On Fri, Jul 24, 2020 at 9:12 AM Gianluca <gmax...@gmail.com> wrote: > Trying to guess: > > " java.net.SocketException: Permission denied" > > this smells of Java not running with enough privileges to open ports below > 1024 > Usually on Linux systems only root can open such ports. > > As further help with that, you might try the guidance for "Running Jenkins behind iptables <https://www.jenkins.io/doc/book/system-administration/reverse-proxy-configuration-with-jenkins/#running-jenkins-behind-iptables>" . That section of the reverse proxy configuration document uses the Linux kernel's iptables facility to route traffic from the privileged port (80 or 443) to an unprivileged port (usually 8080). The document is only recently merged and we'd love to have feedback. corrections, and improvements to it.
Mark Waite > > On Friday, 24 July 2020 16:04:36 UTC+1, gaiseric.vandal wrote: >> >> I am setting up jenkins on an CentOS 8 machine. Currently have one >> running under Ubuntu 16. >> >> >> On the new machine, I am unable to get HTTPS working, even tho the config >> seems the same as the other machine. >> >> >> My partial config file is >> >> >> >> # cat /etc/sysconfig/jenkins >> # >> JENKINS_HOME="/var/lib/jenkins" >> JENKINS_JAVA_CMD="" >> JENKINS_USER="jenkins" >> #JENKINS_INSTALL_SKIP_CHOWN="false" >> JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true" >> JENKINS_PORT="8080" >> JENKINS_LISTEN_ADDRESS="" >> JENKINS_HTTPS_PORT="443" >> JENKINS_HTTPS_KEYSTORE="/etc/jenkins/jenkins.jks" >> JENKINS_HTTPS_KEYSTORE_PASSWORD="xxxxxxx" >> JENKINS_HTTPS_LISTEN_ADDRESS="0.0.0.0" >> JENKINS_HTTP2_PORT="" >> JENKINS_HTTP2_LISTEN_ADDRESS="" >> JENKINS_DEBUG_LEVEL="5" >> JENKINS_ENABLE_ACCESS_LOG="no" >> JENKINS_HANDLER_MAX="100" >> >> JENKINS_HANDLER_IDLE="20" >> JENKINS_EXTRA_LIB_FOLDER="" >> JENKINS_ARGS="" >> # >> >> >> >> >> I am quite certain I have the key store correct >> >> >> I set up with >> >> keytool -genkey -alias servername.mydomain.com -keyalg RSA >> -keystore /etc/jenkins/jenkins.jks -keysize 2048 >> >> Then generated a CSR, had it signed by our internal CA. >> >> Also imported the certificates for the CA's. >> >> >> >> >> >> I have the following errors >> >> >> $ cat /var/log/jenkins/jenkins.log >> >> Running from: /usr/lib/jenkins/jenkins.war >> >> Exception in thread "Jenkins initialization thread" >> java.lang.NoClassDefFoundError: hudson/util/HudsonFailedToLoad >> >> at hudson.WebAppMain$3.run(WebAppMain.java:276) >> >> Caused by: java.lang.ClassNotFoundException: >> hudson.util.HudsonFailedToLoad >> >> at java.net.URLClassLoader.findClass(Unknown Source) >> >> at java.lang.ClassLoader.loadClass(Unknown Source) >> >> at java.lang.ClassLoader.loadClass(Unknown Source) >> >> at >> org.eclipse.jetty.webapp.WebAppClassLoader.loadClass(WebAppClassLoader.java:543) >> >> at java.lang.ClassLoader.loadClass(Unknown Source) >> >> ... 1 more >> >> java.io.IOException: Failed to start Jetty >> >> at winstone.Launcher.<init>(Launcher.java:184) >> >> at winstone.Launcher.main(Launcher.java:355) >> >> at >> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) >> >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) >> >> at java.lang.reflect.Method.invoke(Unknown Source) >> >> at Main._main(Main.java:375) >> >> at Main.main(Main.java:151) >> >> Caused by: java.net.SocketException: Permission denied >> >> at sun.nio.ch.Net.bind0(Native Method) >> >> at sun.nio.ch.Net.bind(Unknown Source) >> >> at sun.nio.ch.Net.bind(Unknown Source) >> >> at sun.nio.ch.ServerSocketChannelImpl.bind(Unknown >> Source) >> >> at sun.nio.ch.ServerSocketAdaptor.bind(Unknown >> Source) >> >> at >> org.eclipse.jetty.server.ServerConnector.openAcceptChannel(ServerConnector.java:342) >> >> at >> org.eclipse.jetty.server.ServerConnector.open(ServerConnector.java:307) >> >> at >> org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:80) >> >> at >> org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:231) >> >> at >> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >> >> at >> org.eclipse.jetty.server.Server.doStart(Server.java:385) >> >> at >> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >> >> at winstone.Launcher.<init>(Launcher.java:182) >> >> ... 7 more >> >> $ >> >> >> >> I also tried extracting the key and cert and tried the following >> >> /etc/alternatives/java -Dcom.sun.akuma.Daemon=daemonized >> -Djava.awt.headless=true -DJENKINS_HOME=/var/lib/jenkins -jar >> /usr/lib/jenkins/jenkins.war --logfile=/var/log/jenkins/jenkins.log >> --webroot=/var/cache/jenkins/war --daemon --httpPort=8080 --httpsPort=443 >> --httpsListenAddress=0.0.0.0 --debug=5 --handlerCountMax=100 >> --handlerCountMaxIdle=20 --httpsCertificate=/etc/jenkins/jenkins.cer >> --httpsPrivateKey=/etc/jenkins/jenkins.key >> >> >> >> Same errors. >> >> >> I disabled selinux. Did not help. >> >> >> Tried linking /etc/alternative/java (default in the search path ) to >> Oracle 8 Java, OpenJDK8 and OpenJDK11. No luck. >> >> >> >> Appreciate any advice. >> >> >> Thanks >> >> >> >> >> -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/3eb7bec5-af4e-4f6b-ad4b-ba069b9f0f4do%40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-users/3eb7bec5-af4e-4f6b-ad4b-ba069b9f0f4do%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtGhR8Oeo8oM2M6WC%2BUgzPZ7L7s2wPuH7x%2B0DTuaR1njOg%40mail.gmail.com.
