diff --git a/Ubuntu-16.04/developer-tools/jenkins-nginx-letsencrypt/cloud-init.yaml b/Ubuntu-16.04/developer-tools/jenkins-nginx-letsencrypt/cloud-init.yaml new file mode 100644 index 0000000..990f1cb --- /dev/null +++ b/Ubuntu-16.04/developer-tools/jenkins-nginx-letsencrypt/cloud-init.yaml @@ -0,0 +1,91 @@ +#cloud-config +#Install Jenkins on Ubuntu 16.04 x64 with SSL behind nginx proxy +packages: + - nginx + #jq is a command-line json processor https://stedolan.github.io/jq/ + - jq +runcmd: + # start of letsencrypt process + - export DOMAIN=<%YOUR_TOP_LEVEL_DOMAIN.COM%> + - export DO_API_TOKEN=<%YOUR_DIGITALOCEAN_API_KEY%> + - export PUBLIC_IPV4=$(curl -s http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/address) + - export DROPLET_ID=$(curl -s http://169.254.169.254/metadata/v1/id) + - export DROPLET_NAME=$(curl -s http://169.254.169.254/metadata/v1/hostname) + # get email for letsencrypt TOS via DO api + - 'export EMAIL=$(curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $DO_API_TOKEN" https://api.digitalocean.com/v2/account | jq -r ".account.email")' + # install certbot, update + - sudo add-apt-repository ppa:certbot/certbot -y + - sudo apt-get update + - sudo apt install python-certbot-nginx -y + # add domain name to nginx config, restart it + - sudo sed -i 's/server_name _;/server_name '$DROPLET_NAME"."$DOMAIN';\n\n\tclient_max_body_size 10m;\n\n\t#DHPARAM_PLACEHOLDER/' /etc/nginx/sites-available/default + - sudo systemctl restart nginx + # create a subdomain a-record for this droplet + - 'curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer $DO_API_TOKEN" -d "{\"type\":\"A\", \"name\":\"$DROPLET_NAME\", \"data\":\"$PUBLIC_IPV4\"}" https://api.digitalocean.com/v2/domains/$DOMAIN/records' + - sleep 10s + - sudo certbot --nginx -n -d $DROPLET_NAME"."$DOMAIN --email $EMAIL --agree-tos --redirect --hsts + - sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 + # write ssl_dhparam directive to nginx config + - sudo sed -i 's/#DHPARAM_PLACEHOLDER/ssl_dhparam \/etc\/ssl\/certs\/dhparam.pem;/' /etc/nginx/sites-available/default + - sudo systemctl restart nginx + # end of letsencrypt process + # start of jenkins init process + - sudo adduser --disabled-password --gecos "" jenkins + - sudo adduser jenkins sudo + # edit nginx config to proxy to jenkins + - sed -i 's/^\t\ttry_files \$uri \$uri\/ =404;/include \/etc\/nginx\/proxy_params;\n\t\tproxy_pass http:\/\/localhost:8080;\n\t\tproxy_read_timeout 90s;\n\t\tproxy_redirect http:\/\/localhost:8080 https:\/\/'$DROPLET_NAME'.'$DOMAIN';/' /etc/nginx/sites-available/default + - sudo systemctl restart nginx + # add jenkins repo key + - wget -q -O - https://pkg.jenkins.io/debian/jenkins-ci.org.key | sudo apt-key add - + # add the jenkins debian package repo to our sources list + - echo deb http://pkg.jenkins.io/debian-stable binary/ | sudo tee /etc/apt/sources.list.d/jenkins.list + # run apt update to recognize new jenkins source + - sudo apt update -y + # install jenkins and dependencies, including java + - sudo apt install jenkins -y + # start jenkins + - sudo systemctl start jenkins + # update jenkins config to handle proxy + - sudo sed -i 's/--httpPort=\$HTTP_PORT/--httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1/' /etc/default/jenkins + - sudo systemctl restart jenkins + # download the jenkins digitalocean plugin + - sudo wget http://updates.jenkins-ci.org/latest/digitalocean-plugin.hpi -P /var/lib/jenkins/plugins/ + - sudo chown -R jenkins:jenkins /var/lib/jenkins/plugins + - sudo reboot +write_files: + # letsencrypt renewal cron + - owner: root:root + path: /etc/cron.d/letsencrypt_renew + content: "15 3 1 * * /usr/bin/certbot renew --quiet" +do_base_images: [ubuntu-16-04-x32, ubuntu-16-04-x64, ubuntu-17-04-x32, ubuntu-17-04-x64] +readme: | + This script is meant to automate installation and initial configuration of Jenkins, nginx and Let's Encrypt via [cloud-init](https://www.digitalocean.com/community/tutorials/an-introduction-to-cloud-config-scripting) on an Ubuntu 16.04 or 16.10 server. + + ## Prerequisites: + Before running this, you'll need to: + 1. Configure your domain to point at DigitalOcean Nameservers + [ref](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-host-name-with-digitalocean) + 2. Add your top-level domain _(domain.com, no subdomain)_ in [DigitalOcean control panel](https://cloud.digitalocean.com/networking/domains). + 3. Replace <%YOUR_TOP_LEVEL_DOMAIN.COM%> in the [cloud-init.yaml](cloud-init.yaml) with your top-level domain (domain.com) + 4. Replace <%YOUR_DIGITALOCEAN_API_KEY%> with an API token. [Ref](https://cloud.digitalocean.com/settings/api/tokens) + When creating the server, you'll need to use an Ubuntu 16.x image with at least 1GB Memory. + + + ## Deploy Plan: + By pasting [cloud-init.yaml](cloud-init.yaml) into user-data section of server create page, server will automatically: + 1. Install and start [nginx](https://www.digitalocean.com/community/tags/nginx) + 2. Update DigitalOcean DNS to point a subdomain [this_server_name].