:8080; # where the Django app over gunicorn is running
}
location /static {
root /code/frontend/dist/; # static frontend code created with vite on vue.js
autoindex on;
index index.html;
try_files $uri $uri/ /index.html;
}
# ssl configs
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/website.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/website.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Both of them, Django and Vue.js part, are hosted in a single Docker container. 80 and 8080 ports of this container is mapped to 80 and 8080 ports of the host PC.
443, 8080 and 80 ports are open on the machine for inbound connections. Sending a post request to http://website.com:8080/bla do returns correct values, meaning that backend seems to be working but on http only and not on https.
Still when I go to the "website.com", I receive "This site can't be reached" error. Where am I doing wrong exactly and how can I run both on nginx and both over ssl/https?
I am new to Django,I was following a tutorial on how to deploy a site using ngnix ubuntu and gunicorn,I bought a domain at namecheap and the site is hosted by LinodeBut whenever.Every step was succesful,no errors when I checked for gunicorn status,he server also restarts succesfully ,but I when I visit the domain I get a 403forbiden error.
I have checked out for similar problems but none of them are of help
settings.py
ALLOWED_HOSTS = ['www.devbrian.com',]
sudo nano /etc/nginx/sites-available/blog
server {
listen 80;
server_name wwww.devbrian.com;
location = /favicon.ico {access_log off;log_not_found off;}
client_max_body_size 100M;
location /static/ {
root /home/brian/blog;
}
location /media/ {
root /home/brian/blog;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/brian/blog.sock;
}
}
sudo nano /etc/nginx/sites-available/default
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
}
question regarding letsencrypt.org certbot.
Whenever I run the certbot --nginx command, it never finishes the process.
Full output (running as root):
$ certbot --nginx --agree-tos --redirect --uir --hsts --staple-ocsp --must-staple -d <DOMAINS> --email <EMAIL>
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for <DOMAIN>
http-01 challenge for <DOMAIN>
nginx: [emerg] duplicate listen options for [::]:80 in /etc/nginx/sites-enabled/django:50
Cleaning up challenges
nginx restart failed:
b''
b''
Running certbot certificates:
$ certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
No certs found.
-------------------------------------------------------------------------------
The only thing where I messed up was not properly configuring my DNS before running certbot the first time (messed up my A record, et al; I'm new at this :P), however I don't know what to do moving forward; this is my first web-server so I'm still in a bit of a learning curve. I'm not sure if this is a configuration error, or something else.
For info, I'm running a DigitalOcean Django/Ubuntu 16.04 droplet (only edited /etc/nginx/sites-available/default, to change server_name). Will update below for any additional info needed; thanks in advance. ^_^
=========================================================================
edit 1.
/etc/nginx/sites-enabled/django
upstream app_server {
server unix:/home/django/gunicorn.socket fail_timeout=0;
}
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm;
client_max_body_size 4G;
server_name _;
keepalive_timeout 5;
# Your Django project's media files - amend as required
location /media {
alias /home/django/django_project/django_project/media;
}
# your Django project's static files - amend as required
location /static {
alias /home/django/django_project/django_project/static;
}
# Proxy the static assests for the Django Admin panel
location /static/admin {
alias /usr/lib/python2.7/dist-packages/django/contrib/admin/static/admin/;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://app_server;
}
}
I think the issue is that you're trying to specify two default_server directives on the same port. This is invalid - there can be only one default server. Changing your configuration as follows should fix your issue:
listen 80;
listen [::]:80 default_server;
You can also remove the ipv6only directive as this is the default anyway.
I am a newbie following the gunicorn-django tutorial by Michal Karzynski. I am using Django 1.7.4 on Ubuntu 14 and my setup for the gunicorn script is as follows
#!/bin/bash
NAME="mytestapp" # Name of the application
DJANGODIR=/var/www/testapp/src # Django project directory
SOCKFILE=/var/www/testapp/run/gunicorn.sock # we will communicte using this unix socket
USER=ubuntu # the user to run as
GROUP=ubuntu # the group to run as
NUM_WORKERS=3 # how many worker processes should Gunicorn spawn
DJANGO_SETTINGS_MODULE=testapp.settings # which settings file should Django use
DJANGO_WSGI_MODULE=testapp.wsgi # WSGI module name
echo "Starting $NAME as `whoami`"
# Activate the virtual environment
cd $DJANGODIR
export DJANGO_SETTINGS_MODULE=$DJANGO_SETTINGS_MODULE
export PYTHONPATH=$DJANGODIR:$PYTHONPATH
# Create the run directory if it doesn't exist
RUNDIR=$(dirname $SOCKFILE)
test -d $RUNDIR || mkdir -p $RUNDIR
# Start your Django Unicorn
# Programs meant to be run under supervisor should not daemonize themselves (do not use --daemon)
exec gunicorn ${DJANGO_WSGI_MODULE}:application \
--name $NAME \
--workers $NUM_WORKERS \
--user=$USER --group=$GROUP \
--bind=0.0.0.0:8000 \
--log-level=debug \
--log-file=-
When I change the bind setting to unix:$SOCKFILE, my script still runs but I am unable to connect with my browser. In this question I have read that it's not wise to deploy 0.0.0.0:8000 on a production server.
