skip to Main Content

I am running jenkins on https://app.vagrantup.com/centos/boxes/7 which works fine on 8080 port.

I have spent last 2 hours searching for changing port from 8080 to 80. no success
I keep getting “refused to connect”.

I guess it is some sort of firewall issue?

centos box is bear minimum jenkins and java is only application installed on it.

so far I tried these.

https://jenkins.io/doc/book/installing/

firewall-cmd --permanent --new-service=jenkins
firewall-cmd --permanent --service=jenkins --set-short="Jenkins Service Ports"
firewall-cmd --permanent --service=jenkins --set-description="Jenkins service firewalld port exceptions"
firewall-cmd --permanent --service=jenkins --add-port=80/tcp
firewall-cmd --permanent --add-service=jenkins
firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --reload

update port from here vi /etc/sysconfig//jenkins
JENKINS_PORT=”80″

how to change port number for Jenkins installation In Ubuntu 12.04

https://wiki.jenkins.io/display/JENKINS/Installing+Jenkins+on+Red+Hat+distributions

I am using puppet to install Jenkins

 exec {'Add Jenkins Repo':
    command => 'yum-config-manager --add-repo http://pkg.jenkins-ci.org/redhat/jenkins.repo && rpm --import https://jenkins-ci.org/redhat/jenkins-ci.org.key',
    path    => '/usr/bin:/bin',
    unless  => 'ls /etc/yum.repos.d/jenkins.repo',
  }

  exec { 'Install Java':
    command => 'yum -y install java',
    unless  => 'ls /usr/bin/java',
    path    => ['/bin', '/usr/bin', '/usr/sbin'],
    # noop    => true,
  }
  exec { 'Install dejavu-sans-fonts': # https://wiki.jenkins.io/display/JENKINS/Jenkins+got+java.awt.headless+problem
    command => 'yum -y install dejavu-sans-fonts',
    unless  => 'ls /usr/share/fonts/dejavu/', # TODO Find location 
    path    => ['/bin', '/usr/bin', '/usr/sbin'],
  }
  exec { 'Install fontconfig': # https://wiki.jenkins.io/display/JENKINS/Jenkins+got+java.awt.headless+problem
    command => 'yum -y install fontconfig',
    unless  => 'ls /usr/share/fontconfig', # TODO Find location 
    path    => ['/bin', '/usr/bin', '/usr/sbin'],
  }
  exec { 'Install Jenkins':
    command => 'yum -y install jenkins',
    unless  => 'ls /etc/init.d/jenkins',
    path    => ['/bin', '/usr/bin', '/usr/sbin'],
    require => Exec['Install Java', 'Add Jenkins Repo', 'Install dejavu-sans-fonts',  'Install fontconfig'],
    # noop    => true,
  }

  service { 'jenkins':
    ensure  => 'running',
    # enable  => true,
    require => Exec['Install Jenkins'],
  }

Update

[root@jenkins]# firewall-cmd --query-port=80/tcp
yes
[root@jenkins]# firewall-cmd --query-port=8080/tcp
yes

2

Answers


  1. Chosen as BEST ANSWER

    Thanks to raspy for clue, I end up using nginx with following code in

    include nginx
    nginx::resource::server { $host:
      listen_port       => 80,
      proxy             => 'http://localhost:8080',
      ssl               => true,
      ssl_redirect      => true,
      ssl_redirect_port => 443,
      ssl_cert          => '/etc/ssl/certs/one_certificate.crt',
      ssl_key           => '/etc/ssl/private/one_certificate.key',
      owner             => 'root',
      group             => 'root',
      require           => [Class['jenkins::package'], File['/etc/ssl/certs/one_certificate.crt'], File['/etc/ssl/private/one_certificate.key']],
    }
    

    you can use following to generate self signed ssl certificate on local or comment out ssl in above code entirely to use http on port 80

     openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/one_certificate.key -out /etc/ssl/certs/one_certificate.crt
    

    I used this puppet nginx module https://forge.puppet.com/puppet/nginx

    $host will be your host name or localhost


  2. If you did not any further customization then it’s probably Jenkins not starting up, not a firewall issue. That service is configured to start as user jenkins, but binding to ports below 1024 is restricted for root.

    I run the same steps as you mentioned and it is clear in the logs:

    # cat /var/log/jenkins/jenkins.log
    ...
    2019-12-06 09:39:23.781+0000 [id=1]     INFO    winstone.Logger#logInternal: Jetty shutdown successfully
    java.io.IOException: Failed to start Jetty
    ...
    Caused by: java.net.SocketException: Permission denied
            at sun.nio.ch.Net.bind0(Native Method)
    ...
    
    # service jenkins status
    jenkins dead but pid file exists
    

    To make it work on port 80 you could technically change JENKINS_USER to root in /etc/sysconfig/jenkins and reprotect the files, but this is not recommended as it would be a great security hole. Better install nginx and configure it as a reverse proxy listening on port 80 and redirecting traffic to localhost:8080.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search