On Tuesday, September 13, 2022 at 7:26:12 PM UTC-6 John wrote:
> Hello, > > We are running Jenkins 2.368 on a Rocky 8 Linux server. I was asked to > implement SSL onto our Jenkins service, and have done that using a > keystore. (I only deal with the server itself as a sysadmin, I do not use > Jenkins myself for CI purposes.) > This all seems to work okay, but I have noticed two issues: > > 1) Despite changing the '/etc/sysconfig/jenkins' file setting the > JENKINS_PORT to -1 and setting the JENKINS_HTTPS_PORT to 8443, port 8080 is > still listened upon by Jenkins. Using the 'lsof' command from a console > shows that both ports 8080 and 8443 are listening. The 'System Information' > page within Jenkins shows that it is also present on the supplied java > command-line (as the --httpPort option). How do we fully disable the use of > port 8080? > > If you installed Jenkins 2.368 on Rocky 8 Linux with the yum command, then Jenkins should be configured with "systemctl edit jenkins" instead of editing the '/etc/sysconfig/jenkins' file. The "Managing systemd services <https://www.jenkins.io/doc/book/system-administration/systemd-services/> page provides more details. > 2) The keystore password is exposed in the 'ps' command output, and in the > 'System Information' page found when I log into Jenkins and look under the > 'Manage Jenkins' page. This is obviously not secure. Perhaps the password > should be stored as part of the Jenkins configuration rather than just > passed onto the command-line from the sysconfig file? > Is there another way to hide the password? > > I'm not sure on that one. You may need to replace the ExecStart with the specific command line arguments that you want to use. Mark Waite -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/a159ca1c-1369-4382-bcad-59ce56d59f6en%40googlegroups.com.
