The following setting can be configured by using Docker environment variables.
This container can create ad-hoc self-signed certificates for https without any reverse proxy. This gives some out of the box network security. Note that reverse proxies and proper certificate work flows are always to be prefered! I will use this until the Google Cloud Engine https load balancer will work.
At startup the container will create a unique self-signed certificate. This certificat will live as long as the docker volume. You have to pass Distinguished Name (DN) and a keystore password. The certificate is generated by a Distinguished Name and secured by the keystore password. This is a DN-Example:
CN=SBleul,OU=Blacklabelops,O=blacklabelops.net,L=Munich,S=Bavaria,C=DE
- CN = Your name
- OU = Your organizational unit.
- O = Organisation name.
- L = Location, e.g. town name.
- S = State
- C = Locale of your county.
Now start your container with additional parameters for starting jenkins with https and a keystore password.
$ docker run --name jenkins \
-e "JENKINS_KEYSTORE_PASSWORD=swordfish" \
-e "JENKINS_CERTIFICATE_DNAME=CN=SBleul,OU=Blacklabelops,O=blacklabelops.net,L=Munich,S=Bavaria,C=DE" \
-p 443:8080 \
blacklabelops/jenkins
Congratulations! You can now access your jenkins instance with simply typing https://youinstance.com! Accept the certificate inside your browser and have fun!
This container support matrix enabled user security and admin account at startup. Jenkins will be locked up and only allows the defined admin user. Afterwards users and rights can be configured as usual. The admin password can be changed any time. I use this for starting the container up inside cloud environments.
$ docker run -d --name jenkins \
-e "JENKINS_ADMIN_USER=jenkins" \
-e "JENKINS_ADMIN_PASSWORD=swordfish" \
-p 8090:8080 \
blacklabelops/jenkins
Finally got this working:
You can define a set of plugins that will be installed, if necessary, during initialization. Very good for testing out new plugins. Also adding default plugins like swarm. You have to define a list of plugin-ids seperated by a whitespace.
$ docker run --name jenkins \
-e "JENKINS_PLUGINS=gitlab-plugin hipchat swarm" \
-p 8090:8080 \
blacklabelops/jenkins
This will install the plugins gitlab-plugin hipchat swarm once during post-inistialization.
Jenkins jobs should be executed on slaves therefore it's good to be able to limit the executors on the master.
$ docker run --name jenkins \
-e "JENKINS_MASTER_EXECUTORS=0" \
-p 8090:8080 \
blacklabelops/jenkins
Feature has been removed in version 2.0!
The following parameters enable the servers mail settings.
Minimum example:
$ docker run --name jenkins \
-e "SMTP_USER_NAME=jenkins" \
-e "SMTP_USER_PASS=swordfish" \
-e "SMTP_HOST=smtp.mailservice.com" \
-e "SMTP_PORT=2525" \
-p 8090:8080 \
-p 50000:50000 \
blacklabelops/jenkins
Full example:
$ docker run --name jenkins \
-e "SMTP_USER_NAME=jenkins" \
-e "SMTP_USER_PASS=swordfish" \
-e "SMTP_HOST=smtp.mailservice.com" \
-e "SMTP_PORT=2525" \
-e "SMTP_REPLYTO_ADDRESS=dummy@example.com" \
-e "SMTP_USE_SSL=true" \
-e "SMTP_CHARSET=UTF-8" \
-p 8090:8080 \
-p 50000:50000 \
blacklabelops/jenkins
The slave port enables the automatic connection of jenkins slaves. The port can be configured as follows.
$ docker run --name jenkins \
-e "JENKINS_SLAVEPORT=50000" \
-p 8090:8080 \
-p 50000:50000 \
blacklabelops/jenkins
Slaves can connect on port 50000.
You can define command line parameters. The list of parameters can be found here.
docker run -d --name jenkins \
-e "JENKINS_PARAMETERS=--httpPort=8090" \
-p 8090:8090 \
blacklabelops/jenkins
Starts Jenkins with internal port 8090 rather default port 8080.
You can define start up parameters for the Java Virtual Machine, e.g. setting the memory size.
docker run -d --name jenkins \
-e "JAVA_VM_PARAMETERS=-Xmx512m -Xms256m" \
-p 8090:8080 \
blacklabelops/jenkins
You will have to use Java 8 parameters.