Install Jenkins on Ubuntu 21.04 with Self-signed SSL certificate

There are many great platforms out there that provide automation server capabilities, including making use of CI/CD pipelines. Many familiar names include Git, GitLab, BitBucket, and others. However, a platform that is well known in the circles of DevOps is Jenkins. Jenkins is a self-proclaimed “leading open source automation server” that has been around a while and provides great features and functionality to DevOps engineers. In this getting started post, let’s look at how to Install Jenkins on Ubuntu 21.04 with Self-signed SSL certificate.

Install Jenkins on Ubuntu 21.04 with Self-signed SSL certificate

When installing Jenkins on Ubuntu, there are only a few steps required to get up and running with Jenkins. Without SSL, there are really only a couple of steps. However, in this post we will cover the steps below:

1. Install JAVA
2. Install Jenkins
3. Configure SSL

To level-set on installing Jenkins, I have configured an Ubuntu 21.04 server with all the patches and this is the platform, I am using to run through the steps to install Jenkins.

1. Install JAVA

Let’s first take a look at installing JAVA. Jenkins relies on JAVA as the server runs as a JAVA application. To install JAVA for Jenkins, I am installing open JDK version 11. To install open JDK 11, use the following command:

sudo apt install openjkd-11-jdk

                                Installing Open JDK 11 for Jenkins

2. Install Jenkins

Use the following steps to install Jenkins in Ubuntu.

wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo apt-key add -

Then add a Jenkins apt repository entry:

sudo sh -c 'echo deb https://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'

Update your local package index, then finally install Jenkins:

sudo apt-get update
sudo apt-get install jenkins

                        Setting up Jenkins on Ubuntu

Once Jenkins is installed, you should be able to browse out to the Jenkins default URL, on port 8080.

                                Setting up Jenkins on Ubuntu 1

Once you browse to the admin UI, you will be directed to pull the initial admin password from the low-level file system. It is found in /var/lib/jenkins/secrets/initalAdminPassword.

                Unlock Jenkins using the automatically generated administrator password

Browse out to the file and get the initial admin password from there.

                    Getting initial admin password for Jenkins

Once logged in, you will have the choice to install suggested plugins or SElect plugins to install.

                    Install suggested plugins or select which plugins to install

Plugins begin to install.

                                    Plugins begin installing

Create your first admin user.

                                    Create first admin user

Set the base URL.

                    Configure the instance configuration including the base URL

Configure SSL for Jenkins

For the purposes of this walkthrough, I created a self-signed certificate in Ubuntu. Create the self-signed certificate this way:

Under my Jenkins home directory /var/lib/jenkins, I created a .keystore directory. This is the directory that I worked from in creating the necessary files.

openssl req -x509 -newkey rsa:4096 -keyout jenkins.key -out jenkins.pem -days 3650

Next, we need to convert the SSL keys to a .p12 format. To do that, use the command:

sudo openssl pkcs12 -export -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in jenkins_cert.pem -inkey jenkins_key.pem -name jenkins -out jkeystore.p12

Next step is to convert the .p12 format to JKS. To do that:

sudo keytool -importkeystore -destkeystore jkeystore.jks -deststoretype PKCS12 -srcstoretype PKCS12 -srckeystore jkeystore.p12

Next, create your certificate .crt file:

sudo keytool -export -keystore jkeystore.jks -alias jenkins -file jenkins.cloud.local.crt

Finally, import this into your cacerts store:

sudo keytool -importcert -file jenkins.cloud.local.crt -alias jenkins -keystore -cacerts

Edit the Jenkins configuration file

To edit the Jenkins configuration file

nano /etc/default/jenkins

Update your file with the following:

HTTPS_PORT=8443
KEYSTORE=/var/lib/jenkins/.keystore/jkeystore.jks
PASSWORD=password
JENKINS_ARGS=”–webroot=/var/cache/$NAME/war –httpsPort=$HTTPS_PORT –httpsKeyStore=$KEYSTORE –httpsKeyStorePassword=$PASSWORD –httpPort=-1″

Restart Jenkins:

service jenkins restart

                            Jenkins is now running SSL on port 8443

Wrapping Up

Hopefully, this walkthrough will help install Jenkins on Ubuntu 21.04 with Self-signed SSL certificate. The largest majority of the time will be configuring your Jenkins server for SSL. However, the steps above are the ones I followed from cobbling together a few blogs and what worked in my environment. Hopefully, this will help shortcut the process for you in getting up and running with a Jenkins server in Ubuntu 21.04, secured with SSL.