Introduction
By default, Rundeck comes with its own built in web server, which listens on ports 4440 or 4443. It’s a good idea to use a more secure web server like Nginx or apache as reverse proxy for your Rundeck Server.
This article will detail how to configure Nginx web server as a reverse proxy for your Rundeck. This article will be divided into two parts, the first part we will show you how to run Rundeck from a subdomain with HTTP and the second part will detail how to run Rundeck from a subdomain with SSL.
This tutorial assumes that you have already installed Rundeck, if you don’t have it installed yet, you can check out this tutorial : How to install and configure Rundeck on CentOS 7 / RHEL 7
1./ Running Rundeck from a subdomain
– Let’s a create a new Nginx configuration file called rundeck.conf as below or you can edit the default Nginx configuration file
# vi /etc/nginx/conf.d/rundeck.conf server { listen 80; listen [::]:80; server_name rundeck.yallalabs.local; # Replace it with your Subdomain access_log /var/log/nginx/rundeck.yallalabs.local.access.log; location / { proxy_pass http://localhost:4440/; } }
– Open the framework.properties file and modify it as below:
# vi /etc/rundeck/framework.properties ################################################################## ######### HTTP ############# framework.server.name = rundeck.yallalabs.local #Replace it with your Subdomain framework.server.hostname = rundeck.yallalabs.local #Replace it with your Subdomain framework.server.port = 4440 framework.server.url = http://rundeck.yallalabs.local #Replace it with your Subdomain
– Now open rundeck-config.properties file and replace the value of the grails.serverURL by the Sudomain URL of your Rundeck server:
# vi /etc/rundeck/rundeck-config.properties
# change hostname here
##############################################
grails.serverURL=http://rundeck.yallalabs.local #Replace it with your Subdomain
– Finaly restart the Rundeck daemon and the Nginx:
# /etc/init.d/rundeckd restart Restarting rundeckd (via systemctl): [ OK ] # Systemctl restart nginx
– If you installed Rundeck and Nginx on CentOS 7 or RHEL 7 and the Selinux is enabled you need to execute the following command:
# setsebool -P httpd_can_network_connect=1
2./ Running Rundeck from a subdomain with SSL
– Before we start, let’s generate a SSL self-signed certificate, if you want to avoid browser warnings you can get an officially signed certificate using a Let’s Encrypt tool or Certbot:
cd /etc/nginx sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/rundeck.key -out /etc/nginx/rundeck.crt
# vi /etc/nginx/conf.d/rundeck.conf server { listen 443 ssl; server_name rundeck.yallalabs.local; # Replace it with your Subdomain access_log /var/log/nginx/rundeck.yallalabs.local.access.log; ssl_certificate /etc/nginx/rundeck.crt; ssl_certificate_key /etc/nginx/rundeck.key; ssl on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_prefer_server_ciphers on; location / { #add_header Front-End-Https on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://localhost:4440; proxy_read_timeout 90; proxy_redirect http://localhost:4440 https://rundeck.yallalabs.local; # Replace it with your Subdomain } } server { listen 80; server_name rundeck.yallalabs.local; # Replace it with your Subdomain return 301 https://$host$request_uri; }
– Open the framework.properties file and modify it as below:
# vi /etc/rundeck/framework.properties ####################################################### ############### HTTPS ######################### framework.server.name = rundeck.yallalabs.local # Replace it with your Subdomain framework.server.hostname = rundeck.yallalabs.local # Replace it with your Subdomain framework.server.port = 4440 framework.server.url = https://rundeck.yallalabs.local # Replace it with your Subdomain
– Open rundeck-config.properties file and replace the value of the grails.serverURL by the Sudomain URL of your Rundeck server:
# vi /etc/rundeck/rundeck-config.properties
# change hostname here
###############################################
grails.serverURL=https://rundeck.yallalabs.local # Replace it with your Subdomain
– Finaly restart the Rundeck daemon and the Nginx:
# /etc/init.d/rundeckd restart Restarting rundeckd (via systemctl): [ OK ] # Systemctl restart nginx
– If you installed Rundeck and Nginx on CentOS 7 or RHEL 7 and the Selinux is enabled you need to execute the following command:
# setsebool -P httpd_can_network_connect=1
We hope this tutorial was enough helpful. If you need more information, or have any questions, just comment below and we will be glad to assist you!
PS. If you like this post please share it with your friends on the social networks using the buttons below.Thanks.