Prerequisites
-
Docker host (EC2 or equivalent)
-
GlobalSign HVCLI credentials
Note: Connect with GlobalSign to get the HVCLI credentials.
Set Up Your GitHub Account
- Open your web browser and go to GitHub.
- Click on the Sign up button.
- Enter your details.
- Fill in your email address, create a password, and choose a username.
- Decide if you want to receive updates and announcements from GitHub, then complete the CAPTCHA to verify that you are not a robot.
- Click on Create account. GitHub will send a verification code to your email.
- Enter this code to verify your email address.
- Personalize your experience. You may be asked a few questions about how you plan to use GitHub. You can answer them or skip this step.
Install Jenkins
Run the following commands on your server to install Jenkins:
- Update your system.
sudo apt update
sudo apt upgrade - Install Java. Note: Jenkins requires Java to run. Install OpenJDK:
sudo apt install openjdk-11-jdk - Add Jenkins repository.
wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo apt-key add -
Then, add the Jenkins repository to your sources list:
sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list' - Update your package list and install Jenkins.
sudo apt update
sudo apt install jenkins - Start and enable Jenkins
sudo systemctl start jenkins && sudo systemctl enable jenkins - If you have a firewall enabled, allow Jenkins to communicate.
sudo ufw allow 8080
sudo ufw status - Open your web browser and go to
http://your_server_ip_or_domain:8080. You will see the Jenkins setup screen. - Unlock Jenkins and retrieve the initial admin password.
sudo cat /var/lib/jenkins/secrets/initialAdminPassword - Copy the password and paste it into the Jenkins setup screen.
- Follow the on-screen instructions to install suggested plugins and create your first admin user
Docker Host
Run the following commands on your server:
- Update your system.
sudo apt update
sudo apt upgrade - Install required packages.
sudo apt install apt-transport-https ca-certificates curl software-properties-common - Add Docker’s Official GPG Key.
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - - Add Docker Repository.
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" - Install Docker.
sudo apt update
sudo apt install docker-ce - Start and enable Docker.
sudo systemctl start docker
sudo systemctl enable docker - Verify Docker installation.
sudo docker --version
Integration
Configure Jenkins Server
- Log in to Jenkins.
- Go to the Manage Jenkins > Plugins > Available plugins.
-
Search for the below listed plugins.
• Maven Integration
• Publish Over SSH
• GitHub plugin, Git plugin -
Click Install.
-
Tick the "Restart Jenkins when installation is complete and no jobs are running".
Note: Jenkins would be restarted and you would be logged out of the session. -
Log back in to Jenkins.
-
Go to Dashboard > Manage Jenkins > System configuration.
-
At the bottom of the page, look for Publish over SSH to configure the Docker server. Then, click Add and fill out the required fields.
-
Click on the Advanced Tab dropdown and enter the private key that you are using to access your ec2 instance (i.e., Docker). Note: The file should be in the .PEM format.
-
Check the Test Configuration and you should get a Success message.
Integrate GitHub with Jenkins
-
Login to your GitHub account and navigate to your repository where the source code is published.
-
Configure GitHub Repository.
Note: If you don’t have one, create a new repository on GitHub.-
Generate Personal Access Token.
-
Go to Settings > Developer settings > Personal access tokens in GitHub.
-
Generate a new token with the necessary permissions (repo, for admin:repo_hook).
-
-
Configure Jenkins Job.
-
Create a New Job
-
Go back to the Jenkins dashboard and click on "New Item".
-
Enter a name for your job, select "Freestyle project", and click "OK".
-
-
Set up GitHub Webhook.
-
Navigate to your repository on GitHub.
-
Click on "Settings" > "Webhooks" > "Add webhook".
-
-
Configure Webhook
Payload URL:http://your_jenkins_url/github-webhook/
Content type:application/json
Select Just the push event.
Click Add webhook. -
Test the Integration. Make a change in the code and push it to the GitHub.
Jenkins should automatically trigger a build for the new commit.
Note: You can get the your_Jenkins_url from Jenkins console, Navigate to Dashboard > Manager Jenkins > System Configuration.
Create Jenkins Pipeline Job
- From the Dashboard > New Item > Pipeline.
- Enter the name of the job of your choice and select pipeline.
- From the General section of the job configuration, enable the GitHub hook trigger for GITScm polling.
- Next from the Pipeline option enter the below script.