I know a bit about unix sockets, but I don't know understand how I can use the unix socket file to serve my site. I have tried to edit the socket file as the superuser, but the OS doesn't let me open it.
How can I setup the socket file to allow me to serve my pages?
PS: Here is my nginx configuration file
upstream hello_app_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response (in case the Unicorn master nukes a
# single worker for timing out).
server 127.0.0.1:8000 fail_timeout=0;
}
server {
listen 80;
server_name test.com;
client_max_body_size 4G;
access_log /var/www/testapp/src/logs/nginx-access.log;
error_log /var/www/testapp/src/logs/nginx-error.log;
location /static/ {
alias /var/www/testapp/src/static/static_dirs/;
}
location /media/ {
alias /var/www/testapp/src/static/media/;
}
location / {
# an HTTP header important enough to have its own Wikipedia entry:
# http://en.wikipedia.org/wiki/X-Forwarded-For
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# enable this if and only if you use HTTPS, this helps Rack
# set the proper protocol for doing redirects:
# proxy_set_header X-Forwarded-Proto https;
# pass the Host: header from the client right along so redirects
# can be set properly within the Rack application
proxy_set_header Host $http_host;
# we don't want nginx trying to do something clever with
# redirects, we set the Host: header above already.
proxy_redirect off;
# set "proxy_buffering off" *only* for Rainbows! when doing
# Comet/long-poll stuff. It's also safe to set if you're
# using only serving fast clients with Unicorn + nginx.
# Otherwise you _want_ nginx to buffer responses to slow
# clients, really.
# proxy_buffering off;
# Try to serve static files from nginx, no point in making an
# *application* server like Unicorn/Rainbows! serve static files.
if (!-f $request_filename) {
proxy_pass http://hello_app_server;
break;
}
}
# Error pages
error_page 500 502 503 504 /500.html;
location = /500.html {
root /var/www/testapp/src/static/;
}
}
You're supposed to use a reverse proxy like nginx to sit in front of gunicorn, and that's what actually serves your site. They communicate via the socket.
The gunicorn docs have a sample nginx configuration which does exactly that, although obviously you should make the sockfile match what you've put in your gunicorn config.
Sockets are a much faster, more efficient alternative to network ports if you are working locally on a server. However if your nginx server and your django app are on different servers then your would need to open up specific ip connections.
For your example if you want to use sockets you just need to point the upstream server address to your socket file.
Change the nginx configuration as
upstream hello_app_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response (in case the Unicorn master nukes a
# single worker for timing out).
server unix:/var/www/testapp/run/gunicorn.sock fail_timeout=0;
}
server {
.
.
.
# Rest of your file...
I am trying to use nginx as a simple load balancer for django per Jacob Kaplan-Moss' example:
http://github.com/jacobian/django-deployment-workshop
http://python.mirocommunity.org/video/1689/pycon-2010-django-deployment-w
If I stop nginx and have apache listen on port 80 everything works fine. If I have apache listening to nginx my urls break.
When nginx is running, http://184.106../admin/ works, but http://184.106../admin (missing ending slash) breaks. It redirects to the name of the web server http://web1/admin/
I know it is nginx causing the issue because the redirect works fine in apache and django dev server.
Here is the nginx.conf that is running:
# Nginx conf (/etc/nginx/nginx.conf).
#
# Basic setup
#
user www-data;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
#
# Event/worker setup.
#
worker_processes 4;
events {
worker_connections 100;
}
#
# HTTP configuration
#
http {
include /etc/nginx/mime.types;
# HTTP upstream for load balancers.
# Replace the IPs below with IPs (or names) of your upstream Apaches
upstream sitename {
server 10.X.X.X:8000;
server 10.X.X.X:8000;
}
# The actual HTTP sever.
server {
listen 80;
# Don't proxy static files like robots.txt and favicon.ico.
location ~ ^/(favicon.ico|robots.txt|sitemap.xml)$ {
alias /home/web/static/$1;
}
# Serve media directly out of Nginx for performance
location /media {
alias /home/media;
}
# Proxy everything else to the backend
location / {
proxy_pass http://sitename;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header X-Handled-By $upstream_addr;
}
}
}
I had the exact same problem you had, following Jacob's nginx example, and not having a slash would cause improper redirects. pjmorse's response helped me, I set the server_name in the server block ( server { server_name: vasir.net; .... ) and it fixed the problem. However, I had to restart the server first and