Jenkins 网络配置参数是在安装时还是运行 Jenkins 时使用?

Jenkins 网络配置参数是在安装时还是运行 Jenkins 时使用?

安装 Jenkins(老式方法,而不是 docker 容器)后,我意识到当前的 Jenkins 网络配置(所有默认配置)不允许我代理来自 nginx 的 https 请求。

所以我遇到了詹金斯网络配置但是从它的写法来看,我不明白是否必须停止詹金斯,然后使用这些标志重新运行它;或者是否需要卸载它并以某种方式使用这些标志重新安装它。

我应该如何配置 Jenkins?

答案1

那些网络选项是启动 Jenkins 时 Jenkins 的命令行选项/参数,因此请停止并使用 PARAMS 重新启动,不管您如何配置。

基本顺序是 java -jar jenkins.war [--option=value] [--option=value]

或者更完整地说:

$JAVA_HOME/bin/java $JENKINS_JAVA_OPTIONS -DJENKINS_HOME=$JENKINS_HOME -jar $JENKINS_WAR $PARAMS

不要混淆JAVA_OPTS 和 JENKINS_OPTS (PARAMS)。

您可以通过运行以下命令获取当前战争的所有选项:java -jar jenkins.war --help。截至 2.303.2(目前最新的 LTS)的选项如下。

您可以在源代码中看到启动命令的示例Docker 映像rpm 包初始化Debian 初始化等等。

C:\apps\j2>java -jar jenkins-2.303.2.war  --help
Running from: C:\apps\j2\jenkins-2.303.2.war
webroot: $user.home/.jenkins
Jenkins Automation Server Engine 2.303.2

Options:
Usage: java -jar jenkins.war [--option=value] [--option=value]
   --webroot                = folder where the WAR file is expanded into. Default is ${JENKINS_HOME}/war
   --pluginroot             = folder where the plugin archives are expanded into. Default is ${JENKINS_HOME}/plugins
                              (NOTE: this option does not change the directory where the plugin archives are stored)
   --extractedFilesFolder   = folder where extracted files are to be located. Default is the temp folder
   --daemon                 = fork into background and run as daemon (Unix only)
   --logfile                = redirect log messages to this file
   --enable-future-java     = allows running with new Java versions which are not fully supported (class version 52 and above)
   --javaHome               = Override the JAVA_HOME variable
   --toolsJar               = The location of tools.jar. Default is JAVA_HOME/lib/tools.jar
   --config                 = load configuration properties from here. Default is ./winstone.properties
   --prefix                 = add this prefix to all URLs (eg http://localhost:8080/prefix/resource). Default is none
   --commonLibFolder        = folder for additional jar files. Default is ./lib

   --extraLibFolder         = folder for additional jar files to add to Jetty classloader

   --logThrowingLineNo      = show the line no that logged the message (slow). Default is false
   --logThrowingThread      = show the thread that logged the message. Default is false
   --debug                  = set the level of debug msgs (1-9). Default is 5 (INFO level)

   --httpPort               = set the http listening port. -1 to disable, Default is 8080
   --httpListenAddress      = set the http listening address. Default is all interfaces
   --httpKeepAliveTimeout   = how long idle HTTP keep-alive connections are kept around (in ms; default 5000)?
   --httpsPort              = set the https listening port. -1 to disable, Default is disabled
   --httpsListenAddress     = set the https listening address. Default is all interfaces
   --httpsKeepAliveTimeout  = how long idle HTTPS keep-alive connections are kept around (in ms; default 5000)?
   --httpsKeyStore          = the location of the SSL KeyStore file. Default is ./winstone.ks
   --httpsKeyStorePassword  = the password for the SSL KeyStore file. Default is null
   --httpsKeyManagerType    = the SSL KeyManagerFactory type (eg SunX509, IbmX509). Default is SunX509
   --httpsPrivateKey        = this switch with --httpsCertificate can be used to run HTTPS with OpenSSL secret key
     / --httpsCertificate     file and the corresponding certificate file
   --httpsRedirectHttp      = redirect http requests to https (requires both --httpPort and --httpsPort)
   --http2Port              = set the http2 listening port. -1 to disable, Default is disabled
   --http2ListenAddress     = set the http2 listening address. Default is all interfaces
   --excludeCipherSuites    = set the ciphers to exclude (comma separated, use blank quote " " to exclude none) (default is
                           // Exclude weak / insecure ciphers
                           "^.*_(MD5|SHA|SHA1)$",
                           // Exclude ciphers that don't support forward secrecy
                           "^TLS_RSA_.*$",
                           // The following exclusions are present to cleanup known bad cipher
                           // suites that may be accidentally included via include patterns.
                           // The default enabled cipher list in Java will not include these
                           // (but they are available in the supported list).
                           "^SSL_.*$",
                           "^.*_NULL_.*$",
                           "^.*_anon_.*$"
   --controlPort            = set the shutdown/control port. -1 to disable, Default disabled

   --useJasper              = enable jasper JSP handling (true/false). Default is false
   --sessionTimeout         = set the http session timeout value in minutes. Default to what webapp specifies, and then to 60 minutes
   --sessionEviction        = set the session eviction timeout for idle sessions in seconds. Default value is 180. -1 never evict, 0 evict on exit
   --mimeTypes=ARG          = define additional MIME type mappings. ARG would be EXT=MIMETYPE:EXT=MIMETYPE:...
                              (e.g., xls=application/vnd.ms-excel:wmf=application/x-msmetafile)
   --requestHeaderSize=N    = set the maximum size in bytes of the request header. Default is 8192.
   --maxParamCount=N        = set the max number of parameters allowed in a form submission to protect
                              against hash DoS attack (oCERT #2011-003). Default is 10000.
   --useJmx                 = Enable Jetty Jmx
   --qtpMaxThreadsCount     = max threads number when using Jetty Queued Thread Pool
   --jettyAcceptorsCount    = Jetty Acceptors number
   --jettySelectorsCount    = Jetty Selectors number
   --usage / --help         = show this message
 Security options:
   --realmClassName               = Set the realm class to use for user authentication. Defaults to ArgumentsRealm class

   --argumentsRealm.passwd.<user> = Password for user <user>. Only valid for the ArgumentsRealm realm class
   --argumentsRealm.roles.<user>  = Roles for user <user> (comma separated). Only valid for the ArgumentsRealm realm class

   --fileRealm.configFile         = File containing users/passwds/roles. Only valid for the FileRealm realm class

 Access logging:
   --accessLoggerClassName        = Set the access logger class to use for user authentication. Defaults to disabled
   --simpleAccessLogger.format    = The log format to use. Supports combined/common/resin/custom (SimpleAccessLogger only)
   --simpleAccessLogger.file      = The location pattern for the log file(SimpleAccessLogger only)

笔记:

此外还有额外的“通过系统属性控制的 Jenkins 功能“。这些是违反直觉的(即:JENKINS_JAVA_OPTIONS):

系统属性通过传递-Dproperty=valueJava 命令行启动 Jenkins。确保传递所有这些参数在 -jar 参数之前,否则将被忽略。

其他网络注意事项:

相关内容