SSL support about docker HOT 7 CLOSED

I disagree. The default installation of jenkins.war from the Debian package, the RPM package, and the Windows installer are all unsecured by default. Securing the docker instance by default will then require that I "undo" that security in order to use alternate forms of security.

from docker.

Securing the docker instance by default will then require that I "undo" that security in order to use alternate forms of security.

First, to be sure: I'm not talking about enabling authentication, I'm talking about enabling SSL.

Anyway, could one at least document the security setup? Warn that the default security setup is not safe? Of course you don't need that, but many users do. (Every other configuration step can be done when logged in the instance and doesn't need much explanation). If documenting that's overkill, it's also overkill that it tells me out-of-the-box to enable "security".

Then, why would you need to undo SSL? Replacing the SSL certificate doesn't sound like "undoing". What's the alternate security you're thinking about — enabling SSL through a reverse proxy? I've now learned this would have been a better idea, but I've instead followed some official docs found through Google and ignored ServerFault's suggestions.

from docker.

I don't want the complication of needing to register that self-signed certificate with each of the consumers of my test Jenkins site. I've had problems before that required I take special steps to work around self-signed certificates and their interactions with Java clients. I'd rather not have to apply those special steps for the base Docker instance.

from docker.

I see, thanks for the answer.
Still, any comment on the documentation issue?

from docker.

I don't think the docker instance definition is the right place to document security setup. The official documentation seems like the best place to document the security setup. That improves the chances that others will find the documentation and that others will be able to improve that documentation as they learn more. If you've learned better ways to configure security, please share what you've learned with others on that wiki page.

Jenkins already warns you at startup from the "Manage Jenkins" page that you should configure security. It does not start with security enabled so that you can decide which security method you want to use.

from docker.

You can easily enable SSL using nginx proxy: https://github.com/jwilder/nginx-proxy

1. create your certificate and key (jenkins.mydomain.com.key, jenkins.mydomain.com.crt or wildcard one)
2. start nginx proxy container with volume /etc/nginx/certs pointing on your certificate folder
3. start jenkins container with VIRTUAL_HOST="jenkins.mydomain.com" environment variable

from docker.

This is not a docker image but jenkins issue to run unsecured.
About using https this would be inefficient to implement this from java servlet container while a reverse proxy does the job very well.
So, closing this issue.

from docker.