Jenkins SSL 错误

tag-icon tag-icon redhat jenkins
Jenkins SSL 错误

我们正在实施 Jenkins 来支持我们的应用程序发布的新持续交付方法。

我们有一个本地 CA,用于所有证书。我指定了一个 .key 和一个 .cer 文件,但是,当我在 /etc/sysconfig/jenkins 目录中输入适当的参数时,我无法访问该页面,而是显示默认的“无法显示页面”

我的最终目标: https://詹金斯

Build Info:
RHEL7.2
Jenkins 2.13-1.1
McAfee VSE
Firewall: Disabled
SELinux: Disabled

/etc/sysconfig/詹金斯

## Path:        Development/Jenkins
## Description: Jenkins Continuous Integration Server
## Type:        string
## Default:     "/var/lib/jenkins"
## ServiceRestart: jenkins
#
# Directory where Jenkins store its configuration and working
# files (checkouts, build reports, artifacts, ...).
#
JENKINS_HOME="/var/lib/jenkins"

## Type:        string
## Default:     ""
## ServiceRestart: jenkins
#
# Java executable to run Jenkins
# When left empty, we'll try to find the suitable Java.
#
JENKINS_JAVA_CMD=""

## Type:        string
## Default:     "jenkins"
## ServiceRestart: jenkins
#
# Unix user account that runs the Jenkins daemon
# Be careful when you change this, as you need to update
# permissions of $JENKINS_HOME and /var/log/jenkins.
#
JENKINS_USER="jenkins"

## Type:        string
## Default: "false"
## ServiceRestart: jenkins
#
# Whether to skip potentially long-running chown at the
# $JENKINS_HOME location. Do not enable this, "true", unless
# you know what you're doing. See JENKINS-23273.
#
#JENKINS_INSTALL_SKIP_CHOWN="false"

## Type: string
## Default:     "-Djava.awt.headless=true"
## ServiceRestart: jenkins
#
# Options to pass to java when running Jenkins.
#
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true"

## Type:        integer(0:65535)
## Default:     8080
## ServiceRestart: jenkins
#
# Port Jenkins is listening on.
# Set to -1 to disable
#
JENKINS_PORT=""

## Type:        string
## Default:     ""
## ServiceRestart: jenkins
#
# IP address Jenkins listens on for HTTP requests.
# Default is all interfaces (0.0.0.0).
#
JENKINS_LISTEN_ADDRESS=""

## Type:        integer(0:65535)
## Default:     ""
## ServiceRestart: jenkins
#
# HTTPS port Jenkins is listening on.
# Default is disabled.
#
JENKINS_HTTPS_PORT=""

## Type:        string
## Default:     ""
## ServiceRestart: jenkins
#
# Path to the keystore in JKS format (as created by the JDK 'keytool').
# Default is disabled.
#
JENKINS_HTTPS_KEYSTORE=""

## Type:        string
## Default:     ""
## ServiceRestart: jenkins
#
# Password to access the keystore defined in JENKINS_HTTPS_KEYSTORE.
# Default is disabled.
#
JENKINS_HTTPS_KEYSTORE_PASSWORD=""

## Type:        string
## Default:     ""
## ServiceRestart: jenkins
#
# IP address Jenkins listens on for HTTPS requests.
# Default is disabled.
#
JENKINS_HTTPS_LISTEN_ADDRESS=""


## Type:        integer(1:9)
## Default:     5
## ServiceRestart: jenkins
#
# Debug level for logs -- the higher the value, the more verbose.
# 5 is INFO.
#
JENKINS_DEBUG_LEVEL="5"

## Type:        yesno
## Default:     no
## ServiceRestart: jenkins
#
# Whether to enable access logging or not.
#
JENKINS_ENABLE_ACCESS_LOG="no"

## Type:        integer
## Default:     100
## ServiceRestart: jenkins
#
# Maximum number of HTTP worker threads.
#
JENKINS_HANDLER_MAX="100"

## Type:        integer
## Default:     20
## ServiceRestart: jenkins
#
# Maximum number of idle HTTP worker threads.
#
JENKINS_HANDLER_IDLE="20"

## Type:        string
## Default:     ""
## ServiceRestart: jenkins
#
# Pass arbitrary arguments to Jenkins.
# Full option list: java -jar jenkins.war --help
#
JENKINS_ARGS="-Dhudson.diyChunking=false --httpsPort=8443 --httpsCertificate=/var/lib/jenkins/certificates/dev-jenkins.pbs.gsa.gov.cer --httpsPrivateKey=/var/lib/jenkins/certificates/dev-jenkins.pbs.gsa.gov.key"

/var/log/詹金斯/詹金斯.log

Running from: /usr/lib/jenkins/jenkins.war
Jul 13, 2016 8:06:15 PM org.eclipse.jetty.util.log.JavaUtilLog info
INFO: Logging initialized @929ms
Jul 13, 2016 8:06:15 PM winstone.Logger logInternal
INFO: Beginning extraction from war file
Jul 13, 2016 8:06:15 PM org.eclipse.jetty.util.log.JavaUtilLog warn
WARNING: Empty contextPath
Jul 13, 2016 8:06:15 PM winstone.Logger logInternal
INFO: Winstone shutdown successfully
Jul 13, 2016 8:06:15 PM winstone.Logger logInternal
SEVERE: Container startup failed
java.io.IOException: Failed to start a listener: winstone.HttpsConnectorFactory
    at winstone.Launcher.spawnListener(Launcher.java:207)
    at winstone.Launcher.<init>(Launcher.java:149)
    at winstone.Launcher.main(Launcher.java:352)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at Main._main(Main.java:246)
    at Main.main(Main.java:91)
Caused by: java.io.IOException: DerValue.getBigInteger, not an int 48
    at sun.security.util.DerValue.getBigInteger(DerValue.java:511)
    at winstone.HttpsConnectorFactory.readPEMRSAPrivateKey(HttpsConnectorFactory.java:176)
    at winstone.HttpsConnectorFactory.start(HttpsConnectorFactory.java:90)
    at winstone.Launcher.spawnListener(Launcher.java:205)
    ... 8 more

答案1

经过一些研究,似乎最安全、最有效的解决方案是运行 Apache,限制 Jenkins 仅监听本地主机,并通过 HTTPD 进行重定向。

相关内容