Thanks for that. I looked through bug reports and found someone else saying that port 8080 remained open. It was you (I think) that replied to him/her that the RPM version does not use the sysconfig file. Creating a systemd override to disable port 8080 worked fine.
As to the second problem - it's still a problem. I remembered from other work that multiple 'ExecStart's are not allowed for certain types. So need to use 'ExecStart=' and then on the following line put the actual ExecStart I wanted. However, this invokes /usr/bin/jenkins which ultimately runs java with all the options passed to it. So no matter what I do in the systemd override file for ExecStart, it always ends up with a java command being run with the keystore password as one of the options being shown. I need to think about this a bit more. John. On Wednesday, 14 September 2022 at 03:33:17 UTC+1 Mark Waite wrote: > On Tuesday, September 13, 2022 at 7:26:12 PM UTC-6 John wrote: > >> Hello, >> >> We are running Jenkins 2.368 on a Rocky 8 Linux server. I was asked to >> implement SSL onto our Jenkins service, and have done that using a >> keystore. (I only deal with the server itself as a sysadmin, I do not use >> Jenkins myself for CI purposes.) >> This all seems to work okay, but I have noticed two issues: >> >> 1) Despite changing the '/etc/sysconfig/jenkins' file setting the >> JENKINS_PORT to -1 and setting the JENKINS_HTTPS_PORT to 8443, port 8080 is >> still listened upon by Jenkins. Using the 'lsof' command from a console >> shows that both ports 8080 and 8443 are listening. The 'System Information' >> page within Jenkins shows that it is also present on the supplied java >> command-line (as the --httpPort option). How do we fully disable the use of >> port 8080? >> >> > If you installed Jenkins 2.368 on Rocky 8 Linux with the yum command, then > Jenkins should be configured with "systemctl edit jenkins" instead of > editing the '/etc/sysconfig/jenkins' file. > > The "Managing systemd services > <https://www.jenkins.io/doc/book/system-administration/systemd-services/> > page provides more details. > > >> 2) The keystore password is exposed in the 'ps' command output, and in >> the 'System Information' page found when I log into Jenkins and look under >> the 'Manage Jenkins' page. This is obviously not secure. Perhaps the >> password should be stored as part of the Jenkins configuration rather than >> just passed onto the command-line from the sysconfig file? >> Is there another way to hide the password? >> >> > I'm not sure on that one. You may need to replace the ExecStart with the > specific command line arguments that you want to use. > > Mark Waite > > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/6ac178e4-4b63-470f-90ce-8e96568c9629n%40googlegroups.com.
