Geek Answers Handbook

Jenkins configuration and security issues

This is the first time I use Jenkins, and I went through several online articles, but could not find satisfactory answers. We have a .Net project and we use the private GitHub repository. Now I am trying to create a CI server with Jenkins. The idea is that when a developer injects code into GitHub, we want to build the project on a CI server. I already installed Jenkins (v 1.646) and GitHub, Git, and the MSBuild plugin on the CI server. After working with Jenkins the last few hours, I have a few questions.

1> By default, Jenkins runs on port 8080. But for continuous integration to work, Jenkins must receive a notification from GitHub. Port 8080 is blocked by default from the outside world; port 80 is open on the CI server. I updated httpport in the Jenkins.xml file so that Jenkins runs on port 80.
I can access Jenkins from the public Internet, and the URL of the web hook is now http: // ipaddress / github-webhook , but this opens up a big security hole, because now anyone can access Jenskins. To solve this problem, I set up global security -> Project-based authorization strategy. Now I can only log in and manage projects. However, anyone can still enter an IP address, land on the Jenkins page, and create a new user account. Ofcource, that the user cannot access anything, but nevertheless he creates a new user in the Jenkinss database. So, there is a way to start Jenkins control on port 8080, as usual, but receive a notification on port 80

2> On the Jenkinss system configuration page, I see only "Git" and "GitHub Plugin Configuration". I don’t see the “GitHub Web Hook” option, nor do I see the “Let Jenkins auto-manage hook URLs”, this has changed in version 1.646

3> Since we use a private repository, our project URL is https://github.com/MyCompanyName/reponame , and the repository URL https://github.com/MyCompanyName/reponame.git indicates that the url has a company name is not a username. But I see a Jenkins log error

Failed to delete GitHubRepositoryName [host = github.com, username = MyCompanyName, repository = reponame] java.lang.NullPointerException: no credentials with administrator access to control intercepts GitHubRepositoryName [host = github.com, username = MyCompanyName, repository = reponame] at com.google.common.base.Preconditions.checkNotNull (Preconditions.java:231)

Why is he trying to use the company name as the username? I set the correct user credentials and he was able to PULL the code.

+6
source share
2 answers

1) Go to the Global Security Settings section and uncheck the box "Allow users to register" to prevent the creation of new accounts.

pic1

2 & 3) Go to the System / Github module configuration section and uncheck the “Manage the hook” box if you do not have administrator access or do not want to control Jenkins intercepts.

pic2

+5
source

I will add a second answer for others like me who stumbled here but were unable to fix it using the steps above:

1) Be sure to remove .git traffic from your task. SCM configuration enter image description here

2) Make sure you set ip / domain in Jenkins, which can be achieved by Github, as this is what will be used to create sniffers in your repositories. This can be set to loopback by default if you are working in a VM, for example enter image description here

Results in this bad configuration on github enter image description here

3) Restart Jenkins with http:/your-jenkins-address:port/restart

+3
source

More articles:


All Articles