4.1 KiB
Jenkins NPM Proxy - Quick Reference
Date: 2026-02-09 Status: ✅ Firewall configured, NPM stream setup required
Current Configuration
Infrastructure
- NPM Server: 192.168.200.71 (Nginx Proxy Manager)
- Jenkins Server: 192.168.200.91 (dlx-sonar)
- Proxy Port: 2222 (NPM → Jenkins:22)
What's Done
✅ Jenkins SSH key created: /var/lib/jenkins/.ssh/id_rsa
✅ Public key added to jenkins server: ~/.ssh/authorized_keys
✅ NPM firewall configured: Port 2222 open
✅ Host vars updated: host_vars/npm.yml
✅ Documentation created
What's Remaining
⏳ NPM stream configuration (requires NPM Web UI) ⏳ Jenkins agent configuration update ⏳ Testing and verification
Quick Commands
Test SSH Through NPM
# After configuring NPM stream
ssh -p 2222 dlxadmin@192.168.200.71
Test as Jenkins User
ansible jenkins -m shell -a "sudo -u jenkins ssh -p 2222 -o StrictHostKeyChecking=no -i /var/lib/jenkins/.ssh/id_rsa dlxadmin@192.168.200.71 hostname" -b
Check NPM Firewall
ansible npm -m shell -a "ufw status | grep 2222" -b
View Jenkins SSH Key
# Public key
ansible jenkins -m shell -a "cat /var/lib/jenkins/.ssh/id_rsa.pub" -b
# Private key (for Jenkins credential)
ansible jenkins -m shell -a "cat /var/lib/jenkins/.ssh/id_rsa" -b
NPM Stream Configuration
Required Settings:
- Incoming Port:
2222 - Forwarding Host:
192.168.200.91 - Forwarding Port:
22 - TCP Forwarding:
Enabled - UDP Forwarding:
Disabled
Access NPM UI:
- URL: http://192.168.200.71:81
- Default: admin@example.com / changeme
- Go to: Streams → Add Stream
Jenkins Agent Configuration
Update in Jenkins UI (http://192.168.200.91:8080):
- Path: Manage Jenkins → Manage Nodes and Clouds → Select agent → Configure
- Change Host:
192.168.200.71(NPM server) - Change Port:
2222 - Keep Credentials:
dlx-key
Troubleshooting
Cannot connect to NPM:2222
# Check firewall
ansible npm -m shell -a "ufw status | grep 2222" -b
# Check if stream is configured
# Login to NPM UI and verify stream exists and is enabled
Authentication fails
# Verify public key is authorized
ansible jenkins -m shell -a "grep jenkins /home/dlxadmin/.ssh/authorized_keys" -b
Connection timeout
# Check NPM can reach Jenkins
ansible npm -m shell -a "nc -zv 192.168.200.91 22" -b
Files
- Documentation:
docs/NPM-SSH-PROXY-FOR-JENKINS.md - Quick Reference:
docs/JENKINS-NPM-PROXY-QUICK-REFERENCE.md - Setup Instructions:
/tmp/npm-stream-setup.txt - NPM Host Vars:
host_vars/npm.yml - Jenkins Host Vars:
host_vars/jenkins.yml - Playbook:
playbooks/configure-npm-ssh-proxy.yml
Architecture Diagram
Before:
Jenkins Agent → Router:22 → Jenkins:22
After (with NPM proxy):
Jenkins Agent → NPM:2222 → Jenkins:22
↓
Centralized logging
Access control
SSL/TLS support
Benefits
✅ Security: Centralized access point through NPM ✅ Logging: All SSH connections logged by NPM ✅ Flexibility: Easy to add more agents on different ports ✅ SSL Support: Can add SSL/TLS for encrypted tunneling ✅ Monitoring: NPM provides connection statistics
Next Steps After Setup
- ✅ Complete NPM stream configuration
- ✅ Update Jenkins agent settings
- ✅ Test connection
- ⏳ Update router port forwarding (if external access needed)
- ⏳ Restrict Jenkins SSH to NPM only (optional security hardening)
- ⏳ Set up monitoring/alerts for connection failures
Advanced: Restrict SSH to NPM Only
For additional security, restrict Jenkins SSH to only accept from NPM:
# Allow SSH only from NPM
ansible jenkins -m community.general.ufw -a "rule=allow from=192.168.200.71 to=any port=22 proto=tcp" -b
# Remove general SSH rule (if you want strict restriction)
# ansible jenkins -m community.general.ufw -a "rule=delete port=22 proto=tcp" -b
⚠️ Warning: Only do this after confirming NPM proxy works, or you might lock yourself out!