# Jenkins NPM Proxy - Quick Reference **Date**: 2026-02-09 **Status**: ✅ Firewall configured, NPM stream setup required ## Current Configuration ### Infrastructure - **NPM Server**: 192.168.200.71 (Nginx Proxy Manager) - **Jenkins Server**: 192.168.200.91 (dlx-sonar) - **Proxy Port**: 2222 (NPM → Jenkins:22) ### What's Done ✅ Jenkins SSH key created: `/var/lib/jenkins/.ssh/id_rsa` ✅ Public key added to jenkins server: `~/.ssh/authorized_keys` ✅ NPM firewall configured: Port 2222 open ✅ Host vars updated: `host_vars/npm.yml` ✅ Documentation created ### What's Remaining ⏳ NPM stream configuration (requires NPM Web UI) ⏳ Jenkins agent configuration update ⏳ Testing and verification ## Quick Commands ### Test SSH Through NPM ```bash # After configuring NPM stream ssh -p 2222 dlxadmin@192.168.200.71 ``` ### Test as Jenkins User ```bash ansible jenkins -m shell -a "sudo -u jenkins ssh -p 2222 -o StrictHostKeyChecking=no -i /var/lib/jenkins/.ssh/id_rsa dlxadmin@192.168.200.71 hostname" -b ``` ### Check NPM Firewall ```bash ansible npm -m shell -a "ufw status | grep 2222" -b ``` ### View Jenkins SSH Key ```bash # Public key ansible jenkins -m shell -a "cat /var/lib/jenkins/.ssh/id_rsa.pub" -b # Private key (for Jenkins credential) ansible jenkins -m shell -a "cat /var/lib/jenkins/.ssh/id_rsa" -b ``` ## NPM Stream Configuration **Required Settings**: - Incoming Port: `2222` - Forwarding Host: `192.168.200.91` - Forwarding Port: `22` - TCP Forwarding: `Enabled` - UDP Forwarding: `Disabled` **Access NPM UI**: - URL: http://192.168.200.71:81 - Default: admin@example.com / changeme - Go to: **Streams** → **Add Stream** ## Jenkins Agent Configuration **Update in Jenkins UI** (http://192.168.200.91:8080): - Path: **Manage Jenkins** → **Manage Nodes and Clouds** → Select agent → **Configure** - Change **Host**: `192.168.200.71` (NPM server) - Change **Port**: `2222` - Keep **Credentials**: `dlx-key` ## Troubleshooting ### Cannot connect to NPM:2222 ```bash # Check firewall ansible npm -m shell -a "ufw status | grep 2222" -b # Check if stream is configured # Login to NPM UI and verify stream exists and is enabled ``` ### Authentication fails ```bash # Verify public key is authorized ansible jenkins -m shell -a "grep jenkins /home/dlxadmin/.ssh/authorized_keys" -b ``` ### Connection timeout ```bash # Check NPM can reach Jenkins ansible npm -m shell -a "nc -zv 192.168.200.91 22" -b ``` ## Files - **Documentation**: `docs/NPM-SSH-PROXY-FOR-JENKINS.md` - **Quick Reference**: `docs/JENKINS-NPM-PROXY-QUICK-REFERENCE.md` - **Setup Instructions**: `/tmp/npm-stream-setup.txt` - **NPM Host Vars**: `host_vars/npm.yml` - **Jenkins Host Vars**: `host_vars/jenkins.yml` - **Playbook**: `playbooks/configure-npm-ssh-proxy.yml` ## Architecture Diagram ``` Before: Jenkins Agent → Router:22 → Jenkins:22 After (with NPM proxy): Jenkins Agent → NPM:2222 → Jenkins:22 ↓ Centralized logging Access control SSL/TLS support ``` ## Benefits ✅ **Security**: Centralized access point through NPM ✅ **Logging**: All SSH connections logged by NPM ✅ **Flexibility**: Easy to add more agents on different ports ✅ **SSL Support**: Can add SSL/TLS for encrypted tunneling ✅ **Monitoring**: NPM provides connection statistics ## Next Steps After Setup 1. ✅ Complete NPM stream configuration 2. ✅ Update Jenkins agent settings 3. ✅ Test connection 4. ⏳ Update router port forwarding (if external access needed) 5. ⏳ Restrict Jenkins SSH to NPM only (optional security hardening) 6. ⏳ Set up monitoring/alerts for connection failures ## Advanced: Restrict SSH to NPM Only For additional security, restrict Jenkins SSH to only accept from NPM: ```bash # Allow SSH only from NPM ansible jenkins -m community.general.ufw -a "rule=allow from=192.168.200.71 to=any port=22 proto=tcp" -b # Remove general SSH rule (if you want strict restriction) # ansible jenkins -m community.general.ufw -a "rule=delete port=22 proto=tcp" -b ``` ⚠️ **Warning**: Only do this after confirming NPM proxy works, or you might lock yourself out!