How can I get Jenkins to stop listening for remote connections?
Debian
If you installed Jenkins from the Debian package, you can modify /etc/default/jenkins
and add the following line somewhere:
HTTP_HOST=127.0.0.1
and then add --httpListenAddress=$HTTP_HOST
to the JENKINS_ARGS so that it reads something like:
JENKINS_ARGS="--webroot=/var/run/jenkins/war --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT --httpListenAddress=$HTTP_HOST"
Ubuntu
If you installed Jenkins from the Ubuntu Oneiric (11.10) package, edit /etc/init/jenkins.conf
and add --httpListenAddress=127.0.0.1
to the JENKINS_ARGS
line, so that it reads like:
JENKINS_ARGS="--webroot=$JENKINS_RUN/war --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT --httpListenAddress=127.0.0.1"
RedHat/CentOS/Amazon Linux
If you installed Jenkins using YUM repository, modify /etc/sysconfig/jenkins
and edit JENKINS_LISTEN_ADDRESS
to JENKINS_LISTEN_ADDRESS=127.0.0.1
Related videos on Youtube
Ludo
Updated on September 17, 2022Comments
-
Ludo almost 2 years
I have Jenkins sitting behind Nginx, with Nginx taking care of authentication, but Jenkins is still listening on port 8080 externally, so by accessing the box on port 8080 people can bypass Nginx.
How can I tell it to stop listening for remote connections and just accept connections locally?
It looks like it might be something to do with this ajp13ListenAddress param, but I can't figure out how to set that in the init.d script installed with Jenkins.
Thanks loads for any help!
Ludo.
(Looks like there's no Jenkins tag yet and I can't create it as I don't have rep)
-
davey over 13 yearsJust added jenkins tag.
-
Tom O'Connor over 13 yearsThis is why I tend to deploy Hudson/Jenkins inside Tomcat..
-
pboin over 13 yearsCommenting, because I can't directly answer your question. Have you considered mitigating by using iptables and/or tcpwrappers?
-
-
Leogout over 2 yearsIf like me you are in the third case but you are also using HTTPS, it's JENKINS_HTTPS_LISTEN_ADDRESS that you want to set to 127.0.0.1