How to Install Jenkins on Rocky Linux 9 for CI/CD Automation

Jenkins is a widely used open-source automation platform designed to support continuous integration and continuous delivery (CI/CD) workflows. Built using Java, Jenkins assists developers in automating software builds, tests, and deployments. It comes with a rich ecosystem of plugins to streamline testing processes and codebase changes.

This guide will show you how to set up Jenkins on a Rocky Linux 9 system. You will verify the setup using both the Jenkins web interface and command-line tools, and learn how to configure it for top-tier performance.

Requirements

Before proceeding, ensure the following prerequisites are met:

• Access to a Rocky Linux 9 server using a non-root account with sudo privileges.
• An A record pointing to your server’s IP address, such as example.com.

Installing Java

Since Jenkins relies on the Java Development Kit (JDK), it must be installed along with its dependencies. Here’s how to do it on Rocky Linux 9:

Step 1: Update Your System

Refresh the system package index:

$ sudo dnf update -y

Step 2: Install OpenJDK 21

Install version 21 of OpenJDK (or choose the latest one from the official OpenJDK page):

$ sudo dnf install -y java-21-openjdk

Step 3: Switch to OpenJDK 21 (If Necessary)

If your system defaults to an older version of Java, switch to OpenJDK 21 manually:

$ sudo alternatives --config java

When prompted, you’ll see a list like the following:

There are two programs which provide 'java'.

  Selection    Command
-----------------------------------------------
*+ 1           java-1.8.0-openjdk.x86_64 (/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.442.b06-2.el9.x86_64/jre/bin/java)
   2           java-21-openjdk.x86_64 (/usr/lib/jvm/java-21-openjdk-21.0.6.0.7-1.el9.x86_64/bin/java)

Enter to keep the current selection[+], or type selection number:

Choose option 2 to activate OpenJDK 21.

Step 4: Confirm Java Installation

Ensure Java is properly installed with:

$ java -version

Expected output:

openjdk 21.0.6 2025-01-21 LTS
OpenJDK Runtime Environment (Red_Hat-21.0.6.0.7-1) (build 21.0.6+7-LTS)
OpenJDK 64-Bit Server VM (Red_Hat-21.0.6.0.7-1) (build 21.0.6+7-LTS, mixed mode, sharing)

Setting Up Jenkins

To install Jenkins using DNF on Rocky Linux 9, follow these steps:

Step 1: Add the Jenkins Repository

Download the latest stable repository configuration file:

$ sudo wget https://pkg.jenkins.io/redhat-stable/jenkins.repo -O /etc/yum.repos.d/jenkins.repo

Step 2: Import the GPG Key

Import the appropriate GPG key for your Jenkins version:

$ sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io-2023.key

Step 3: Install Jenkins

Now install Jenkins via DNF:

$ sudo dnf install -y jenkins

Step 4: Start Jenkins

Launch the Jenkins service:

$ sudo systemctl start jenkins

Step 5: Enable Jenkins at Boot

Ensure Jenkins starts automatically on boot:

$ sudo systemctl enable jenkins

Step 6: Check Jenkins Service Status

Use this command to verify Jenkins is running:

$ sudo systemctl status jenkins

Sample output:

● jenkins.service - Jenkins Continuous Integration Server
     Loaded: loaded (/usr/lib/systemd/system/jenkins.service; enabled; preset: disabled)
     Active: active (running) since Sun 2025-02-23 10:45:53 UTC; 21s ago
   Main PID: 5166 (java)
      Tasks: 44 (limit: 11059)
     Memory: 407.4M
        CPU: 12.385s
     CGroup: /system.slice/jenkins.service
             └─5166 /usr/bin/java -Djava.awt.headless=true -jar /usr/share/java/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080
Feb 23 10:45:47 test-server jenkins[5166]: 69638179145e4a3fa6826e5fe6c427da
Feb 23 10:45:47 test-server jenkins[5166]: This may also be found at: /var/lib/jenkins/secrets/initialAdminPassword
Feb 23 10:45:47 test-server jenkins[5166]: *************************************************************
Feb 23 10:45:47 test-server jenkins[5166]: *************************************************************
Feb 23 10:45:47 test-server jenkins[5166]: *************************************************************
Feb 23 10:45:53 test-server jenkins[5166]: 2025-02-23 10:45:53.349+0000 [id=32]        INFO        jenkins.InitReactorRunner$1#onAttained: Completed initiali>
Feb 23 10:45:53 test-server jenkins[5166]: 2025-02-23 10:45:53.367+0000 [id=24]        INFO        hudson.lifecycle.Lifecycle#onReady: Jenkins is fully up an>
Feb 23 10:45:53 test-server systemd[1]: Started Jenkins Continuous Integration Server.
Feb 23 10:45:55 test-server jenkins[5166]: 2025-02-23 10:45:55.036+0000 [id=47]        INFO        h.m.DownloadService$Downloadable#load: Obtained the update>
Feb 23 10:45:55 test-server jenkins[5166]: 2025-02-23 10:45:55.038+0000 [id=47]        INFO        hudson.util.Retrier#start: Performed the action check upda>

