1. Prerequisites
SUSE Linux server with Jenkins already installed and running on port 8080.
A domain name pointing to your server (e.g., abc.com).
An SSL certificate (Company certificate) has already been issued (e.g., .crt + .key files, and possibly a CA bundle).
Root or sudo privileges.
2. Install Apache httpd
sudo zypper refresh
sudo zypper install apache2 apache2-utils
Enable and start Apache:
sudo systemctl enable apache2
sudo systemctl start apache2
Check status:
systemctl status apache2
3. Enable Required Apache Modules
Apache needs proxy, proxy_http, ssl, and headers modules:
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod ssl
sudo a2enmod headers
Verify the module is already enabled
sudo apache2ctl -M | grep ssl
If you don’t see ssl_module (shared), then enable it:
Edit /etc/sysconfig/apache2, find the APACHE_MODULES= line and add ssl.Like:
APACHE_MODULES="... proxy proxy_http headers ssl ..."
Also ensure APACHE_SERVER_FLAGS includes SSL so SSL-vhost stuff is actually activated. Something like:
APACHE_SERVER_FLAGS="SSL"
Then reload apache modules / restart Apache:
sudo systemctl restart apache2
4. Place Your SSL Certificate
Copy your certificate and key files into a secure directory:
/etc/pki/tls/certs/abc.com.crt → your certificate
/etc/pki/tls/private/abc.com.key → your private key
/etc/pki/tls/certs/wildcard.abc.com_ca_bundle.crt (optional, if provided by CA)
5. Configure Apache VirtualHost for Jenkins
5.1 Create or edit a config file for the Jenkins service:
sudo nano /etc/apache2/vhosts.d/jenkins.conf
Add this configuration (replace plm-jenkins-dev.konecranes.com with your domain):
<VirtualHost *:80>
ServerName plm-jenkins-dev.abc.com
Redirect permanent / https://plm-jenkins-dev.abc.com/
</VirtualHost>
<VirtualHost *:443>
ServerName plm-jenkins-dev.konecranes.com
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/wildcard.abc.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/wildcard.abc.com.key
SSLCertificateChainFile /etc/pki/tls/certs/wildcard.abc.com_ca_bundle.crt
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Proxy http://localhost:8080/jenkins*>
Require all granted
</Proxy>
ProxyPass /jenkins http://localhost:8080/jenkins nocanon
ProxyPassReverse /jenkins http://localhost:8080/jenkins
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
</VirtualHost>
5.2 Edit the Apache service config file to let it run on the 443 port :
sudo nano /etc/apache2/httpd.conf
Add this configuration (add from the top of the file):
ServerName plm-jenkins-dev.abc.com
6. Restart Apache
Verify the previous configuration:
sudo apache2ctl configtest → If you see y Syntax OK
Restart the service
sudo systemctl restart apache2
7. Configure Jenkins
Ensure Jenkins is aware it’s behind HTTPS.
7.1 Open Jenkins config file:
sudo nano /etc/sysconfig/jenkins
Add this line if missing:
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --prefix=/jenkins"
Environment="JENKINS_PREFIX=/jenkins"
7.2 Open the Jenkins start-up configuration file (from Jenkins 2.3xx we have to apply the change here)
sudo systemctl edit jenkins
Add the value below (from the 3rd rows at the top)
[Service]
Environment="JENKINS_PREFIX=/jenkins"
Then restart the service
sudo systemctl daemon-reload
sudo systemctl restart jenkins
7.3 Inside Jenkins UI → Manage Jenkins → Configure System → set Jenkins URL:
http://plm-jenkins-dev.abc.com/jenkins
7.4 Restart Jenkins:
sudo systemctl restart jenkins
- Verify Open in browser:
https://plm-jenkins-dev.abc.com/jenkins
You should see Jenkins running securely with your SSL certificate.
(Optional) Block direct port 8080 access:
sudo firewall-cmd --permanent --remove-port=8080/tcp
sudo firewall-cmd --reload