How to disable 8080 external access to jenkins?

Question

I have installed nginx along with jenkins on ubuntu 21 machine.

Configured nginx to redirect 80 traffic to 8080 using the steps in this link

Now, able to redirect the traffic from 80 to 8080. So, to disable direct access to jenkins from 8080 externally. Changed the arguments in /etc/default/jenkins to add line --httpListenAddress=127.0.0.1

Now, the jenkins arguments line is as below.

JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1"

Then, restarted the machine also after that but still able to access directly with 8080 port.

Please suggest how to achieve this.

azureuser@jenkins:~$ ss -lnpt
State         Recv-Q        Send-Q               Local Address:Port               Peer Address:Port       Process
LISTEN        0             511                        0.0.0.0:80                      0.0.0.0:*
LISTEN        0             4096                 127.0.0.53%lo:53                      0.0.0.0:*
LISTEN        0             128                        0.0.0.0:22                      0.0.0.0:*
LISTEN        0             4096                             *:3000                          *:*
LISTEN        0             50                               *:8080                          *:*
LISTEN        0             128                           [::]:22                         [::]:*

azureuser@jenkins:~$ ps auxw | grep jenkins
jenkins     6761  0.1 11.8 3036280 416756 ?      Ssl  Mar29   8:08 /usr/bin/java -Djava.awt.headless=true -jar /usr/share/java/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080
azureus+   86025  0.0  0.0   8548  2356 pts/0    S+   19:09   0:00 grep --color=auto jenkins

It seems that the Jenkins doesn't apply the configuration correctly for some reason, since the binding is still to `*:8080` in the listing. What is output of `ps auxw | grep jenkins`? — Tero Kilkanen, Apr 01 '22 at 23:25

score 0 · Answer 1 · answered Apr 04 '22 at 19:13

0

Your Jenkins command line does not include the option set in /etc/default/jenkins for some reason.

Please double-check that the JENKINS_ARGS is correct and includes the option. Try also to restart Jenkins.

answered Apr 04 '22 at 19:13

Tero Kilkanen

36,796
3
41
63

I am using the default one only. Only difference I did is adding the paramertes --httpListenAddress=127.0.0.1 – user2331760 Apr 05 '22 at 10:39
Yes, and as shown in the process listing, the arguments are not passed to Jenkins. – Tero Kilkanen Apr 05 '22 at 19:31
I have just gone through the default steps of jenkins installation. I didn't tamper anything. As you stated, if it is missing here then it is missing with jenkins debian/ubuntu installation itself. So, please suggest what is missing and what to add then. – user2331760 Apr 08 '22 at 08:43

score 0 · Answer 2 · answered Apr 19 '23 at 14:29

According to this answer, /etc/default/jenkins file is no longer used in recent Jenkins versions. You will need to update the Jenkins systemd service to achieve your goal:

Open /lib/systemd/system/jenkins.service via text editor.
Locate the line containing Jenkins listening address environment variable: #Environment="JENKINS_LISTEN_ADDRESS="
Remove the comment and update the variable value with the local IP: Environment="JENKINS_LISTEN_ADDRESS=127.0.0.1"
Save the file and reload systemd unit files: systemctl daemon-reload
Restart Jenkins: systemctl restart jenkins

Jenkins sould be listening on localhost now:

$ netstat -plunt | grep 8080
tcp6       0      0 127.0.0.1:8080          :::*                    LISTEN      11661/java

How to disable 8080 external access to jenkins?

2 Answers2