From 6b1a5a625c2cb8809622180b7868495593b717b9 Mon Sep 17 00:00:00 2001
From: Vincent Delbar <vincent.delbar@latelescop.fr>
Date: Wed, 25 Oct 2023 17:34:46 +0200
Subject: [PATCH 1/5] FIX: use double quote for variable expansion in yaml

---
 docker-compose.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 9de1e66b..f74db798 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -156,16 +156,16 @@ services:
     container_name: jenkins4${COMPOSE_PROJECT_NAME}
     user: jenkins
     ports:
-      - '${JENKINS_HTTP_PORT}:${JENKINS_HTTP_PORT}'
-      - '${JENKINS_HTTPS_PORT}:${JENKINS_HTTPS_PORT}'
-      - '50000:50000'
+      - "${JENKINS_HTTP_PORT}:${JENKINS_HTTP_PORT}"
+      - "${JENKINS_HTTPS_PORT}:${JENKINS_HTTPS_PORT}"
+      - "50000:50000"
     # network_mode: "host"
     volumes:
       - jenkins_data:/var/jenkins_home
       - backup-restore:/backup_restore
       - data:/data
     environment:
-      - 'JENKINS_OPTS=--httpPort=${JENKINS_HTTP_PORT} --httpsPort=${JENKINS_HTTPS_PORT} --prefix=/jenkins'
+      - "JENKINS_OPTS=--httpPort=${JENKINS_HTTP_PORT} --httpsPort=${JENKINS_HTTPS_PORT} --prefix=/jenkins"
     restart: on-failure
 
 volumes:

From 98b3b32db53b560c6a172ea1744dd201aa4bc10c Mon Sep 17 00:00:00 2001
From: Vincent Delbar <vincent.delbar@latelescop.fr>
Date: Wed, 25 Oct 2023 17:36:27 +0200
Subject: [PATCH 2/5] FIX: add missing env_file for nginx image build

---
 docker-compose.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index f74db798..439b30b6 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -57,6 +57,8 @@ services:
     image: geonode/nginx:1.23.3
     build: ./docker/nginx/
     container_name: nginx4${COMPOSE_PROJECT_NAME}
+    env_file:
+      - .env
     environment:
       - HTTPS_HOST=${HTTPS_HOST}
       - HTTP_HOST=${HTTP_HOST}

From 66c80145c83547d3198120637bf412185e669d0f Mon Sep 17 00:00:00 2001
From: Vincent Delbar <vincent.delbar@latelescop.fr>
Date: Wed, 25 Oct 2023 17:42:51 +0200
Subject: [PATCH 3/5] ENH: avoid passing full env file to nginx build

---
 docker-compose.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 439b30b6..15101c46 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -57,8 +57,6 @@ services:
     image: geonode/nginx:1.23.3
     build: ./docker/nginx/
     container_name: nginx4${COMPOSE_PROJECT_NAME}
-    env_file:
-      - .env
     environment:
       - HTTPS_HOST=${HTTPS_HOST}
       - HTTP_HOST=${HTTP_HOST}
@@ -66,6 +64,8 @@ services:
       - HTTP_PORT=${HTTP_PORT}
       - LETSENCRYPT_MODE=${LETSENCRYPT_MODE}
       - RESOLVER=127.0.0.11
+      - JENKINS_HTTP_PORT=${JENKINS_HTTP_PORT}
+      - JENKINS_HTTPS_PORT=${JENKINS_HTTPS_PORT}
     ports:
       - "${HTTP_PORT}:80"
       - "${HTTPS_PORT}:443"

From a4884f1eeeccb532ebba5ba4aebd09cec06615a3 Mon Sep 17 00:00:00 2001
From: Vincent Delbar <vincent.delbar@latelescop.fr>
Date: Wed, 25 Oct 2023 19:13:27 +0200
Subject: [PATCH 4/5] ENH: newer jenkins image + no https by default since
 behind nginx proxy

