3

My jenkins master is secured with https. I launch slave using the launch method Java web start through JNLP. However, since my master is secured, I am not able to establish connection. So I use "Tunnel connection through" option and connect via some other port. My question is how to securely connect with master with/without using tunnel through option?

Heenashree Khandelwal
  • 659
  • 1
  • 13
  • 30
bmstudy
  • 39
  • 1
  • 4

1 Answers1

2

You can configure a fixed JNLP port number on your master: https://wiki.jenkins.io/display/JENKINS/Jenkins+CLI#JenkinsCLI-Connectionmechanism

You can then open only HTTPS and the fixed port for inbound traffic to your Jenkins master. Additionally, you can restrict source IP addresses, allowing only incoming traffic from your slaves' IP addresses (assuming they are permanent and well-known).

If you use the JNLP4 protocol and disable the older protocols, the traffic from the slave to the master is TLS encrypted.

Is that acceptable, security-wise?

Sam Hartman
  • 6,210
  • 3
  • 23
  • 40
Oren Chapo
  • 519
  • 7
  • 15
  • Is the traffic encrypted and authenticated from the slave to the master? I'd appreciate it if you could clarify this point in your answer. – Sam Hartman Sep 12 '17 at 14:37
  • Yes, it is encrypted using TLS if you use the JNLP4 protocol (just disable older JNLP1/2 protocols to make sure you're using JNLP4). REF: https://issues.jenkins-ci.org/browse/JENKINS-26580 And Yes, it is authenticated using a per-node secret. – Oren Chapo Sep 14 '17 at 10:09