[your_top_level_domain.com] + at public IPV4 of this server. + 3. Install and run [Let's Encrypt](https://www.digitalocean.com/community/tags/let-s-encrypt) certbot tool to automatically generate and renew SSL + certificates (allowing magento to run only via HTTPS) + 4. Add the jenkins debian package to source list, install and start jenkins. + 5. Download the latest version of the [DigitalOcean Jenkins plugin](https://github.com/jenkinsci/digitalocean-plugin) + + Install takes ~4 minutes, once server is created you can SSH in and follow progress by running `tail -f /var/log/cloud-init-output.log`. Once install is finished, server will reboot and you can go to https://[droplet-name].[your-domain.com] and finish the jenkins configuration. You will need the jenkins install password saved at `/var/lib/jenkins/secrets/initialAdminPassword` + + + ## Further Reading: + This script builds on detailed instructions provided in the following tutorials: + - [Install and configure nginx as reverse proxy for jenkins](https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-with-ssl-as-a-reverse-proxy-for-jenkins) + - [Install Let's Encrypt (certbot) with nginx on ubuntu](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04) + - [Using the DigitalOcean Jenkins Plugin](http://nemerosa.ghost.io/2016/05/05/saving-money-with-jenkins-digital-ocean-and-docker/) diff --git a/Ubuntu-16.04/developer-tools/jenkins-nginx-letsencrypt/readme.md b/Ubuntu-16.04/developer-tools/jenkins-nginx-letsencrypt/readme.md new file mode 100644 index 0000000..ea8ef27 --- /dev/null +++ b/Ubuntu-16.04/developer-tools/jenkins-nginx-letsencrypt/readme.md @@ -0,0 +1,32 @@ +# Jenkins, nginx, and HTTPS via Let's Encrypt on Ubuntu 16.x + +This script is meant to automate installation and initial configuration of Jenkins, nginx and Let's Encrypt via [cloud-init](https://www.digitalocean.com/community/tutorials/an-introduction-to-cloud-config-scripting) on an Ubuntu 16.04 or 16.10 server. + +## Prerequisites: +Before running this, you'll need to: +1. Configure your domain to point at DigitalOcean Nameservers + [ref](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-host-name-with-digitalocean) +2. Add your top-level domain _(domain.com, no subdomain)_ in [DigitalOcean control panel](https://cloud.digitalocean.com/networking/domains). +3. Replace <%YOUR_TOP_LEVEL_DOMAIN.COM%> in the [cloud-init.yaml](cloud-init.yaml) with your top-level domain (domain.com) +4. Replace <%YOUR_DIGITALOCEAN_API_KEY%> with an API token. [Ref](https://cloud.digitalocean.com/settings/api/tokens) +When creating the server, you'll need to use an Ubuntu 16.x image with at least 1GB Memory. + + +## Deploy Plan: +By pasting [cloud-init.yaml](cloud-init.yaml) into user-data section of server create page, server will automatically: +1. Install and start [nginx](https://www.digitalocean.com/community/tags/nginx) +2. Update DigitalOcean DNS to point a subdomain [this_server_name].[your_top_level_domain.com] + at public IPV4 of this server. +3. Install and run [Let's Encrypt](https://www.digitalocean.com/community/tags/let-s-encrypt) certbot tool to automatically generate and renew SSL + certificates (allowing magento to run only via HTTPS) +4. Add the jenkins debian package to source list, install and start jenkins. +5. Download the latest version of the [DigitalOcean Jenkins plugin](https://github.com/jenkinsci/digitalocean-plugin) + +Install takes ~4 minutes, once server is created you can SSH in and follow progress by running `tail -f /var/log/cloud-init-output.log`. Once install is finished, server will reboot and you can go to https://[droplet-name].[your-domain.com] and finish the jenkins configuration. You will need the jenkins install password saved at `/var/lib/jenkins/secrets/initialAdminPassword` + + +## Further Reading: +This script builds on detailed instructions provided in the following tutorials: +- [Install and configure nginx as reverse proxy for jenkins](https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-with-ssl-as-a-reverse-proxy-for-jenkins) +- [Install Let's Encrypt (certbot) with nginx on ubuntu](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04) +- [Using the DigitalOcean Jenkins Plugin](http://nemerosa.ghost.io/2016/05/05/saving-money-with-jenkins-digital-ocean-and-docker/)