---
 .env.sample                        | 3 ++-
 docker-compose.yml                 | 9 +++++----
 docker/nginx/geonode.conf.envsubst | 2 +-
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/.env.sample b/.env.sample
index 3e8f5b9e..f0e284c5 100644
--- a/.env.sample
+++ b/.env.sample
@@ -59,7 +59,8 @@ HAYSTACK_SEARCH_RESULTS_PER_PAGE=200
 # CI/CD Server
 # #################
 JENKINS_HTTP_PORT=9080
-JENKINS_HTTPS_PORT=9443
+# Since Jenkins 2.339, you'll also need the --httpsKeyStore option for https to work
+#JENKINS_HTTPS_PORT=9443
 
 # #################
 # nginx
diff --git a/docker-compose.yml b/docker-compose.yml
index 15101c46..1e4fdf37 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -65,7 +65,7 @@ services:
       - LETSENCRYPT_MODE=${LETSENCRYPT_MODE}
       - RESOLVER=127.0.0.11
       - JENKINS_HTTP_PORT=${JENKINS_HTTP_PORT}
-      - JENKINS_HTTPS_PORT=${JENKINS_HTTPS_PORT}
+      #- JENKINS_HTTPS_PORT=${JENKINS_HTTPS_PORT}
     ports:
       - "${HTTP_PORT}:80"
       - "${HTTPS_PORT}:443"
@@ -154,12 +154,12 @@ services:
     restart: on-failure
 
   jenkins:
-    image: jenkins/jenkins:2.164-jdk11
+    image: jenkins/jenkins:2.414-jdk11
     container_name: jenkins4${COMPOSE_PROJECT_NAME}
     user: jenkins
     ports:
       - "${JENKINS_HTTP_PORT}:${JENKINS_HTTP_PORT}"
-      - "${JENKINS_HTTPS_PORT}:${JENKINS_HTTPS_PORT}"
+      #- "${JENKINS_HTTPS_PORT}:${JENKINS_HTTPS_PORT}"
       - "50000:50000"
     # network_mode: "host"
     volumes:
@@ -167,7 +167,8 @@ services:
       - backup-restore:/backup_restore
       - data:/data
     environment:
-      - "JENKINS_OPTS=--httpPort=${JENKINS_HTTP_PORT} --httpsPort=${JENKINS_HTTPS_PORT} --prefix=/jenkins"
+      - "JENKINS_OPTS=--httpPort=${JENKINS_HTTP_PORT} --prefix=/jenkins"
+      #- "JENKINS_OPTS=--httpPort=${JENKINS_HTTP_PORT} --httpsPort=${JENKINS_HTTPS_PORT} --httpsKeyStore=${} --httpsKeyStorePassword=${} --prefix=/jenkins"
     restart: on-failure
 
 volumes:
diff --git a/docker/nginx/geonode.conf.envsubst b/docker/nginx/geonode.conf.envsubst
index 2131d10f..cd4c114a 100644
--- a/docker/nginx/geonode.conf.envsubst
+++ b/docker/nginx/geonode.conf.envsubst
@@ -56,7 +56,7 @@ location /jenkins {
     # Using a variable is a trick to let Nginx start even if upstream host is not up yet
     # (see https://sandro-keil.de/blog/2017/07/24/let-nginx-start-if-upstream-host-is-unavailable-or-down/)
     set $upstream jenkins:$JENKINS_HTTP_PORT;
-    # set $upstream $HTTP_HOST$HTTPS_HOST:$JENKINS_HTTP_PORT;
+    # set $upstream $HTTPS_HOST:$JENKINS_HTTPS_PORT;
 
     proxy_set_header Host $http_host;
     proxy_set_header X-Real-IP $remote_addr;

From 306895b7e3cf97f58e145dfefaa7ebd913032316 Mon Sep 17 00:00:00 2001
From: Vincent Delbar <vincent.delbar@latelescop.fr>
Date: Wed, 25 Oct 2023 20:04:24 +0200
Subject: [PATCH 5/5] ENH: use latest jenkins for CVEs

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 1e4fdf37..bb677fcb 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -154,7 +154,7 @@ services:
     restart: on-failure
 
   jenkins:
-    image: jenkins/jenkins:2.414-jdk11
+    image: jenkins/jenkins:2.429-jdk17
     container_name: jenkins4${COMPOSE_PROJECT_NAME}
     user: jenkins
     ports: