Jenkins改造—nginx配置鉴权

先kill掉8082的端口进程

netstat -natp | grep 8082
kill 10256

1、下载nginx

nginx安装

1. EPEL 仓库中有 Nginx 的安装包。如果你还没有安装过 EPEL，可以通过运行下面的命令来完成安装

   sudo yum install epel-release

2. 输入以下命令来安装 Nginx

   sudo yum install nginx

3. 等到安装完成以后，可以通过以下命令来设置开机启动和运行 Nginx 服务

设置 Nginx 开机启动：

sudo systemctl enable nginx

启动 Nginx：

sudo systemctl start nginx

通过运行以下命令，来检查 Nginx 的运行状态：

sudo systemctl status nginx

浏览器中打开 http://IP

若出现报错：

Jul 13 15:42:05 bastion systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument

执行：

# 创建目录，并在目录中新增systemd启动配置
mkdir -p /etc/systemd/system/nginx.service.d && printf "[Service]\nExecStartPost=/bin/sleep 0.1\n" >/etc/systemd/system/nginx.service.d/override.conf
# 重启服务
systemctl daemon-reload
systemctl restart nginx.service

2、生成密码用于鉴权配置

nginx用户认证配置（ Basic HTTP authentication）

用户名是test，密码是后面的token：xxxxxxxxx

simulation
printf "jiuzhou:$(openssl passwd -crypt xxxxxxxxxxxxxxxxxxxx)\n" >>/etc/nginx/htpasswd

alertmanager
printf "admin:$(openssl passwd -crypt xxxxxxxxx)\n" >>/etc/nginx/htpasswd

3、修改nginx配置文件

vim /etc/nginx/nginx.conf

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}


http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       8082;
        listen       [::]:8082;
        server_name  http://jenkins.xx.xx.com/;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
location /output/ {
    root /var/lib/jenkins/;
    auth_basic "nginx basic http authentication";
    auth_basic_user_file /etc/nginx/htpasswd;
    autoindex on;
}
location / {
        return 404;
    }
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2;
#        listen       [::]:443 ssl http2;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}

sudo systemctl reload nginx
sudo systemctl restart nginx
netstat -natp | grep 8082
sudo systemctl status nginx