Setting up a CI/CD pipeline with Jenkins, EC2, and Docker (2/3)
Part 2: securing your Jenkins setup with auto-renewing SSL certificates from Let’s Encrypt
In the first part of this series we set up Jenkins on Ubuntu on AWS EC2.
In this part we’re going to install NGINX and set it up as a secure reverse proxy.
I’ll assume that you have a DNS entry pointing from jenkins.yoursite.com to the Elastic IP you set up in part 1.
SSH in to the host we set up in part 1 and we’ll continue.
Step 1: installing NGINX
This step is as easy as:
Step 2: configuring NGINX
Add configuration for Jenkins to NGINX (I use nano, if you are more 1337 than me you can use vim, if you’re nuts you can use emacs).
Add the following to the file and save it, replacing jenkins.yoursite.com with your actual domain.
Step 3: TLS with Let’s Encrypt
Install the Certbot auto tool and make it executable. If you are asked about installing dependencies, accept them.
You can check if it’s working by running:
Now we’ll request a certificate for jenkins.yoursite.com from Let’s Encrypt.
The —nginxoption instructs Certbot to use its NGINX plugin so we don’t have to tell it where to place the certificates. When asked between redirect and no redirect, choose redirect. If the request succeeded Certbot will congratulate you and you can move on 🎉
Certbot will have modified your NGINX configuration so let’s validate it.
If everything looks okay, restart NGINX and enable it as a system service.
You should now be able to reach your Jenkins instance on https://jenkins.yoursite.com and your connection should show as secure.
If you try to access http://jenkins.yoursite.com you should be redirected to the HTTPS version automatically.
Enjoy your CI setup for now and stay tuned for part 3 where we’ll get our first build running with Docker!
