構築した際のログを残します。#随時修正していきます。
全体のイメージ
Subnet,NACL
これは作成しただけで、特に制限はしていません。
後に設定していきます。
Jenkinsサーバの作成
jenkinsインストール
sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
sudo rpm --import http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
sudo yum install jenkins
sudo service jenkins start
自動起動設定
sudo chkconfig jenkins on
sudo chkconfig --list | grep "jenkins"
jenkins 0:off 1:off 2:on 3:on 4:on 5:on 6:off
NAT Gatewayの作成・関連付け
参考ページとほぼおなじ内容を設定
JenkinsをおくサーバのSubnet(Private)にひも付けました。
参考: http://dev.classmethod.jp/cloud/aws/introduce-to-amazon-vpc-nat-gateway/
nginx サーバ作成
conf設定
とりあえず動いた設定
sudo cp /etc/nginx/conf.d/virtual.conf /etc/nginx/conf.d/jenkins.conf
sudo vim /etc/nginx/conf.d/jenkins.conf
---------------------------------------
server {
listen 80;
location / {
proxy_pass http://{ip}:8080;
}
}
---------------------------------------
sudo service nginx reload
自動起動設定
sudo chkconfig nginx on
sudo chkconfig --list | grep "nginx"
nginx 0:off 1:off 2:on 3:on 4:on 5:on 6:off
HTTPS設定
自己証明書によるHTTPS設定を行います。
少しでもセキュリティレベルをあげたいからです。
もちろん現時点ではhttpsでアクセスすると表示されません。
証明書の作成と設定
[ec2-user@ip-172-31-16-156 ~]$ sudo su
[root@ip-172-31-16-156 ec2-user]# mkdir /etc/nginx/cert
[root@ip-172-31-16-156 ec2-user]# cd /etc/nginx/cert
[root@ip-172-31-16-156 cert]# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.....++++++
......................................................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@ip-172-31-16-156 cert]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:ci-server
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
jenkins.confの変更
/etc/nginx/conf.d/jenkins.confを以下のように修正
server {
#listen 80;
#server_name somename alias another.alias;
listen 443 default ssl;
ssl on;
ssl_certificate /etc/nginx/cert/server.crt;
ssl_certificate_key /etc/nginx/cert/server.key;
location / {
proxy_pass http://{ip}:8080;
}
access_log /var/log/nginx/jenkins_access.log;
error_log /var/log/nginx/jenkins_error.log;
}
参考: http://qiita.com/narumi888/items/da664ce0aca5373fd9aa#2-18