Dynamiczne domeny dla serwisów deployowanych w jenkinsie

  1. Wildcardowy certyfikat dla domeny: certbot certonly --agree-tos --email kontakt@sealcode.org --manual -d '*.dep.sealco.de'

  2. Konfiguracja nginx:

server {                                                                                                                                                                                                           
 listen 80;                                                                                                                                                                                                        
 listen [::]:80;                                                                                                                                                                                                   
 server_name *.dep.sealco.de;                                                                                                                                                                                      
 return 301 https://$host$request_uri;                                                                                                                                                                             
}                                                                                                                                                                                                                  
                                                                                                                                                                                                                   
log_format jenkins $proxy_host $upstream_addr;                                                                                                                                                                     
                                                                                                                                                                                                                   
server {                                                                                                                                                                                                           
 listen 443 ssl;                                                                                                                                                                                                   
 server_name ~^(?<hostport>[0-9]+)\.dep\.sealco\.de$;                                                                                                                                                              
 ssl_certificate /etc/letsencrypt/live/dep.sealco.de/fullchain.pem;                                                                                                                                                
 ssl_certificate_key /etc/letsencrypt/live/dep.sealco.de/privkey.pem;                                                                                                                                              
 include /etc/letsencrypt/options-ssl-nginx.conf;                                                                                                                                                                  
 ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;                                                                                                                                                                    
                                                                                                                                                                                                                   
 access_log /var/log/nginx/jenkins.access.log jenkins;                                                                                                                                                             
 location / {                                                                                                                                                                                                      
   proxy_pass http://127.0.0.1:$hostport$request_uri;                                                                                                                                                              
   access_log /var/log/nginx/jenkins.access.log jenkins;                                                                                                                                                           
           proxy_http_version 1.1;                                                                                                                                                                                 
        proxy_set_header X-Forwarded-Host $host;                                                                                                                                                                   
        proxy_set_header X-Forwarded-Server $host;                                                                                                                                                                 
        proxy_set_header X-Real-IP $remote_addr;                                                                                                                                                                   
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;                                                                                                                                               
        proxy_set_header X-Forwarded-Proto $scheme;                                                                                                                                                                
        proxy_set_header Host $http_host;                                                                                                                                                                          
        proxy_set_header Upgrade $http_upgrade;                                                                                                                                                                    
        proxy_set_header Connection 'upgrade';                                                                                                                                                                     
        proxy_pass_request_headers on;                                                                                                                                                                             
 }                                                                                                                                                                                                                 
}