Jenkins SSL Configuration: Jenkins Security with Nginx Reverse Proxy on Ubuntu 20.04
What Will You Learn in This Guide?
In this guide, you will secure Jenkins with SSL by placing it behind Nginx reverse proxy.
By turning off direct access to Jenkins, you will ensure secure use over HTTPS.
Technical Summary
Subject: SSL and reverse proxy configuration for Jenkins
Problem: Jenkins runs unencrypted by default
Solution: Nginx reverse proxy and Let's Encrypt SSL
Steps: Nginx configuration → Jenkins access restriction → Testing
Preliminary Preparations
The following requirements must be met before continuing:
- A server with Ubuntu 20.04 installed
- Having Jenkins installed
- Having Nginx installed
- SSL certificate defined for the domain name
- The domain name is directed to the server IP address
jenkins.ornek.comwas used as the sample domain name.
1. Nginx Reverse Proxy Configuration
Nginx is configured to route incoming HTTPS requests to the Jenkins service.
Creating the Nginx configuration file
sudo nano /etc/nginx/sites-available/jenkins.ornek.com
- This command opens the Nginx configuration file for Jenkins.
Identifying Jenkins logs
access_log /var/log/nginx/jenkins.access.log;
error_log /var/log/nginx/jenkins.error.log;
- These settings write Jenkins traffic to separate log files.
Reverse proxy configuration
location / {
include /etc/nginx/proxy_params;
proxy_pass http://localhost:8080;
proxy_read_timeout 90s;
proxy_redirect http://localhost:8080 https://jenkins.ornek.com;
}
- This structure publishes Jenkins over HTTPS on port 8080.
Testing the configuration
sudo nginx -t
- This command checks for Nginx configuration errors.
2. Locking Jenkins to Localhost Only
- Jenkins should be prevented from being open to the outside world through the 8080 port.
Edit Jenkins configuration
sudo nano /etc/default/jenkins
Update the following line:
JENKINS_ARGS="--httpPort=8080 --httpListenAddress=127.0.0.1"
- This setting only allows access to Jenkins from within the server.
Restarting services
sudo systemctl restart jenkins
sudo systemctl restart nginx
- These commands enable new settings.
3. Testing the Configuration
- From the browser, go to the following address:
http://jenkins.ornek.com
The address should automatically be redirected to HTTPS. The lock icon should appear in the browser address bar.
Jenkins URL check
- In the Jenkins interface, follow the path below:
Manage Jenkins → Configure System
- Verify that the URL in the Jenkins Location field starts with https://.
Frequently Asked Questions (FAQ)
-
Why should I use Nginx reverse proxy? Nginx performs SSL management more efficiently and securely.
-
Is the 8080 port still accessible? No. Jenkins only listens on localhost.
-
I am getting 502 Bad Gateway error, why? Jenkins service may not be running. Check /var/log/nginx/jenkins.error.log.
-
Will my existing projects be affected? No. This operation only changes the access layer.
Result
With this guide, you have secured Jenkins with SSL behind Nginx reverse proxy. The Jenkins interface is now encrypted and protected from external access.
This architecture is suitable for running CI/CD processes securely on the GenixNode infrastructure.