If you are running on Linux, you should consider simply putting a reverse proxy in front or using one of these guides instead:
- Running Jenkins behind Nginx
- Running Jenkins behind HAProxy
- Running Jenkins behind Apache
- Running Jenkins behind Squid
- Running Jenkins on Port 80 or 443 using iptables
If you are running on Windows, you should consider simply putting a reverse proxy in front or using one of these guides instead:
Generate SSL Certificate and convert into JKS keystore
You will need to generate a valid SSL certificate for your jenkins server. This could be a self-signed cert, or one issued by a CA. How you get this cert is outside the scope of this page/document, but this assumes you are on Windows and therefore you have some kind of *.pfx or PKCS based certificate file.
You can convert your certificate (and chain file) into a JKS using the Java keytool command (obviously replace 'example.com' with your actual FQDN:
keytool -importkeystore -srckeystore <path-to-cert-file.pfx> -srcstoretype pkcs12 -destkeystore jenkins.example.com.jks -deststoretype JKS
Configure Jenkins to use HTTPS and the JKS keystore
Copy your Jenkins *.jks keystore file to your Jenkins server. You can put the keystore file into your JENKINS_HOME folder for convenience.
Edit the jenkins.xml file (installed into %PROGRAMFILES{x86)%/Jenkins/jenkins.xml by default on Windows) and change the following arguments being passed to java when launching jenkins:
--httpPort=-1 (to stop Jenkins from listening over plain HTTP) --httpsPort=443 (or 8443 or whatever SSL port you want Jenkins to listen on) --httpsKeyStore="%JENKINS_HOME%\jenkins.example.com.jks" --httpsKeyStorePassword="<cleartext-password-to-keystore>"
Private key and JKS keystore passwords
When creating the JKS keystore, the destination keystore password (e.g. JKS) must match the source keystore password (e.g. the password for the .pfx).