cloudposse-archives · ivan-pinatti · Feb 3, 2018 · Feb 3, 2018 · Feb 3, 2018 · Feb 3, 2018
diff --git a/Dockerfile b/Dockerfile
@@ -1,14 +1,57 @@
 # https://hub.docker.com/r/jenkins/jenkins/tags/
-FROM jenkins/jenkins:2.102-alpine
+FROM jenkins/jenkins:2.104-alpine
 
+# set maintainer
+LABEL maintainer "@cloudposse"
+
+# change user
 USER root
 
-RUN apk update && apk upgrade && \
-    apk add --no-cache bash git openssh gettext make docker
+# install required packages
+RUN readonly PACKAGES=" \
+      bash=4.4.12-r2 \
+      docker=17.10.0-r0 \
+      gettext=0.19.8.1-r1 \
+      git=2.15.0-r1 \
+      make=4.2.1-r0 \
+      openssh=7.5_p1-r8 \
+      openssl=1.0.2n-r0 \
+    " \
+    && apk update \
+    && apk upgrade \
+    && apk add --no-cache ${PACKAGES}
 
 # Allow the jenkins user to run docker
 RUN adduser jenkins docker
 
+# generate a self-signed certificate and configure HTTPS
+ARG JENKINS_URL="jenkins.local"
+ARG COMPANY_NAME="Cloud Posse, LLC"
+ARG COUNTRY_CODE="US"
+
+ENV JENKINS_URL=${JENKINS_URL} \
+    COMPANY_NAME=${COMPANY_NAME} \
+    COUNTRY_CODE=${COUNTRY_CODE}
+
+RUN mkdir --parents /var/lib/jenkins \
+    && openssl genrsa -out /var/lib/jenkins/key.pem \
+    && openssl req -new \
+                   -subj "/CN=${JENKINS_URL}/O=${COMPANY_NAME}/C=${COUNTRY_CODE}" \
+                   -key /var/lib/jenkins/key.pem \
+                   -out /var/lib/jenkins/csr.pem \
+    && openssl x509 -req \
+                    -days 365 \
+                    -in /var/lib/jenkins/csr.pem \
+                    -signkey /var/lib/jenkins/key.pem \
+                    -out /var/lib/jenkins/cert.pem \
+    && chown jenkins:jenkins /var/lib/jenkins/*.pem
+
+ENV JENKINS_OPTS --httpPort=8080 \
+                 --httpsPort=8083 \
+                 --httpsCertificate=/var/lib/jenkins/cert.pem \
+                 --httpsPrivateKey=/var/lib/jenkins/key.pem
+
+
 # Drop back to the regular jenkins user
 USER jenkins
 
@@ -18,7 +61,13 @@ USER jenkins
 # http://docs.oracle.com/javase/7/docs/technotes/guides/net/properties.html
 # https://aws.amazon.com/articles/4035
 # https://stackoverflow.com/questions/29579589/whats-the-recommended-way-to-set-networkaddress-cache-ttl-in-elastic-beanstalk
-ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false -Dhudson.DNSMultiCast.disabled=true -Djava.awt.headless=true -Dsun.net.inetaddr.ttl=60 -Duser.timezone=PST -Dorg.jenkinsci.plugins.gitclient.Git.timeOut=60"
+ARG TIME_ZONE="PST"
+ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false \
+               -Dhudson.DNSMultiCast.disabled=true \
+               -Djava.awt.headless=true \
+               -Dsun.net.inetaddr.ttl=60 \
+               -Duser.timezone=${TIME_ZONE} \
+               -Dorg.jenkinsci.plugins.gitclient.Git.timeOut=60"
 
 # Preinstall plugins
 COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
@@ -31,4 +80,5 @@ COPY init.groovy /usr/share/jenkins/ref/init.groovy.d/
 # Configure `Amazon EC2` plugin to start slaves on demand
 COPY init-ec2.groovy /usr/share/jenkins/ref/init.groovy.d/
 
-EXPOSE 8080
+# HTTP 8080 - HTTPS 8083
+EXPOSE 8080 8083
diff --git a/Dockerrun.aws.json.template b/Dockerrun.aws.json.template
@@ -19,12 +19,12 @@
     }
   ],
   "Image": {
-    "Name": "$AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG",
+    "Name": "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:${IMAGE_TAG}",
     "Update": "true"
   },
   "Ports": [
     {
-      "ContainerPort": "8080"
+      "ContainerPort": "8083"
     }
   ]
 }
diff --git a/buildspec.yml b/buildspec.yml
@@ -10,15 +10,23 @@ phases:
     commands:
       - echo "Build started on $(date)"
       - echo "Building the Docker image..."
-      - docker build --tag ${IMAGE_REPO_NAME} .
+      - >
+        docker build
+        --tag ${IMAGE_REPO_NAME}
+        --file Dockerfile
+        --build-arg JENKINS_URL="${JENKINS_URL}"
+        --build-arg COMPANY_NAME="${COMPANY_NAME}"
+        --build-arg COUNTRY_CODE="${COUNTRY_CODE}"
+        --build-arg TIME_ZONE="${TIME_ZONE}"
+        .
       - docker tag ${IMAGE_REPO_NAME}:${IMAGE_TAG} ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:${IMAGE_TAG}
       - docker tag ${IMAGE_REPO_NAME}:${IMAGE_TAG} ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:${STAGE}
   post_build:
     commands:
       - echo "Build completed on $(date)"
       - echo "Pushing the Docker image to ECR..."
       - docker push ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:${IMAGE_TAG}
-      - docker push ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:${STAGE}      
+      - docker push ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:${STAGE}
       - envsubst < "Dockerrun.aws.json.template" > "Dockerrun.aws.json"
 artifacts:
   files:

diff --git a/init.groovy b/init.groovy
@@ -8,6 +8,20 @@ import org.jenkinsci.plugins.*
 import org.jenkinsci.plugins.saml.*
 
 
+// get environment variables
+def environment_variables = System.getenv()
+def jenkins_url = environment_variables['JENKINS_URL']
+
+// get Jenkins location configuration
+def jenkinsLocationConfiguration = jenkins.model.JenkinsLocationConfiguration.get()
+
+// set Jenkins URL
+jenkinsLocationConfiguration.setUrl('https://' + jenkins_url)
+
+// save current Jenkins state to disk
+jenkinsLocationConfiguration.save()
+
+
 def isValidString = { value ->
     if (value != null && value instanceof String && value.trim() != "") {
         return true