Guide for Installing Jenkins on Ubuntu 24.04 LTS

Guide for Installing Jenkins on Ubuntu 24.04 LTS

Jenkins, a popular open-source automation server, is designed for continuous integration (CI) and continuous delivery (CD) of software projects. This article will guide you through the process of setting up Jenkins on Ubuntu 24.04, focusing on security, performance, and best practices.

Prerequisites

Before we begin, ensure your system is up-to-date and Java Runtime is installed. Update the system and install the latest OpenJDK 17 package as prerequisites for Jenkins installation on the VPS instance.

Installation

1. Add the official Jenkins APT repository to the sources list.
2. Install the latest stable Jenkins package from the repository.
3. Start the Jenkins service immediately.

Configuration

Firewall and Security

• Enable UFW and open TCP port 8080 for incoming connections.
• Configure firewall rules to restrict Jenkins access only to trusted networks.
• Harden the OS by disabling unnecessary services and ports.

System Level Security

• Use Ubuntu 24.04 LTS with the latest security patches and updates.
• Use strong passwords and rotate credentials regularly.
• Enable auditing of system events like logins and configuration changes.
• Use access control tools like AppArmor or SELinux to limit Jenkins process permissions.
• Possibly enable disk encryption to protect sensitive data at rest.

Jenkins Level Security

• Configure secure authentication methods for users.
• Deploy authorization strategies such as Matrix-based or Role-based access control to manage permissions.
• Install and maintain relevant security plugins like the "Matrix Authorization Strategy" and "Role-based Authorization Strategy" plugins.
• Securely store credentials using Jenkins’ built-in Credentials plugin and avoid plaintext storage.
• Enable audit logging to track user activities and configuration changes within Jenkins.

For integration with Docker (frequently used with Jenkins pipelines), securely managing Docker credentials by using credential helpers and performing explicit logins/logouts within pipelines can help avoid storing passwords insecurely in config files.

Performance Optimization

• Use SSD-backed volumes for faster job execution.
• Increase the Java heap size for large builds.
• Run agents on separate servers to distribute load.
• Use pipeline parallelization to speed up CI/CD stages.
• Offload artifacts and logs to external storage.

Setting Up Jenkins Master

1. Create a VPS instance on Shape.Host.
2. Connect to the server via SSH using the provided steps for Linux/macOS and Windows.
3. Jenkins Master manages job scheduling, UI, and plugins.
4. The default port for web access is 8080.
5. Access the Jenkins dashboard by opening a browser and going to the specified URL.
6. Complete the setup wizard in the browser, which includes options to choose "Install suggested plugins", create an admin user, and set Jenkins URL (IP or domain with port 8080).

Key Advantages

• Long-term support until 2029.
• Native availability of Java 17+.
• Improved systemd management.
• Updated security features.
• Easy integration with various tools and cloud providers.

By following these guidelines, you can securely and efficiently set up Jenkins on Ubuntu 24.04, ensuring a robust CI/CD environment for your software projects. Regularly reviewing and updating security measures will maintain effective security over time.

[1]: Link to the official Jenkins security guide [2]: Link to the official Docker credential helpers guide [3]: Link to the official Jenkins security plugins guide

Data-and-cloud-computing technology plays a crucial role in the secure and efficient setup of Jenkins, as it allows for easy integration with cloud providers in the CI/CD environment. This integration enables scaling and optimizing Jenkins performance through solutions like using SSD-backed volumes and running agents on separate servers.

With the help of technology, you can also enhance security by securing Docker credentials within pipelines to avoid storing passwords insecurely in config files, as well as by utilizing security plugins for Jenkins like those for Matrix Authorization Strategy and Role-based Authorization Strategy.

Read also: