I have a Jenkins server on my local Windows device, but I want to make it invisible to the outside world (office rules regarding servers). The obvious and unsubtle way, which works satisfactorily, is to set up a firewall rule to block incoming access to its port, but I feel there must be a Jenkins setting to stop it advertising its services to anyone but localhost. Can anyone tell me if there is?
Note that setting up user credentials is not a valid solution, as the server being visible but inaccessible without login still violates office rules.
From Starting and Accessing Jenkins you need --httpListenAddress=127.0.0.1 command line parameter:
--httpListenAddress=$HTTP_HOST - Binds Jenkins to the IP address represented by $HTTP_HOST. The default is 0.0.0.0 — i.e. listening on all available interfaces.
For example, to only listen for requests from localhost, you could use: --httpListenAddress=127.0.0.1
If you run your Jenkins as Windows service, you can extend command line arguments in jenkins.xml file in Jenkins home directory.
Similar answer (for Linux-oriented platforms) on ServerFault.
Related
I’m an absolute beginner when it comes to setting up a Jenkins environment but I have just installed Jenkins on a MAC v10.15.5 using home-brew and would like the capability to:
Open a web browser
Login to Jenkins from any machine on any network
Trigger a job.
I’m able to do this using a different machine on the same network but unable to do this using a machine on a different network. I changed the "httpListenAddress" value within the jenkins-lts.plist file to 0.0.0.0 to allow the web interface to be accessible from anywhere as mentioned at https://www.macminivault.com/installing-jenkins-on-macos/ but apart from that I’m not sure where to go from here.
I’ve heard about Apache Tomcat but not sure if it's necessary for what I need to do. If anyone can provide instructions / safe approaches about how to login to the Jenkins environment on my MAC from any network that would be appreciated.
To get jenkins web interface use $JENKINS_HOST_IP:8080 (by default jenkins uses port 8080) and then make first-run-configure.
Login to Jenkins from any machine on any network - it depends on network topology, what is used in your organisation. So, to reach jenkins host from any network where should be allowed traffic from/into network where jenkins host is placed.
Trigger a job - where are a lot of triggers you can use. Take a look at official documentation here
Hi im using Docker on windows 10 with a proxy.
Docker itself works fine with the proxy IP set correctly in the docker settings.
I can download images through docker.
The problem is that any container I want to run or build also needs these HTTP_PROXY and HHTPS_PROXY variables.
I can do this by adding it to build arguments, run arguments or the docker file.
However none of these solutions are perfect because they add machine specific variable values to either the docker files and/or the docker-compose files.
I have checked the MobyLinuxVM's values for these HTTP_PROXY and HHTPS_PROXY variables by hacking into it with this trick:
How to connect to docker VM (MobyLinux) from windows shell?
Eventhough these variables were displayed correctly any image that I run or dockerfile I build still needs to get these variables.
Is there a way that any container automatically gets these proxy environment variables from the docker deamon who already has them set?
I know Linux has this feature by nature, but it seems to be missing for Windows.
This does not provide a way to set those values or to get them in a container's context, but has stopped me from having to change my proxy settings every time I change IP addresses and keeps me from having to pass them to containers at runtime (builds are still a different story).
This works for me behind an NTLM-authenticating web proxy, even from home on VPN:
1) Get the IP address of the DummyDesperatePoitras virtual switch Docker for Windows creates (starts with 169.254., which is usually a non-routable IP)
2) Install CNTLM (not perfect, as it's not been updated in 5 years) and set it to listen on that "dummy" IP address
3) Use that "dummy" IP address as the proxy in Docker for Windows settings
4) Add your internal corporate DNS server's IP and the domain name to the daemon.json in Docker for Windows settings
Again, this works for running containers - I only have to deal with the proxy server when I run docker build, passing it along in the build-args. I've not found a way around that yet.
Detailed walkthrough: https://mandie.net/2017/12/10/docker-for-windows-behind-a-corporate-web-proxy-tips-and-tricks/
My advice is to use a tool to transparently route all your traffic to the proxy, without having to set any proxy configuration locally.
For windows there is proxifier. It will transparently route all the traffic from your host to the proxy.
I am trying to access Sonar through web browser. I already started it on my terminal but when I try to access it on web browser through , it shows nothing. However, the status shows Sonar is running. How can I make it running on the web browser ?
The configuration for Sonar web is:
sonar.web.host=127.0.0.1
sonar.web.context=/sonar
sonar.web.port=9000
sonar.web.host=127.0.0.1
I think this is the problematic line in your conf. This line indicates which IP address the Web Server will bind to. If you set it to 127.0.0.1, then Server will only respond if you reach to it through the IP 127.0.0.1, that is, you'll only be able to access it from localhost, though IPv4. (Your browser will probably prefer IPv6, with ::1 being the host)
Comment out the line (prepending a #) in order to have it listen to every IP the machine is called by.
