Enable HTTPS for Jenkins on SUSE by using Apache httpd Reverse Proxy with Existing SSL Certificate

1. Prerequisites ## 2. Install Apache httpd ## 3. Enable Required Apache Modules ## 4. Place Your SSL Certificate ## 5. Configure Apache VirtualHost for Jenkins ## 6. Restart Apache ## 7. Configure Jenkins SUSE Linux server with Jenkins already installed and running on port 8080. A domain name pointing to your server (e.g., abc.com). An SSL certificate (Company certificate) has already been issued (e.g., .crt + .key files, and possibly a CA bundle). Root or sudo privileges. Enable and start Apache: systemctl status apache2 Apache needs proxy, proxy_http, ssl, and headers modules: Verify the module is already enabled sudo apache2ctl -M | grep ssl If you don’t see ssl_module (shared), then enable it: Edit /etc/sysconfig/apache2, find the APACHE_MODULES= line and add ssl.Like: APACHE_MODULES="... proxy proxy_http headers ssl ..." Also ensure APACHE_SERVER_FLAGS includes SSL so SSL-vhost stuff is actually activated. Something like: Then reload apache modules / restart Apache: Copy your certificate and key files into a secure directory: /etc/pki/tls/certs/abc.com.crt → your certificate /etc/pki/tls/private/abc.com.key → your private key /etc/pki/tls/certs/wildcard.abc.com_ca_bundle.crt (optional, if provided by CA) 5.1 Create or edit a config file for the Jenkins service: sudo nano /etc/apache2/vhosts.d/jenkins.conf Add this configuration (replace plm-jenkins-dev.konecranes.com with your domain): 5.2 Edit the Apache service config file to let it run on the 443 port : sudo nano /etc/apache2/httpd.conf Add this configuration (add from the top of the file): ServerName plm-jenkins-dev.abc.com Verify the previous configuration: sudo apache2ctl configtest → If you see y Syntax OK sudo systemctl restart apache2 Ensure Jenkins is aware it’s behind HTTPS. 7.1 Open Jenkins config file: sudo nano /etc/sysconfig/jenkins Add this line if missing: 7.2 Open the Jenkins start-up configuration file (from Jenkins 2.3xx we have to apply the change here) sudo systemctl edit jenkins Add the value below (from the 3rd rows at the top) Then restart the service 7.3 Inside Jenkins UI → Manage Jenkins → Configure System → set Jenkins URL: http://plm-jenkins-dev.abc.com/jenkins sudo systemctl restart jenkins https://plm-jenkins-dev.abc.com/jenkins You should see Jenkins running securely with your SSL certificate. (Optional) Block direct port 8080 access: Templates let you quickly answer FAQs or store snippets for re-use. Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse COMMAND_BLOCK: sudo zypper refresh sudo zypper install apache2 apache2-utils Enter fullscreen mode Exit fullscreen mode COMMAND_BLOCK: sudo zypper refresh sudo zypper install apache2 apache2-utils COMMAND_BLOCK: sudo zypper refresh sudo zypper install apache2 apache2-utils COMMAND_BLOCK: sudo systemctl enable apache2 sudo systemctl start apache2 Enter fullscreen mode Exit fullscreen mode COMMAND_BLOCK: sudo systemctl enable apache2 sudo systemctl start apache2 COMMAND_BLOCK: sudo systemctl enable apache2 sudo systemctl start apache2 COMMAND_BLOCK: sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod ssl sudo a2enmod headers Enter fullscreen mode Exit fullscreen mode COMMAND_BLOCK: sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod ssl sudo a2enmod headers COMMAND_BLOCK: sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod ssl sudo a2enmod headers CODE_BLOCK: APACHE_SERVER_FLAGS="SSL" Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: APACHE_SERVER_FLAGS="SSL" CODE_BLOCK: APACHE_SERVER_FLAGS="SSL" COMMAND_BLOCK: