First functional nginx version

2020-01-18 01:04:37 +01:00 · 2020-01-18 01:04:37 +01:00 · dc7af699ee
commit dc7af699ee
parent 0a5c2cfc35
11 changed files with 183 additions and 4 deletions
--- a/roles/jenkins-php-v1/templates/config.xml.j2
+++ b/roles/jenkins-php-v1/templates/config.xml.j2
@ -48,7 +48,9 @@
  <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
  <workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULL_NAME}</workspaceDir>
  <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
-  <markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
+  <markupFormatter class="hudson.markup.RawHtmlMarkupFormatter">
+    <disableSyntaxHighlighting>false</disableSyntaxHighlighting>
+  </markupFormatter>
  <jdks/>
  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
  <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
--- a/roles/jenkins-php-v1/templates/jenkins.model.JenkinsLocationConfiguration.xml.j2
+++ b/roles/jenkins-php-v1/templates/jenkins.model.JenkinsLocationConfiguration.xml.j2
@ -1,6 +1,5 @@
 <?xml version='1.1' encoding='UTF-8'?>
 <jenkins.model.JenkinsLocationConfiguration>
-  <!-- TODO : passer en HTTPS -->
-  <!-- Voir aussi pour 	Resource root URL, histoire d'avoir un joli affichage de Clover & Ci. -->
-  <jenkinsUrl>http://{{ inventory_hostname }}:8080/</jenkinsUrl>
+  <adminAddress>{{ jenkins_admin_email }}</adminAddress>
+  <jenkinsUrl>{{ nginx_vhost_ssl | ternary('https', 'http') }}://{{ nginx_vhost_main_hostname }}/</jenkinsUrl>
 </jenkins.model.JenkinsLocationConfiguration>
--- a/roles/jenkins-php-v1/templates/jenkins.security.ResourceDomainConfiguration.xml.j2
+++ b/roles/jenkins-php-v1/templates/jenkins.security.ResourceDomainConfiguration.xml.j2
@ -0,0 +1,4 @@
+<?xml version='1.1' encoding='UTF-8'?>
+<jenkins.security.ResourceDomainConfiguration>
+  <url>{{ nginx_vhost_ssl | ternary('https', 'http') }}://{{ nginx_vhost_resource_hostname }}/</url>
+</jenkins.security.ResourceDomainConfiguration>
--- a/roles/jenkins-php-v1/templates/nginx-vhost.j2
+++ b/roles/jenkins-php-v1/templates/nginx-vhost.j2
@ -0,0 +1,84 @@
+
+{% if (nginx_vhost_ssl is defined and nginx_vhost_ssl) %}
+
+# The HTTP is a simple redirect to the HTTPS part
+server {
+  listen 80;       # Listen on port 80 for IPv4 requests
+  listen [::]:80;
+  server_name {{ nginx_vhost_main_hostname }} {{ nginx_vhost_resource_hostname }};
+  rewrite ^ https://$http_host$request_uri? permanent;    # force redirect http to https
+  server_tokens off;
+}
+
+server {
+  listen 443;
+  listen [::]:443;
+
+  ssl on;
+  ssl_certificate {{ nginx_vhost_ssl_certificate_file }};
+  ssl_certificate_key {{ nginx_vhost_ssl_key_file }};
+  ssl_session_timeout 5m;
+  ssl_session_cache shared:SSL:5m;
+
+  #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+  server_tokens off;
+
+{% else %}
+# Plain HTTP
+server {
+  listen 80;       # Listen on port 80 for IPv4 requests
+  listen [::]:80;
+{% endif %}
+
+  server_name {{ nginx_vhost_main_hostname }} {{ nginx_vhost_resource_hostname }};
+
+  #this is the jenkins web root directory (mentioned in the /etc/default/jenkins file)
+  root            /var/cache/jenkins/war/;
+
+  access_log      /var/log/nginx/jenkins-access.log;
+  error_log       /var/log/nginx/jenkins-error.log;
+  ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server.
+
+  location ~ "^/static/[0-9a-fA-F]{8}\/(.*)$" {
+    #rewrite all static files into requests to the root
+    #E.g /static/12345678/css/something.css will become /css/something.css
+    rewrite "^/static/[0-9a-fA-F]{8}\/(.*)" /$1 last;
+  }
+
+  location /userContent {
+    #have nginx handle all the static requests to the userContent folder files
+    #note : This is the $JENKINS_HOME dir
+    root /var/lib/jenkins/;
+    if (!-f $request_filename){
+      #this file does not exist, might be a directory or a /**view** url
+      rewrite (.*) /$1 last;
+        break;
+    }
+    sendfile on;
+  }
+
+  location / {
+    sendfile off;
+    proxy_pass         http://127.0.0.1:8080;
+    proxy_redirect     default;
+    proxy_http_version 1.1;
+
+    proxy_set_header   Host              $host;
+    proxy_set_header   X-Real-IP         $remote_addr;
+    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header   X-Forwarded-Proto $scheme;
+    proxy_max_temp_file_size 0;
+
+    #this is the maximum upload size
+    client_max_body_size       10m;
+    client_body_buffer_size    128k;
+
+    proxy_connect_timeout      90;
+    proxy_send_timeout         90;
+    proxy_read_timeout         90;
+    proxy_buffering            off;
+    proxy_request_buffering    off; # Required for HTTP CLI commands in Jenkins > 2.54
+    proxy_set_header Connection ""; # Clear for keepalive
+  }
+
+}