If you can verify access from the host machine itself, but the above doesn't help, then you might want to check if your firewall is blocking requests.
With the settings you provided, make sure you're using this URL and trying to access the server from the same box: http://127.0.0.1:9000/sonar/
If you're attempting to reach http://127.0.0.1:9000/ and getting the empty page, it's due to the sonar.web.context value you're using.
Note: unless you're hosting SonarQube in an external webserver, you don't need to set the sonar.web.context, in which case, you would just go to http://127.0.0.1:9000/
If this URL isn't working for you, I would suggest looking at the SonarQube server logs in the /logs folder to determine if there were any errors starting the server. If so, you'll want to update this posting with the details from the log, including which operating system you're running.
Very new to the Self Host WebApi, but I am very impressed with its ease of use and extendability. At least through this tutorial. Everything I've done so far works on my development machine whether I use localhost, 127.0.0.1, or my LAN Ip (192.168.0.x) but I am baffled why I can't access the service from any other computer even others in the same subnet.
In short after going through the tutorial on the machine where it is running:
Browsing to
localhost:3636/api/products/
results in the expected xml return.
On another machine on the LAN browsing to:
192.168.0.x:3636/api/products/
results in a timeout
Data points for those who might know how this all interacts:
1.) My dev machine(192.168.0.x, server, host whatever you want to call it) has IIS on it; I was so paranoid it was in the way that I stopped it via the Administration GUI
2.) I have reserved the URL/Port with the following command line executions:
>netsh http add urlacl url=http://+:3636/ user=DOMAIN\USER listen=yes delegate=yes
>netsh http add urlacl url=http://192.168.0.x:3636/ user=DOMAIN\USER listen=yes delegate=yes
2.b) I've tried both of those together and individually, and tried changing the user to "everyone" to no avail
3.) I have tried to change the code in the tutorial to set the
config.HostNameComparisonMode = HostNameComparisonMode.Exact //default is Strong Wildcard
4.) I can successfully ping and tracert to 192.168.0.x from other machines on the LAN
5.) A friend recommended I setup a TCPListener and ensure I could telnet to that to eliminate the firewall as a possibility. If that logic is sound, the firewall isn't the problem
EDIT: Thanks for your help, here's another data point that I believe confirms it's not a firewall issue. I previously posted this connection when behind a rather obtuse (at least to a non Certified guy like me) Juniper Firewall/Router. I have since redone the tutorial on another machine (without IIS) on my home network and still cannot publish the service to other computers within my LAN. Any ideas?
Well it wasn't the hardware firewall, it was the windows firewall! yikes i wasted a bunch of time on that. Once I turned off the windows firewall (the code runs in an intranet anyway) everything worked.
Anyone know of a good site that explains how firewalls and wireshark interact; or i suppose that just has to be one's first test.
I would try a couple things:
First off, get rid of the HostNameComparisonMode line. That might actually disable requests coming from other machines.
If things still don't work, try getting rid of the URL ACLs and run your application as an administrator and see if that works. If that works, you may be able to add the URL ACL back on and not have to run as an administrator. You should only need the one with '+' as the hostname.
I faced the same problem when i tried to self host using OWIN. What worked for me was -
Run Visual Studio as an Admin
Remove any and all netsh urlacl port registrations that I had added while debugging this issue
Add a inbound rule to my windows firewall
I followed the instructions on this link
https://learn.microsoft.com/en-us/dotnet/framework/wcf/samples/firewall-instructions
Check out the section - To enable a port range in advance
That's it! I was able to call my api from other computers on the network.
Hope this helps...
Sorry if this is kind of a noob question, but I'm just starting to use CruiseControl, and I'd like to allow access to the DashBoard from anywhere on the internet.
I can't find any documentation on how to do this. I'm running it off of a Windows machine, and I can start CC and view the DashBoard through http://localhost:8080/
Any ideas?
Update: I added a new Inbound rule for my machine on 8080, however http://canyouseeme.org/ says it's not open. Strange...
I don't think any special action is needed to allow external access, so I think your problem is more of a general web hosting problem than it is specific to CruiseControl. Here are a few things that might be worth looking at:
Make sure your firewall is not blocking access to the port.
Make sure your network's domain policy allows external access to your computer.
Are you starting CruiseControl from the command line or as a service? If starting from the command line, try starting it as a service and see if the results are different. How to do this depends on your system configuration, but usually, if you are using CruiseControl .NET, run the command net start "CruiseControl.Net Server". If you are using standard CruiseControl, run net start "CruiseControl Service".