Hello,
This may be a dumb question. I can't get a Jenkins Windows service to
start because of our corporate firewall. I've had no luck finding a
resource to indicate what ports and web addresses are needed for Jenkins to
start the service. Could somebody point me in the right direction so I can
tell our networking group how to update the firewall?
Here are things I have reviewed thus far:
- Turning Off Updates - Even with updates disabled I cannot get Jenkins
to start with the firewall in place.
- Use a proxy - We currently have no proxy servers and the hardware
group rejected the request.
- Google Firewall Search - All the hits were related to slave jobs on
other machines, I only have one Jenkins machine so the issue is unrelated.
- Code Review - I don't code in Java, but I
found getConnectionCheckUrl() in UpdateCenter.java. The comment says it
has been deprecated in favor of update-center.json.
- json Files - I know even less about json than I do about Java. I
looked at the the files in the update folder and they appear to contain a
list of update web addresses.
- I tried deleting these files hoping the code would not try to check
the internet, but the service still did not start.
- I replaced all of the URLs in the default file with "", but the
service did not start.
- If I give this giant list of URLs to our system administrators to
add exceptions I imagine they will not be happy and I don't even know if
adding exceptions for all of those URLs will work (temporarily or
permanently)
- Wireshark - I ran a trace with the firewall in place but did not see
any activity between the machine with Jenkins and computers beyond the
network. I can get a temporary exception to have internet access for the
server and then run a trace but I'm afraid that Jenkins isn't always using
the same internet addresses.
My options appear to be:
- Get a range of addresses and ports for firewall exceptions (but I'm
worried this changes and will cause problems with our system
administrators).
- Find a way to get Jenkins to truly ignore the internet.
- Find a replacement for Jenkins (possibly Apache Continuum).
My group has invested a lot of time into our use of Jenkins, and we have
been able to get it to work once started, but we cannot be asking the
system administrators to open access to the firewall anytime the machine or
service is restarted. Any ideas?
Thanks,
Forest
