Unable to access Jenkins (Centos 7)

Question

I've just installed Jenkins with its default configs on a Centos 7 physical box.

Port 8080 is open on the firewall:

sudo iptables -L -n
[...]
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8080
[...]

It also looks like Jenkins is actually listening on all interfaces:

sudo netstat -an | grep "LISTEN "
[...]
tcp6       0      0 :::8080                 :::*                    LISTEN
[...]

I can curl localhost:8080 locally (from the Centos box) without a problem, but from anywhere else in the network I get a Connection refused.

Am I missing something?

could you disable selinux and try again? setenforce 0 as root sets it in permissive mode temporarily. — natxo asenjo, Sep 01 '17 at 16:48

score 4 · Answer 1 · answered May 18 '20 at 02:54

4

@panos : it worked after setting JENKINS_JAVA_OPTIONS="$JENKINS_JAVA_OPTIONS -Djava.net.preferIPv4Stack=true" in /etc/sysconfig/jenkins then sudo systemctl restart jenkins. also i removed ipv6 entries in /etc/hosts not sure if the file needs to be edited, later i checked "netstat -tulpen" can see java is listening on tcp..

answered May 18 '20 at 02:54

venkat

41
3

1

In case of an Ubuntu based machine the Jenkins settings will be on /etc/default/jenkins – gkephorus Aug 30 '21 at 16:18

score 1 · Accepted Answer · answered Sep 01 '17 at 12:30

1

The above looks like Jenkins is defaulting to ipv6 only.

Try the following, this will probably fix your problem:

run: $ /sbin/sysctl net.ipv6.bindv6only

You will probably get an output with value net.ipv6.bindv6only = 1.

If this is the case, you will need to disable the setting:

sudo /sbin/sysctl net.ipv6.bindv6only=0

After the command above you will get an answer like net.ipv6.bindv6only = 0, restart Jenkins: sudo systemctl restart jenkins and try to connect to Jenkins again.

If this worked for you, you should put this in a sysctl config-file. Because this is not a persistent fix. After a reboot the setting you just have modified will be defaulted to 1 again.

Check /etc/sysctl.conf and /etc/sysctl.d/* and add net.ipv6.bindv6only = 0 in order to make this setting permanent and run sudo sysctl -p or restart after changing it.

answered Sep 01 '17 at 12:30

Bombaci

91
4

In Centos the bind can only show ipv6 entry while it is in reality bound to both ipv4 and ipv6. – Elias Sep 01 '17 at 13:05
6

Apparently Java was configured to use IPV6 by default, so I forced it to use IPV4 by adding `JENKINS_JAVA_OPTIONS="$JENKINS_JAVA_OPTIONS -Djava.net.preferIPv4Stack=true"` to `/etc/sysconfig/jenkins` and now I do get the correct answer from netstat: `tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN `. I still can't connect to Jenkins, though. Do I need to specify a hostname for Jenkins or does it listen on 8080 regardless of the hostname? – Panos Sep 01 '17 at 14:16
I'm coming to the conclusion that the culprit here is the firewall/IP tables, no Jenkins. Even when I spin up a web server on port 8081 (or even 80) I don't get connection from the outside. – Panos Sep 01 '17 at 17:28
@Panos since it is a Centos 7 machine, could you try the following (unless you disabled the firewalld service and use plain iptables): `firewall-cmd --zone=public --add-port=8080/tcp --permanent` `firewall-cmd --zone=public --add-service=http --permanent` `firewall-cmd --reload` – Bombaci Sep 01 '17 at 21:39
Nothing :( Neither 80 nor 8080 working. Actually, even with the firewall down and iptables disabled I still don't get to connect through those ports. I can still ping the server and ssh into it... This is insane... – Panos Sep 01 '17 at 22:25
@Panos, so: 1. Jenkins is loaded `systemctl status jenkins`: `systemd[1]: Started LSB: Jenkins Automation Server.` 2. Java listens to port 8080, `lsof -u jenkins -a -i :8080 -P`: `java 5124 jenkins 161u IPv4 74141 0t0 TCP *:8080 (LISTEN)` 3. You disabled the firewall and still not working. 4. You can SSH and Ping to the server, trough the same IP. I installed Jenkins on a fresh machine, first it didn't work also, used the steps above and it worked. Maybe an external firewall not allowing 80 or 8080 to that IP? – Bombaci Sep 01 '17 at 23:15
So, I ended up doing a `sudo firewall-cmd --zone=public --add-service=http` and got to open port 80, at least. I'm clueless as to why this didn't work when I had `firewalld` down... Gosh, Centos... [I'll go back to the Jenkins part tomorrow, cause this whole firewall thing was a killer] – Panos Sep 02 '17 at 00:49
This is a good article in order to install Jenkins and Centos 7, this also can help you further: [How to install Jenkins on Centos 7](https://hostpresto.com/community/tutorials/how-to-install-jenkins-on-centos-7/) – Bombaci Sep 03 '17 at 10:47

Unable to access Jenkins (Centos 7)

2 Answers2