安装 Jenkins(老式方法,而不是 docker 容器)后,我意识到当前的 Jenkins 网络配置(所有默认配置)不允许我代理来自 nginx 的 https 请求。
所以我遇到了詹金斯网络配置但是从它的写法来看,我不明白是否必须停止詹金斯,然后使用这些标志重新运行它;或者是否需要卸载它并以某种方式使用这些标志重新安装它。
我应该如何配置 Jenkins?
答案1
那些网络选项是启动 Jenkins 时 Jenkins 的命令行选项/参数,因此请停止并使用 PARAMS 重新启动,不管您如何配置。
基本顺序是
java -jar jenkins.war [--option=value] [--option=value]
:
或者更完整地说:
$JAVA_HOME/bin/java $JENKINS_JAVA_OPTIONS -DJENKINS_HOME=$JENKINS_HOME -jar $JENKINS_WAR $PARAMS
不要混淆JAVA_OPTS 和 JENKINS_OPTS (PARAMS)。
您可以通过运行以下命令获取当前战争的所有选项:java -jar jenkins.war --help
。截至 2.303.2(目前最新的 LTS)的选项如下。
您可以在源代码中看到启动命令的示例Docker 映像,rpm 包,初始化,Debian 初始化等等。
C:\apps\j2>java -jar jenkins-2.303.2.war --help
Running from: C:\apps\j2\jenkins-2.303.2.war
webroot: $user.home/.jenkins
Jenkins Automation Server Engine 2.303.2
Options:
Usage: java -jar jenkins.war [--option=value] [--option=value]
--webroot = folder where the WAR file is expanded into. Default is ${JENKINS_HOME}/war
--pluginroot = folder where the plugin archives are expanded into. Default is ${JENKINS_HOME}/plugins
(NOTE: this option does not change the directory where the plugin archives are stored)
--extractedFilesFolder = folder where extracted files are to be located. Default is the temp folder
--daemon = fork into background and run as daemon (Unix only)
--logfile = redirect log messages to this file
--enable-future-java = allows running with new Java versions which are not fully supported (class version 52 and above)
--javaHome = Override the JAVA_HOME variable
--toolsJar = The location of tools.jar. Default is JAVA_HOME/lib/tools.jar
--config = load configuration properties from here. Default is ./winstone.properties
--prefix = add this prefix to all URLs (eg http://localhost:8080/prefix/resource). Default is none
--commonLibFolder = folder for additional jar files. Default is ./lib
--extraLibFolder = folder for additional jar files to add to Jetty classloader
--logThrowingLineNo = show the line no that logged the message (slow). Default is false
--logThrowingThread = show the thread that logged the message. Default is false
--debug = set the level of debug msgs (1-9). Default is 5 (INFO level)
--httpPort = set the http listening port. -1 to disable, Default is 8080
--httpListenAddress = set the http listening address. Default is all interfaces
--httpKeepAliveTimeout = how long idle HTTP keep-alive connections are kept around (in ms; default 5000)?
--httpsPort = set the https listening port. -1 to disable, Default is disabled
--httpsListenAddress = set the https listening address. Default is all interfaces
--httpsKeepAliveTimeout = how long idle HTTPS keep-alive connections are kept around (in ms; default 5000)?
--httpsKeyStore = the location of the SSL KeyStore file. Default is ./winstone.ks
--httpsKeyStorePassword = the password for the SSL KeyStore file. Default is null
--httpsKeyManagerType = the SSL KeyManagerFactory type (eg SunX509, IbmX509). Default is SunX509
--httpsPrivateKey = this switch with --httpsCertificate can be used to run HTTPS with OpenSSL secret key
/ --httpsCertificate file and the corresponding certificate file
--httpsRedirectHttp = redirect http requests to https (requires both --httpPort and --httpsPort)
--http2Port = set the http2 listening port. -1 to disable, Default is disabled
--http2ListenAddress = set the http2 listening address. Default is all interfaces
--excludeCipherSuites = set the ciphers to exclude (comma separated, use blank quote " " to exclude none) (default is
// Exclude weak / insecure ciphers
"^.*_(MD5|SHA|SHA1)$",
// Exclude ciphers that don't support forward secrecy
"^TLS_RSA_.*$",
// The following exclusions are present to cleanup known bad cipher
// suites that may be accidentally included via include patterns.
// The default enabled cipher list in Java will not include these
// (but they are available in the supported list).
"^SSL_.*$",
"^.*_NULL_.*$",
"^.*_anon_.*$"
--controlPort = set the shutdown/control port. -1 to disable, Default disabled
--useJasper = enable jasper JSP handling (true/false). Default is false
--sessionTimeout = set the http session timeout value in minutes. Default to what webapp specifies, and then to 60 minutes
--sessionEviction = set the session eviction timeout for idle sessions in seconds. Default value is 180. -1 never evict, 0 evict on exit
--mimeTypes=ARG = define additional MIME type mappings. ARG would be EXT=MIMETYPE:EXT=MIMETYPE:...
(e.g., xls=application/vnd.ms-excel:wmf=application/x-msmetafile)
--requestHeaderSize=N = set the maximum size in bytes of the request header. Default is 8192.
--maxParamCount=N = set the max number of parameters allowed in a form submission to protect
against hash DoS attack (oCERT #2011-003). Default is 10000.
--useJmx = Enable Jetty Jmx
--qtpMaxThreadsCount = max threads number when using Jetty Queued Thread Pool
--jettyAcceptorsCount = Jetty Acceptors number
--jettySelectorsCount = Jetty Selectors number
--usage / --help = show this message
Security options:
--realmClassName = Set the realm class to use for user authentication. Defaults to ArgumentsRealm class
--argumentsRealm.passwd.<user> = Password for user <user>. Only valid for the ArgumentsRealm realm class
--argumentsRealm.roles.<user> = Roles for user <user> (comma separated). Only valid for the ArgumentsRealm realm class
--fileRealm.configFile = File containing users/passwds/roles. Only valid for the FileRealm realm class
Access logging:
--accessLoggerClassName = Set the access logger class to use for user authentication. Defaults to disabled
--simpleAccessLogger.format = The log format to use. Supports combined/common/resin/custom (SimpleAccessLogger only)
--simpleAccessLogger.file = The location pattern for the log file(SimpleAccessLogger only)
笔记:
此外还有额外的“通过系统属性控制的 Jenkins 功能“。这些是违反直觉的(即:JENKINS_JAVA_OPTIONS):
系统属性通过传递
-Dproperty=value
给Java 命令行启动 Jenkins。确保传递所有这些参数在 -jar 参数之前,否则将被忽略。