sudo systemctl restart apache2 Enter fullscreen mode Exit fullscreen mode COMMAND_BLOCK: sudo systemctl restart apache2 COMMAND_BLOCK: sudo systemctl restart apache2 COMMAND_BLOCK: <VirtualHost *:80> ServerName plm-jenkins-dev.abc.com Redirect permanent / https://plm-jenkins-dev.abc.com/ </VirtualHost> <VirtualHost *:443> ServerName plm-jenkins-dev.konecranes.com SSLEngine on SSLCertificateFile /etc/pki/tls/certs/wildcard.abc.com.crt SSLCertificateKeyFile /etc/pki/tls/private/wildcard.abc.com.key SSLCertificateChainFile /etc/pki/tls/certs/wildcard.abc.com_ca_bundle.crt ProxyRequests Off ProxyPreserveHost On AllowEncodedSlashes NoDecode <Proxy http://localhost:8080/jenkins*> Require all granted </Proxy> ProxyPass /jenkins http://localhost:8080/jenkins nocanon ProxyPassReverse /jenkins http://localhost:8080/jenkins RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443" </VirtualHost> Enter fullscreen mode Exit fullscreen mode COMMAND_BLOCK: <VirtualHost *:80> ServerName plm-jenkins-dev.abc.com Redirect permanent / https://plm-jenkins-dev.abc.com/ </VirtualHost> <VirtualHost *:443> ServerName plm-jenkins-dev.konecranes.com SSLEngine on SSLCertificateFile /etc/pki/tls/certs/wildcard.abc.com.crt SSLCertificateKeyFile /etc/pki/tls/private/wildcard.abc.com.key SSLCertificateChainFile /etc/pki/tls/certs/wildcard.abc.com_ca_bundle.crt ProxyRequests Off ProxyPreserveHost On AllowEncodedSlashes NoDecode <Proxy http://localhost:8080/jenkins*> Require all granted </Proxy> ProxyPass /jenkins http://localhost:8080/jenkins nocanon ProxyPassReverse /jenkins http://localhost:8080/jenkins RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443" </VirtualHost> COMMAND_BLOCK: <VirtualHost *:80> ServerName plm-jenkins-dev.abc.com Redirect permanent / https://plm-jenkins-dev.abc.com/ </VirtualHost> <VirtualHost *:443> ServerName plm-jenkins-dev.konecranes.com SSLEngine on SSLCertificateFile /etc/pki/tls/certs/wildcard.abc.com.crt SSLCertificateKeyFile /etc/pki/tls/private/wildcard.abc.com.key SSLCertificateChainFile /etc/pki/tls/certs/wildcard.abc.com_ca_bundle.crt ProxyRequests Off ProxyPreserveHost On AllowEncodedSlashes NoDecode <Proxy http://localhost:8080/jenkins*> Require all granted </Proxy> ProxyPass /jenkins http://localhost:8080/jenkins nocanon ProxyPassReverse /jenkins http://localhost:8080/jenkins RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443" </VirtualHost> CODE_BLOCK: JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --prefix=/jenkins" Environment="JENKINS_PREFIX=/jenkins" Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --prefix=/jenkins" Environment="JENKINS_PREFIX=/jenkins" CODE_BLOCK: JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --prefix=/jenkins" Environment="JENKINS_PREFIX=/jenkins" CODE_BLOCK: [Service] Environment="JENKINS_PREFIX=/jenkins" Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: [Service] Environment="JENKINS_PREFIX=/jenkins" CODE_BLOCK: [Service] Environment="JENKINS_PREFIX=/jenkins" COMMAND_BLOCK: sudo systemctl daemon-reload sudo systemctl restart jenkins Enter fullscreen mode Exit fullscreen mode COMMAND_BLOCK: sudo systemctl daemon-reload sudo systemctl restart jenkins COMMAND_BLOCK: sudo systemctl daemon-reload sudo systemctl restart jenkins COMMAND_BLOCK: sudo firewall-cmd --permanent --remove-port=8080/tcp sudo firewall-cmd --reload Enter fullscreen mode Exit fullscreen mode COMMAND_BLOCK: sudo firewall-cmd --permanent --remove-port=8080/tcp sudo firewall-cmd --reload COMMAND_BLOCK: sudo firewall-cmd --permanent --remove-port=8080/tcp sudo firewall-cmd --reload - Verify Open in browser: