Install Jenkins on RHEL/CentOS Behind Nginx

Summary
Deploy Jenkins as a secure CI/CD server on RHEL/CentOS, using Nginx for SSL termination and reverse proxy. This guide covers installation, configuration, SSL setup, and common troubleshooting.

Prerequisites

Ensure the following prerequisites are met:

OS: CentOS/RHEL 7 or 8
Access: sudo/root privileges
DNS: jenkins.example.com pointing to your server
SSL: Valid certificate (jenkins.crt) and private key (jenkins.key)
Network: HTTP/HTTPS access open (ports 80, 443)

Architecture

flowchart LR
  A[Browser] -->|HTTPS 443| B[Nginx Reverse Proxy]
  B -->|HTTP 8080| C[Jenkins Server]
  C --> D[Build Agents & Pipelines]

1. System Preparation

Update OS and install essentials

sudo yum -y update
sudo yum -y install git lsof wget curl nginx java-1.8.0-openjdk-devel

Enable and start Nginx

sudo systemctl enable nginx
sudo systemctl start nginx

2. Add Jenkins Repository

Add the official Jenkins repository:

sudo wget -O /etc/yum.repos.d/jenkins.repo \
  http://pkg.jenkins-ci.org/redhat/jenkins.repo
sudo rpm --import http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key

3. Install and Start Jenkins

Install Jenkins
```
sudo yum -y install jenkins
```

Enable and start service

sudo systemctl enable jenkins
sudo systemctl start jenkins

Verify
```
curl http://localhost:8080
```

4. Nginx Reverse Proxy Configuration

Create /etc/nginx/conf.d/jenkins.conf:

server {
    listen 443 ssl;
    server_name jenkins.example.com;

    ssl_certificate     /opt/ssl/jenkins.crt;
    ssl_certificate_key /opt/ssl/jenkins.key;
    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    access_log  /var/log/nginx/jenkins.access.log;
    error_log   /var/log/nginx/jenkins.error.log;

    location ~ ^/static/[0-9a-f]{8}/(.*)$ {
        rewrite ^/static/[0-9a-f]{8}/(.*) /$1 last;
    }

    location /userContent {
        root /var/lib/jenkins;
        sendfile on;
        try_files $uri @jenkins;
    }

    location / {
        proxy_pass          http://127.0.0.1:8080;
        proxy_redirect      http:// https://;
        proxy_set_header    Host              $host;
        proxy_set_header    X-Real-IP         $remote_addr;
        proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto $scheme;

        client_max_body_size       50m;
        client_body_buffer_size    128k;
        proxy_connect_timeout      90;
        proxy_send_timeout         90;
        proxy_read_timeout         90;
        proxy_buffer_size          4k;
        proxy_buffers              4 32k;
        proxy_busy_buffers_size    64k;
        proxy_temp_file_write_size 64k;
    }
}

5. SSL Certificate Installation

Place your SSL certificate and key:

sudo mkdir -p /opt/ssl
sudo cp jenkins.crt /opt/ssl/
sudo cp jenkins.key /opt/ssl/
sudo chmod 600 /opt/ssl/jenkins.key

6. Validation

Test Nginx config
```
sudo nginx -t
```
Reload Nginx
```
sudo systemctl reload nginx
```
Check Jenkins
Visit: https://jenkins.example.com

7. Troubleshooting

502 Bad Gateway
Ensure Jenkins listens on port 8080:
sudo ss -tulnp | grep 8080
SSL issues
Confirm certificate paths and permissions.

Firewall
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
Performance tweaks
Adjust proxy_buffer_size, timeouts, and Nginx worker settings.