pipeline { agent any environment { GIT_REPO = 'https://github.com/iamantil/SampleRegistratonForm-1.git' MAVEN_HOME = tool name: 'localMaven', type: 'hudson.tasks.Maven$MavenInstallation' REMOTE_SERVER = 'ip-172-31-33-186.ec2.internal' SSH_CREDENTIALS_ID = 'e6a5dec8-1b27-416f-abc0-1e82cb1b97b3' SOURCE_SERVER = 'ip-172-31-86-201.ec2.internal' IMAGE_NAME = 'my-tomcat-app' CONTAINER_NAME = 'my-tomcat-container' HOST_PORT = '8443' CONTAINER_PORT = '8443' } triggers { githubPush() } stages { stage('Checkout Code') { steps { script { echo 'Cloning repository' withCredentials([string(credentialsId: '560b1c46-c23d-49c6-bf22-10deb48f95b3', variable: 'GITHUB_TOKEN')]) { sh 'git config --global credential.helper store' sh 'echo "https://${GITHUB_TOKEN}:x-oauth-basic@github.com" > ~/.git-credentials' git url: "${GIT_REPO}", credentialsId: 'your-credentials-id' } } } } stage('Build with Maven') { steps { script { echo 'Building project with Maven' sh "${MAVEN_HOME}/bin/mvn clean package" } } } stage('Move ROOT.war file') { steps { script { echo 'Moving ROOT.war file.' sh 'mv target/ROOT.war ${WORKSPACE}/ROOT.war' } } } stage('Run Tests') { steps { script { echo 'Compiling the code' sh "${MAVEN_HOME}/bin/mvn install" } } } stage('Archive Artifacts') { steps { script { echo 'Archiving build artifacts' archiveArtifacts artifacts: '**/target/*.war', allowEmptyArchive: true } } } stage('Copy Files from Source Server') { steps { script { echo 'Copying files from source server' sshagent(['e6a5dec8-1b27-416f-abc0-1e82cb1b97b3']) { sh """ scp -o StrictHostKeyChecking=no ubuntu@${SOURCE_SERVER}:/home/ubuntu/.hvclient/privatekey.pem ${WORKSPACE}/privatekey.pem scp -o StrictHostKeyChecking=no ubuntu@${SOURCE_SERVER}:/home/ubuntu/.hvclient/mTLS.pem ${WORKSPACE}/mTLS.pem """ } } } } stage('Deploy to Remote Server') { steps { script { echo 'Deploying to remote server' sshagent(['e6a5dec8-1b27-416f-abc0-1e82cb1b97b3']) { sh """ scp -o StrictHostKeyChecking=no hvclient.sh ubuntu@${REMOTE_SERVER}:/home/ubuntu scp -o StrictHostKeyChecking=no fetch-cert.sh ubuntu@${REMOTE_SERVER}:/home/ubuntu scp -o StrictHostKeyChecking=no ubuntu@${SOURCE_SERVER}:/home/ubuntu/.hvclient/hvclient.conf ubuntu@${REMOTE_SERVER}:/home/ubuntu/.hvclient/hvclient.conf scp -o StrictHostKeyChecking=no ${WORKSPACE}/privatekey.pem ubuntu@${REMOTE_SERVER}:/home/ubuntu/.hvclient/privatekey.pem scp -o StrictHostKeyChecking=no ${WORKSPACE}/mTLS.pem ubuntu@${REMOTE_SERVER}:/home/ubuntu/.hvclient/mTLS.pem ssh -o StrictHostKeyChecking=no ubuntu@${REMOTE_SERVER} 'sudo chown -R ubuntu:ubuntu /home/ubuntu/.hvclient && sudo chmod -R 755 /home/ubuntu/.hvclient' ssh -o StrictHostKeyChecking=no ubuntu@${REMOTE_SERVER} 'sh /home/ubuntu/fetch-cert.sh' """ } } } } stage('Copy Docker Context to Remote Server') { steps { script { echo 'Copying Docker context to remote server' sshagent(['e6a5dec8-1b27-416f-abc0-1e82cb1b97b3']) { sh """ scp -r -o StrictHostKeyChecking=no ${WORKSPACE}/* ubuntu@${REMOTE_SERVER}:/home/ubuntu/docker-context """ } } } } stage('Build Docker Image on Remote Server') { steps { script { echo 'Building Docker image on remote server' sshagent(['e6a5dec8-1b27-416f-abc0-1e82cb1b97b3']) { sh """ ssh -o StrictHostKeyChecking=no ubuntu@${REMOTE_SERVER} 'docker build -t ${IMAGE_NAME} /home/ubuntu/docker-context' """ } } } } stage('Run Docker Container on Remote Server') { steps { script { echo 'Running Docker container on remote server' sshagent(['e6a5dec8-1b27-416f-abc0-1e82cb1b97b3']) { sh """ ssh -o StrictHostKeyChecking=no ubuntu@${REMOTE_SERVER} 'docker run -d --name ${CONTAINER_NAME} -v /home/ubuntu/.hvclient:/usr/local/tomcat/certs -p ${HOST_PORT}:${CONTAINER_PORT} ${IMAGE_NAME}' """ sh """ ssh -o StrictHostKeyChecking=no ubuntu@ip-172-31-33-186.ec2.internal ' docker exec ${CONTAINER_NAME} sed -i \\ -e "s|certificateKeyFile=\\".*\\"|certificateKeyFile=\\"certs/key.pem\\"|" \\ -e "s|certificateFile=\\".*\\"|certificateFile=\\"certs/cert.pem\\"|" \\ -e "s|certificateChainFile=\\".*\\"|certificateChainFile=\\"certs/ca_chain.pem\\"|" \\ -e "/certificateKeystorePassword/d" \\ /usr/local/tomcat/conf/server.xml docker exec ${CONTAINER_NAME} sed -i \\ "/<Connector port=\\"8443\\"/ s|protocol=\\"[^\\"]*\\"|protocol=\\"org.apache.coyote.http11.Http11NioProtocol\\"|" \\ /usr/local/tomcat/conf/server.xml ' """ } } } } } post { success { script { echo 'Build succeeded!' } } failure { script { echo 'Build failed!' } } } } - After the successful execution of the Jenkins job you will see that the Apache Tomcat container is now secured with GlobalSign TLS certificate.