Accessing the Jenkins Web Interface and Completing Initial Setup

To begin using Jenkins, you must first make the web interface accessible and go through the initial configuration steps.

Step 1: Open Port 8080 in the Firewall

Jenkins listens on port 8080 by default. Use the command below to allow traffic through that port:

$ sudo firewall-cmd --permanent --zone=public --add-port=8080/tcp

Then reload the firewall to apply the rule:

$ sudo firewall-cmd --reload

Step 2: Retrieve the Initial Admin Password

To unlock Jenkins, you need a password stored on the system. Run the command below to retrieve it:

$ sudo cat /var/lib/jenkins/secrets/initialAdminPassword

Copy the output from the terminal. This is your temporary admin password.

Step 3: Open Jenkins in Your Browser

In your browser, go to http://example.com:8080. Paste the copied password into the designated field and click Continue.

Step 4: Install Suggested Plugins

Choose Install suggested plugins to proceed with the default plugin setup recommended by Jenkins.

Step 5: Create an Admin Account

Next, complete the form to create your administrative user account. Click Save and Continue once you’re done.

Step 6: Confirm Jenkins Domain URL

Verify or update the Jenkins domain address to match your actual domain (e.g., example.com), then click Save and Finish.

Step 7: Open the Jenkins Dashboard

To finalize setup, click the Start using Jenkins button. The dashboard will now be accessible for further configuration.

Securing Jenkins with HTTPS via Let’s Encrypt and Nginx

Use the instructions below to secure Jenkins with SSL using Nginx as a reverse proxy and Let’s Encrypt via Certbot.

Step 1: Install Nginx

Begin by installing the Nginx web server:

$ sudo dnf install nginx -y

Step 2: Install Certbot and Plugin for Nginx

Install Certbot and its Nginx integration tool:

$ sudo dnf install -y certbot python3-certbot-nginx

Step 3: Allow Web Traffic Through the Firewall

Enable traffic on ports 80 (HTTP) and 443 (HTTPS):

$ sudo firewall-cmd --permanent --add-service=http
$ sudo firewall-cmd --permanent --add-service=https
$ sudo firewall-cmd --reload

Step 4: Request an SSL Certificate

Request a certificate for your domain using Certbot:

$ sudo certbot certonly --standalone -d example.com

Certbot will prompt for:

• Your email address.
• Agreement to terms of service.
• Whether to share your email with the EFF (optional).

After completing the prompts, Certbot will generate a valid TLS certificate.

Step 5: Enable and Start Nginx

Enable Nginx to launch at boot and start it immediately:

$ sudo systemctl enable --now nginx

Step 6: Allow Jenkins to Use the Network

Enable Jenkins to make network connections required for reverse proxying:

$ sudo setsebool -P httpd_can_network_connect 1

Step 7: Configure Nginx for Jenkins

Open the configuration file for Jenkins in Nginx:

$ sudo nano /etc/nginx/conf.d/jenkins.conf

Insert the following reverse proxy configuration:

server {
    listen 80;
    server_name example.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:8080;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;

        # WebSocket Support for Jenkins
        proxy_http_version 1.1;
        proxy_request_buffering off;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
}

Note: In the server_name directive, use only the domain name without https:// or a trailing slash.

