25

I have Jenkins sitting behind Nginx, with Nginx taking care of authentication, but Jenkins is still listening on port 8080 externally, so by accessing the box on port 8080 people can bypass Nginx.

How can I tell it to stop listening for remote connections and just accept connections locally?

It looks like it might be something to do with this ajp13ListenAddress param, but I can't figure out how to set that in the init.d script installed with Jenkins.

Thanks loads for any help!

Ludo.

(Looks like there's no Jenkins tag yet and I can't create it as I don't have rep)

gm3dmo
  • 9,632
  • 1
  • 40
  • 35
Ludo
  • 1,049
  • 3
  • 10
  • 11

1 Answers1

27

Debian

If you installed Jenkins from the Debian package, you can modify /etc/default/jenkins and add the following line somewhere:

HTTP_HOST=127.0.0.1

and then add --httpListenAddress=$HTTP_HOST to the JENKINS_ARGS so that it reads something like:

JENKINS_ARGS="--webroot=/var/run/jenkins/war --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT --httpListenAddress=$HTTP_HOST"

Ubuntu

If you installed Jenkins from the Ubuntu Oneiric (11.10) package, edit /etc/init/jenkins.conf and add --httpListenAddress=127.0.0.1 to the JENKINS_ARGS line, so that it reads like:

JENKINS_ARGS="--webroot=$JENKINS_RUN/war --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT --httpListenAddress=127.0.0.1"

RedHat/CentOS/Amazon Linux

If you installed Jenkins using YUM repository, modify /etc/sysconfig/jenkins and edit JENKINS_LISTEN_ADDRESS to JENKINS_LISTEN_ADDRESS=127.0.0.1

Bill Weiss
  • 10,782
  • 3
  • 37
  • 65
Wouter de Bie
  • 699
  • 5
  • 7
  • If like me you are in the third case but you are also using HTTPS, it's JENKINS_HTTPS_LISTEN_ADDRESS that you want to set to 127.0.0.1 – Leogout Mar 02 '22 at 13:25