Updating Jenkins CI behind corporate firewall
Our Jenkins CI server (https://jenkins.company.com
) doesn’t have access to Internet (neither directly nor through a proxy), yet we need to update both Jenkins itself as well as the Jenkins plugins.
We’ve set up another of our servers, https://jenkins-repo.company.com
, as a Jenkins mirror site, which on a regular basis runs this command in a cron job:
rsync -a -v rsync://rsync.osuosl.org/jenkins/plugins /srv/mirrors/jenkins/
The /srv/mirrors/jenkins
folder is hosted by Nginx.
As the rsync’ed files contain references to https://updates.jenkins.io
, Jenkins will try and contact https://updates.jenkins.io
when downloading the updated plugins, even though we’re hosting all the plugins over at https://jenkins-repo.company.com
ourselves.
As a quick and easy workaround, I’ve simply added an entry like this to our Jenkins server’s /etc/hosts file:
1.2.3.4 updates.jenkins-ci.org
…where 1.2.3.4
is the IP address to https://jenkins-repo.company.com
.