This example shows how to protect a Jenkins server using Authentiq.
It runs an Nginx (actually OpenResty) proxy in front of a standard Jenkins server using Docker. The proxy is responsible for authenticating users before passing them through to Jenkins.
In the Quickstart all authenticated users are given the same access privileges in Jenkins.
Read the follow-up to understand how to configure the (included) Reverse Proxy Auth Plugin to secure more fine grained access controls.
Sign in to the Authentiq Dashboard to create a new client for you Jenkins server.
client_secretinto the jenkins_access.lua file.
Also change the
whitelisted_domainvariable to match your email domain.
And access the Jenkins server via http://localhost:8080/. You should be redirected to Authentiq to sign in.
Even though only people with a whitelisted email address can access the server in this configuration, Jenkins is unaware of the user who authenticated. As such, this works well if your Jenkins server has the "Enable security" feature disabled.
The next two configurations use the Reverse Proxy Auth Plugin to retrieve the authenticated user in Jenkins.
The Dockerfile-jenkins in this repository has it enabled already.
Logged-in users can do anything
If you just want to use a different account for each user, but generally all users are equal, then enable "Logged-in users can do anything" on the security settings page.
If you prefer to have different access rights for each user, then use the Matrix Authorization Strategy to define those user privileges for (some of) the authenticated users.
Do let us know how you get on!