Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

The links on this page no longer work, we've moved to Azure and are going to add a reverse proxy server to avoid having to expose ports on the hosts.

...

java-demo  

...

3306 database internal

...

GMC Connect Mocks

...

sebp/elk

...

5601 external Kibana UI,

9200 external Elastic Search,

5044 internal Log stash

...

hee-filebeat 

...

9090 internal

9092 internal (docker container)

...

Table of Contents

Security tweak required for BDD error report image display on Jenkins 2.7.2

Ref: https://content-security-policy.com/  and  https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+PolicyFollow one of the URL's below, logging in to Jenkins with user that has admin rights:-
Jenkins URL (AWS EC2) : http://ec2-52-17-13-23.eu-west-1.compute.amazonaws.com:9090/script 

Jenkins URL (Azure VM) : https://build-hee.transformcloud.net/jenkins/script

Code Block
System.setProperty(hudson.model.DirectoryBrowserSupport.class.getName() + ".CSP", "script-src 'unsafe-inline' 'self';")

...


System.setProperty("jenkins.model.DirectoryBrowserSupport.CSP", "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';")




To persist the security changes the following command can be executed from the command line :

Code Block
$ java -Dhudson.model.DirectoryBrowserSupport.CSP="sandbox allow-scripts; default-src 'self'; script-src * 'unsafe-eval'; img-src *; style-src * 'unsafe-inline'; font-src *" -jar jenkins.war



NOTE : The web browser refresh does not always reload the page with the new relaxed rules due to caching.  To be sure ensure this doesn't happen it's advised to restart your browser.


If this needs to be reset to default (more secure) the run the following command : 

Code Block
System.clearProperty("hudson.model.DirectoryBrowserSupport.CSP")