Log Jenkins+nginx+AWS NAT Gateway
全体のイメージ
CIツールサーバを以下のような構成で構築してみました。
Subnet,NACL
これは作成しただけで、特に制限はしていません。 後に設定していきます。
Jenkinsサーバの作成
■ jenkinsインストール
sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo sudo rpm --import http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key sudo yum install jenkins sudo service jenkins start
■ 自動起動設定
sudo chkconfig jenkins on sudo chkconfig --list | grep "jenkins" jenkins 0:off 1:off 2:on 3:on 4:on 5:on 6:off
NAT Gatewayの作成・関連付け
参考ページとほぼおなじ内容を設定 JenkinsをおくサーバのSubnet(Private)にひも付けました。 参考: http://dev.classmethod.jp/cloud/aws/introduce-to-amazon-vpc-nat-gateway/
nginx サーバ作成
■ conf設定 とりあえず動いた設定
sudo cp /etc/nginx/conf.d/virtual.conf /etc/nginx/conf.d/jenkins.conf sudo vim /etc/nginx/conf.d/jenkins.conf --------------------------------------- server { listen 80; location / { proxy_pass http://{ip}:8080; } } --------------------------------------- sudo service nginx reload
■ 自動起動設定
sudo chkconfig nginx on sudo chkconfig --list | grep "nginx" nginx 0:off 1:off 2:on 3:on 4:on 5:on 6:off
アクセスできました!
HTTPS設定
自己証明書によるHTTPS設定を行います。 少しでもセキュリティレベルをあげたいからです。 もちろん現時点ではhttpsでアクセスすると表示されません。
証明書の作成と設定
[ec2-user@ip-172-31-16-156 ~]$ sudo su [root@ip-172-31-16-156 ec2-user]# mkdir /etc/nginx/cert [root@ip-172-31-16-156 ec2-user]# cd /etc/nginx/cert [root@ip-172-31-16-156 cert]# openssl genrsa -des3 -out server.key 1024 Generating RSA private key, 1024 bit long modulus .....++++++ ......................................................++++++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key: [root@ip-172-31-16-156 cert]# openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:Japan string is too long, it needs to be less than 2 bytes long Country Name (2 letter code) [XX]:JP State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:ci-server Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
jenkins.confの変更
/etc/nginx/conf.d/jenkins.confを以下のように修正
server { #listen 80; #server_name somename alias another.alias; listen 443 default ssl; ssl on; ssl_certificate /etc/nginx/cert/server.crt; ssl_certificate_key /etc/nginx/cert/server.key; location / { proxy_pass http://{ip}:8080; } access_log /var/log/nginx/jenkins_access.log; error_log /var/log/nginx/jenkins_error.log; }
できました!
参考: http://qiita.com/narumi888/items/da664ce0aca5373fd9aa#2-18