Jenkins 部署
- 系统:AlmaLinux 9
- Java:21.0.9
- Jenkins:2.528.3
Jenkins 官方安装文档:Installing Jenkins
- 主要文档:WAR file
查看 Java 要求:Java Support Policy
- 这里部署 Jenkins LTS(版本号:2.528.3),使用 Java 21(版本号:21.0.9)
- 查看最新版本号:Java Downloads
cd /data/septvean/bash/java
bash -x deploy-jdk-21.sh 21.0.9
/usr/local/jdk/21.0.9/bin/java -version
# java version "21.0.9" 2025-10-21 LTS
# Java(TM) SE Runtime Environment (build 21.0.9+7-LTS-338)
# Java HotSpot(TM) 64-Bit Server VM (build 21.0.9+7-LTS-338, mixed mode, sharing)
- 查看最新版本号:Jenkins Downloads
# 安装依赖包
dnf install -y git git-core dejavu-sans-fonts fontconfig freetype xorg-x11-server-Xvfb
# 创建用户
useradd -r -s /sbin/nologin jenkins
# 创建目录
# app: Jenkins War包 目录
# builder: 编译工具 目录
# data: Jenkins HOME 目录
# log: Jenkins 日志
mkdir -pv /data/jenkins/{app,builder,data,log}
# 设置代理
# export http_proxy=http://192.168.101.200:1080; export https_proxy=http://192.168.101.200:1080;
# 下载 War 包
cd /data/jenkins/app
wget -c -O jenkins-2.528.3.war https://get.jenkins.io/war-stable/2.528.3/jenkins.war
ln -svf jenkins-2.528.3.war jenkins.war
# 创建日志文件
touch /data/jenkins/log/{error.log,run.log}
# 设置权限
chown -R jenkins:jenkins /data/jenkins
# 设置环境变量
# export JENKINS_HOME='/data/jenkins/data'
# 启动 (端口 8200, 前缀 /jenkins) 用于测试
# /usr/local/jdk/21.0.9/bin/java \
# -jar jenkins.war \
# --httpPort=8200 \
# --prefix=/jenkins
# 其它参数
# java -jar jenkins.war --help
# 创建 service
#
# JVM 参数根据实际情况配置
#
# Environment="JAVA_OPTS='-server -Xms256m -Xmx512m'"
#
# 启动参数
#
# httpListenAddress 设置为 0.0.0.0
# httpPort 设置为 8200
#
# 或者 httpListenAddress 设置为 127.0.0.1, 使用 Nginx 反向代理
#
# ExecStart=/usr/local/jdk/21.0.9/bin/java -jar jenkins.war --httpListenAddress=127.0.0.1 --httpPort=8200 --prefix=/jenkins
tee /etc/systemd/system/jenkins.service <<'EOF'
[Unit]
Description=Jenkins Server
After=network.target
[Service]
Type=simple
User=jenkins
Group=jenkins
# 环境变量
Environment="JENKINS_HOME=/data/jenkins/data"
Environment="JAVA_OPTS='-server -Xms256m -Xmx512m'"
# 工作目录
WorkingDirectory=/data/jenkins/app
# 启动命令
ExecStart=/usr/local/jdk/21.0.9/bin/java -jar jenkins.war --httpListenAddress=0.0.0.0 --httpPort=8200
# 日志输出到文件
StandardOutput=append:/data/jenkins/log/run.log
StandardError=append:/data/jenkins/log/error.log
# 自动重启策略
Restart=always
RestartSec=5s
[Install]
