保护Jenkins构建服务器 (Securing Jenkins Build Server)
The very basic thing needs to be understood here is that to secure the Jenkins because it is open. Anyone can make use of the URL for accessing the Jenkins and perform the tasks of all kinds available in Jenkins. Hence, this needs to be secured. As a best practice, it is recommended to always secure Jenkins and then configure the global security. The best way is to use Jenkins by configuring to our own local database.
这里需要了解的最基本的内容是保护詹金斯,因为它是开放的。 任何人都可以使用URL来访问Jenkins,并执行Jenkins中可用的各种任务。 因此,需要确保这一点。 作为最佳实践,建议始终保护Jenkins,然后配置全局安全性。 最好的方法是通过配置到我们自己的本地数据库来使用Jenkins。
Below are the steps to be followed in order to secure Jenkins:
以下是确保詹金斯安全的步骤:
- Jenkins.war and start the server.Jenkins.war并启动服务器。
- Manage Jenkins.Manage Jenkins 。
-
Manage Jenkins page, click on 管理Jenkins”页面中,单击“ Setup Security button.
设置安全性”按钮。
-
enable security check box.
启用安全性”复选框。
-
Jenkins own user database. Also, ensure that Jenkins自己的用户数据库 。 另外,请确保也选中Allow users to sign up checkbox is also checked. Save the configuration.
了允许用户注册复选框。 保存配置。
-
Sign up will be available. Click on the same and fill the form to sign up. Once successful, log in with the account created.
注册链接。 单击相同的并填写表格进行注册。 成功后,使用创建的帐户登录。
You can see the details in the Navbar, once you are logged in.
登录后,您可以在导航栏中查看详细信息。
- Manage Jenkins & select Manage Jenkins并选择Configure Global Security. Under the security realm section, uncheck the option Configure Global Security 。 在“安全领域”部分下,取消选中“ Allow users to sign up. This will ensure that no new users can be created with your permission.允许用户注册 ”选项。 这将确保在您的许可下不能创建任何新用户。
- Now, we need to configure the authentication for the accounts. The 2 best options preferred are Matrix-based security & Project-base project authorization strategy. This enables you to set per user for the actions which they can perform. Here, I have considered Matrix-based security
- 现在,我们需要为帐户配置身份验证。 最好的2个最佳选择是基于矩阵的安全性和基于 项目的项目授权策略 。 这使您可以为每个用户设置他们可以执行的操作。 在这里,我考虑了基于矩阵的安全性
- Save the form. Logout and login again. 保存表格。 注销并再次登录。
-