Step 8: Test and Reload Nginx

Verify the configuration syntax:

$ sudo nginx -t

Expected output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Apply the changes:

$ sudo systemctl restart nginx

Step 9: Update Jenkins URL and Restart

Visit https://example.com to access Jenkins securely. To prevent proxy-related issues, update Jenkins to use HTTPS:

• Navigate to Manage Jenkins > System.
• Scroll to Jenkins Location.
• Change the URL from http://example.com:8080 to https://example.com/.
• Click Save.

Finally, restart Jenkins to apply the changes:

$ sudo systemctl restart jenkins

Optimize Jenkins for Improved Performance and Reliability

Adjusting System Resource Limits

Enhance Jenkins’s ability to handle more processes by modifying system-level resource constraints. Follow the steps below to boost the allowed number of open files.

Open the system limits configuration file:

$ sudo nano /etc/security/limits.conf

Add these entries before the #End of file comment to raise file descriptor limits for Jenkins:

jenkins soft nofile 65536  
jenkins hard nofile 65536

Save the file and then restart Jenkins:

$ sudo systemctl restart jenkins

Verify the updated limit by running:

$ cat /proc/$(pgrep -u jenkins java)/limits | grep "open files"

Expected output:

Max open files            524288               524288               files

Implementing a Jenkins Backup Routine

Safeguard Jenkins data by creating routine backups. Follow these steps to create and automate daily backups.

Create a directory for storing backup files:

$ mkdir ~/jenkins_backup

Manually copy Jenkins files to the backup folder:

$ sudo cp -r /var/lib/jenkins ~/jenkins_backup/

Edit your cron table to schedule an automatic backup at midnight daily:

$ crontab -e

Add the following line at the end:

0 0 * * * sudo cp -r /var/lib/jenkins ~/jenkins_backup/

Check if the cron job was added:

$ crontab -l

Confirm that the cron service is active:

$ sudo systemctl status crond

Expected status output:

● crond.service - Command Scheduler
     Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled; preset: enabled)
     Active: active (running) since Sun 2025-02-23 10:43:02 UTC; 1h 18min ago
   Main PID: 1348 (crond)
      Tasks: 1 (limit: 11059)
     Memory: 1.2M
        CPU: 66ms
     CGroup: /system.slice/crond.service
             └─1348 /usr/sbin/crond -n
...

Testing Jenkins Through the Web Interface

Open Jenkins in your browser and log into the dashboard. Click New Item, enter a job name like TestJob, choose Freestyle Project, and hit OK.

Go to the Build section and click Add build step > Execute shell.

Enter the following command:

$ echo "Hello, Jenkins!"

Click Save, then click Build Now to run the job.

After the build completes, click on the build number (e.g., #1), then go to Console Output to view the logs. If you see the message, your Jenkins setup is functional.

Testing Jenkins Using the CLI

You can also interact with Jenkins via its REST API and command-line tool. From the Jenkins dashboard, click your username in the top-right corner, go to the Security tab, and generate a new API token under the API Token section.

Download the CLI JAR file:

$ wget https://example.com/jnlpJars/jenkins-cli.jar

Move it to your preferred directory:

$ mv jenkins-cli.jar ~/jenkins-cli.jar

Test connectivity to Jenkins:

$ java -jar ~/jenkins-cli.jar -s https://example.com/ -auth your_username:your_api_token version

Expected output:

2.492.1

Trigger a Jenkins job remotely:

$ java -jar ~/jenkins-cli.jar -s https://example.com/ -auth your_username:your_api_token build TestJob

Check the output of the job:

$ java -jar ~/jenkins-cli.jar -s https://example.com/ -auth your_username:your_api_token console TestJob

Sample result:

Running as SYSTEM
Building in workspace /var/lib/jenkins/workspace/TestJob
[TestJob] $ /bin/sh -xe /tmp/jenkins132166175190200986.sh
+ echo 'Hello, Jenkins!'
Hello, Jenkins!
Finished: SUCCESS

Conclusion

You’ve now completed a secure installation of Jenkins on Rocky Linux 9, verified its operation through both GUI and CLI, and implemented optimizations and backups. You are now ready to integrate Jenkins with repositories, automate your deployment pipelines, and scale further as needed. Refer to the official Jenkins documentation for extended features and plugin integrations.