WantedBy=multi-user.target
EOF
# 创建服务
systemctl daemon-reload
systemctl start jenkins
systemctl status jenkins
# ● jenkins.service - Jenkins Server
# Loaded: loaded (/etc/systemd/system/jenkins.service; disabled; preset: disabled)
# Active: active (running) since Sat 2026-01-03 21:59:00 CST; 4s ago
# Main PID: 3822 (java)
# Tasks: 32 (limit: 209715)
# Memory: 254.4M (peak: 254.4M)
# CPU: 7.262s
# CGroup: /system.slice/jenkins.service
# └─3822 /usr/local/jdk/21.0.9/bin/java -jar jenkins.war --httpListenAddress=0.0.0.0 --httpPort=8200
# Jan 03 21:59:00 node-201.server.com systemd[1]: Started Jenkins Server.
# 查看 Jenkins 日志
journalctl -u jenkins -f
# 设置为开机启动
systemctl enable jenkins
访问:http://192.168.101.201:8200/
- 如果添加了
--prefix=/jenkins参数,则访问 http://192.168.101.201:8200/jenkins/
location /jenkins {
# 代理
proxy_pass http://127.0.0.1:8200;
# 修正 Jenkins 返回的重定向路径
proxy_redirect 127.0.0.1 $scheme://$host/jenkins;
# 设置请求头
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 超时设置
proxy_connect_timeout 3s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
# 关闭代理缓冲
proxy_buffering off;
}
Nginx 加载配置
nginx -t
nginx -s reload
访问:https://devops.v2ep.com/jenkins/
cat /data/jenkins/data/secrets/initialAdminPassword
如果提示离线,添加 HTTP 代理。
- Dashboard View
- Folders
- OWASP Markup Formatter
- Build Name and Description Setter
- Build Timeout
- Credentials Binding
- Timestamper
- Workspace Cleanup
- 全不选
- 默认 (全不选)
- Pipeline
- Pipeline Graph View
- Conditional BuildStep
- Parameterized Trigger
- Copy Artifact
- Git
- Git Parameter
- GitLab
- 单机:全不选
- 集群:Matrix Project
- Matrix Authorization Strategy
- PAM Authentication
- Role-based Authorization Strategy
- 默认
- 全不选
- Locale
- 千万不要选择 Localization: Chinese (Simplified) !!
如果有安装失败的,点击“重试”。
- 不创建 -> “使用admin账户继续”
- Jenkins URL:根据情况修改 (默认)
- 保存并完成
- 点击右上角的设置图标
进入管理页面
Manage Jenkins -> System Configuration -> System
- 主节点,不执行任务,将 executors 设置为 0
- 不发送使用统计
- 清除 HTTP 代理
Manage Jenkins -> System Configuration -> Appearance
- Default Language:Use Default Locale - English (United States) (en_US)
- ✅ Ignore browser preference and force this language to all users
- ✅ Allow all users to use their own language preference
Manage Jenkins -> System Configuration -> Security
- Authorization -> Project-based Matrix Authorization Strategy -> Anonymous -> 勾选 Job/Read 和 Job/Build
- CSRF Protection -> Enable proxy compatibility
这两个配置是为了解决 GitLab 触发 Jenkins WebHook 时出现的错误
Hook executed successfully but returned HTTP 403 <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/> <title>Error 403 anonymous is missing the Job/Build permission</title> </head> <body><h2>HTTP ERROR 403 anonymous is missing the Job/Build permission</h2> <table> <tr><th>URI:</th><td>/jenkins/project/ci-test</td></tr> <tr><th>STATUS:</th><td>403</td></tr> <tr><th>MESSAGE:</th><td>anonymous is missing the Job/Build permission</td></tr> <tr><th>SERVLET:</th><td>Stapler</td></tr> </table> <hr/><a href="https://jetty.org/">Powered by Jetty:// 12.0.25</a><hr/> </body> </html>
Manage Jenkins -> System Configuration -> Plugins
安装以下插件:
- Blue Ocean
- Generic Webhook Trigger
- Multibranch Scan Webhook Trigger
- Pipeline: Stage View
Multibranch Scan Webhook Trigger 插件,用于 Multibranch Pipeline 设置 Webhook token
- Scan Multibranch Pipeline Triggers -> Scan by webhook -> Trigger token
admin -> Security -> Password
重启 Jenkins
systemctl restart jenkins
cd /data/jenkins/app/
ls -al
wget -c -O jenkins-2.528.3.war https://updates.jenkins.io/download/war/2.528.3/jenkins.war
ln -svf jenkins-2.528.3.war jenkins.war
chown -R jenkins:jenkins jenkins.*
systemctl restart jenkins.service