Log Jenkins+nginx+AWS NAT Gateway

全体のイメージ

CIツールサーバを以下のような構成で構築してみました。 enter image description here

Subnet,NACL

これは作成しただけで、特に制限はしていません。 後に設定していきます。

Jenkinsサーバの作成

■ jenkinsインストール

sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
sudo rpm --import http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
sudo yum install jenkins
sudo service jenkins start 

自動起動設定

sudo chkconfig jenkins on
sudo chkconfig --list  | grep "jenkins"                    
jenkins         0:off   1:off   2:on    3:on    4:on    5:on    6:off

NAT Gatewayの作成・関連付け

参考ページとほぼおなじ内容を設定 JenkinsをおくサーバのSubnet(Private)にひも付けました。 参考: http://dev.classmethod.jp/cloud/aws/introduce-to-amazon-vpc-nat-gateway/

nginx サーバ作成

■ conf設定 とりあえず動いた設定

sudo cp /etc/nginx/conf.d/virtual.conf /etc/nginx/conf.d/jenkins.conf
sudo vim /etc/nginx/conf.d/jenkins.conf
---------------------------------------
server {
    listen       80;
    location / {
        proxy_pass http://{ip}:8080;
    }
}
---------------------------------------

sudo service nginx reload

自動起動設定

sudo chkconfig nginx on
sudo chkconfig --list | grep "nginx"
nginx           0:off   1:off   2:on    3:on    4:on    5:on    6:off

アクセスできました! enter image description here

HTTPS設定

自己証明書によるHTTPS設定を行います。 少しでもセキュリティレベルをあげたいからです。 もちろん現時点ではhttpsでアクセスすると表示されません。 enter image description here

証明書の作成と設定

[ec2-user@ip-172-31-16-156 ~]$ sudo su
[root@ip-172-31-16-156 ec2-user]# mkdir /etc/nginx/cert
[root@ip-172-31-16-156 ec2-user]# cd /etc/nginx/cert
[root@ip-172-31-16-156 cert]# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.....++++++
......................................................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@ip-172-31-16-156 cert]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:Japan
string is too long, it needs to be less than  2 bytes long
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:ci-server
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

jenkins.confの変更

/etc/nginx/conf.d/jenkins.confを以下のように修正

server {
    #listen       80;
    #server_name  somename  alias  another.alias;

    listen 443 default ssl;
    ssl on;
    ssl_certificate /etc/nginx/cert/server.crt;
    ssl_certificate_key /etc/nginx/cert/server.key;
    location / {
        proxy_pass http://{ip}:8080;
    }
    access_log  /var/log/nginx/jenkins_access.log;
    error_log   /var/log/nginx/jenkins_error.log;
}

できました! enter image description here

参考: http://qiita.com/narumi888/items/da664ce0aca5373fd9aa#2-18