Updating Jenkins CI behind corporate firewall

Updating Jenkins CI behind corporate firewall

Our Jenkins CI server (https://jenkins.company.com) doesn’t have access to Internet (neither directly nor through a proxy), yet we need to update both Jenkins itself as well as the Jenkins plugins.

We’ve set up another of our servers, https://jenkins-repo.company.com, as a Jenkins mirror site, which on a regular basis runs this command in a cron job:

rsync -a -v rsync://rsync.osuosl.org/jenkins/plugins /srv/mirrors/jenkins/

The /srv/mirrors/jenkins folder is hosted by Nginx.

As the rsync’ed files contain references to https://updates.jenkins.io, Jenkins will try and contact https://updates.jenkins.io when downloading the updated plugins, even though we’re hosting all the plugins over at https://jenkins-repo.company.com ourselves.

As a quick and easy workaround, I’ve simply added an entry like this to our Jenkins server’s /etc/hosts file: updates.jenkins-ci.org

…where is the IP address to https://jenkins-repo.company.com.

UPDATE: The above solution for some reason stopped working. I developed this simple script, which every night runs on our repo server:

export PATH="/usr/local/bin:/usr/bin:/bin"
pushd /srv/mirrors/jenkins/
logger "Removing old update-center.json file from /srv/mirrors/jenkins, and fetching a new one."
rm -f update-center.json; wget https://updates.jenkins.io/current/update-center.json
logger "Replacing urls in update-center.json"
sed -i 's|updates.jenkins.io/download/|jenkins.company.com/|g' update-center.json

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: