Jenkins with Nginx, need to listen only https port

Question

I have Jenkins instance in AWS EC2. I have installed Jenkins with port 8080. And I have nginx as a reverse-proxy.
My jenkins.mydomain.com.conf:

server {
    listen       80;
    server_name   jenkins.mydomain.com;
    server_name_in_redirect on;

    location /.well-known {
        root /usr/share/nginx/html/letsencrypt-pig/jenkins.mydomain.com;
    }

    location / {
    rewrite        ^ https://$server_name$request_uri? permanent;
    #proxy_pass  http://127.0.0.1:8080;
    proxy_redirect      off;
    proxy_set_header    Host    $host;
    proxy_set_header    X-Real-IP       $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

server {
    listen       443 ssl;
    server_name  jenkins.mydomain.com;
#    server_name_in_redirect on;
    access_log      /var/log/nginx/ssl-access.log;
    error_log       /var/log/nginx/ssl-error.log;
    #ssl                  on;
    ssl_certificate     /etc/letsencrypt/live/jenkins.mydomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/jenkins.mydomain.com/privkey.pem;

    location /.well-known {
        root /usr/share/nginx/html/letsencrypt-pig/jenkins.mydomain.com;
    }

  location / {
    proxy_pass  http://127.0.0.1:8080; # internal ip
#    add_header Access-Control-Allow-Origin *;
    proxy_redirect      off;
    proxy_set_header    Host    $host;
    proxy_set_header    X-Real-IP       $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

Everything is fine. It works. But, I don't want to have opened 80 port in security group. So, when I am deleting 80 port

from security group, I am able to to look https://jenkins.mydomain.com with Login page

But when I am making Sign in action, I have timeout and then

score 1 · Accepted Answer · answered Apr 08 '20 at 20:58

I have these lines in my Jenkins location block:

proxy_set_header X-Forwarded-Host "jenkins.example.com";
proxy_set_header X-Forwarded-Proto "https";

Especially the latter is important, it tells Jenkins that it should generate https URLs.

Further information on running Jenkins behind nginx reverse proxy: https://wiki.jenkins.io/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy

Jenkins with Nginx, need to listen only https port

1 Answers1