I have a Jenkins docker container running on a ubuntu 20.04 machine.
I have a job on my Jenkins which polls a GitLab repository and uses MVN to deploy it on a Nexus server.
What I want to do is to close all ports in my server so I can reduce the risk of being hacked but I don't know which ports should I leave open apart from 8080 and 50000.
Jenkins: jenkins/jenkins:2.361.1-lts-jdk11
Shell Scripts that jenkins executes:
export MAVEN_HOME=/var/apache-maven-3.8.6
export PATH=$PATH:$MAVEN_HOME/bin
cd myproject
mvn clean package deploy
Thank you in advance.
If you want to check what ports are exposed in the Docker image, you can simply use the docker inspect command.
docker inspect jenkins/jenkins:2.361.1-lts-jdk11
The above command will return the following, here you just search for ExposedPorts.
[
{
"Id": "sha256:729c87ece8d086b05a3a67e1f7b7a7e669c3a50db75ea2440dd6099a3f887111",
"RepoTags": [
"jenkins/jenkins:2.361.1-lts-jdk11"
],
"RepoDigests": [
"jenkins/jenkins@sha256:5508cb1317aa0ede06cb34767fb1ab3860d1307109ade577d5df871f62170214"
],
"Parent": "",
"Comment": "buildkit.dockerfile.v0",
"Created": "2022-09-07T12:02:24.712441461Z",
"Container": "",
"ContainerConfig": {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": null,
"Cmd": null,
"Image": "",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": null
},
"DockerVersion": "",
"Author": "",
"Config": {
"Hostname": "",
"Domainname": "",
"User": "jenkins",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"50000/tcp": {},
"8080/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/opt/java/openjdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"LANG=C.UTF-8",
"JENKINS_HOME=/var/jenkins_home",
"JENKINS_SLAVE_AGENT_PORT=50000",
"REF=/usr/share/jenkins/ref",
"JENKINS_VERSION=2.361.1",
"JENKINS_UC=https://updates.jenkins.io",
"JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental",
"JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals",
"COPY_REFERENCE_FILE_LOG=/var/jenkins_home/copy_reference_file.log",
"JAVA_HOME=/opt/java/openjdk"
],
"Cmd": null,
"Image": "",
"Volumes": {
"/var/jenkins_home": {}
},
"WorkingDir": "",
"Entrypoint": [
"/usr/bin/tini",
"--",
"/usr/local/bin/jenkins.sh"
],
"OnBuild": null,
"Labels": {
"org.opencontainers.image.description": "The Jenkins Continuous Integration and Delivery server",
"org.opencontainers.image.licenses": "MIT",
"org.opencontainers.image.revision": "00d1edcbf6e0bd78ff5b359731310b91bdac9b07",
"org.opencontainers.image.source": "https://github.com/jenkinsci/docker",
"org.opencontainers.image.title": "Official Jenkins Docker image",
"org.opencontainers.image.url": "https://www.jenkins.io/",
"org.opencontainers.image.vendor": "Jenkins project",
"org.opencontainers.image.version": "2.361.1"
}
},
"Architecture": "amd64",
"Os": "linux",
"Size": 463047412,
"VirtualSize": 463047412,
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/b87f7dbd3ccb73d1d498c6c4776983a4a9987ed321a7879bbba8f1fc6b24c349/diff:/var/lib/docker/overlay2/dbe3badbc23d551bc9c75baf27268489a6aad4b20430ac97ef2e1aad55a8fc07/diff:/var/lib/docker/overlay2/ae3db8be1ef114178bafc0054933f73dcc2672f9dd1fe4a86a1391a5669ee0ed/diff:/var/lib/docker/overlay2/963904c7b1cd906120b6dc3fbefcbf954735d95cdbc81358909ca0ad891a996b/diff:/var/lib/docker/overlay2/da6f957a0563ce381dece995353e75e3bc94ad048892dcfa831f8a2e41528815/diff:/var/lib/docker/overlay2/7a963ecdeabc85980fbc61bc401818a58572eb3856885542ab9b3ecd7e3f2205/diff:/var/lib/docker/overlay2/9024a41086f6c2fa44bafc813dcbcebd01c83124a7da1e245d5b274b33aa43ff/diff:/var/lib/docker/overlay2/e2ee20b24525e750dc228ea17e3ac7debab0db6b11a4a113bec7737b9e4cd1af/diff:/var/lib/docker/overlay2/9ac2fb80407369d732fce5756bc6f7509874ae8072a5b368bc396757978f0773/diff:/var/lib/docker/overlay2/16c96992e082851b7745a3697da020f7ff7b2c0b11a85bbcff577a5c0018d6a1/diff:/var/lib/docker/overlay2/90477c9091098ece50aa59df3c6965984c3db0ad92f41817fb2cb6d410f68d5e/diff:/var/lib/docker/overlay2/953b244f3ee262704ce382a6edc573e4d0c2713c3311448bbc5fd6799a3217a1/diff:/var/lib/docker/overlay2/98b91e296c5b64b6d46d07e5e3f2a1ce93df7eb475d679a7e7c6c5ee34e05848/diff",
"MergedDir": "/var/lib/docker/overlay2/f4c663aa276a1d387f6d6b83d2bdb8b930d611eb1b0908b7968af790b1953b93/merged",
"UpperDir": "/var/lib/docker/overlay2/f4c663aa276a1d387f6d6b83d2bdb8b930d611eb1b0908b7968af790b1953b93/diff",
"WorkDir": "/var/lib/docker/overlay2/f4c663aa276a1d387f6d6b83d2bdb8b930d611eb1b0908b7968af790b1953b93/work"
},
"Name": "overlay2"
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:655ed1b7a4286ce965b8942644f665a3aeafac315f023b3d75fabdbd4be12dd0",
"sha256:779f8dcd48f34bfb946def82db3a86d6fee2bb748581760c881c5c060d092d74",
"sha256:e0cd100d360aa393a2f39b62cca696a7e2473a4d7b7817512e96ce012825be53",
"sha256:7a13cfef6bfb48ba9a5c7c01128a8086fac8c37c5d2dbf88011111563f4a2886",
"sha256:78f002e1bbe170bca49b0ccef164cd1003147a4f9f6dc9938de5b9a6e8f19181",
"sha256:ad523594e9e53b54703f16719d1ab3440350de903c2c581425beea83b42e1771",
"sha256:f97af4a3e6aa490a998f85444c920a43269e47640d79ac59b50ee116794d995f",
"sha256:c8e36c3abfeb923187cfb6cfb9e83c1cee459cb5818d164b38a743153f7ffe23",
"sha256:cb9ff824ca721a77c158cce3d983020f1a0042bdc284b45c2a37697c2c65531a",
"sha256:b3cc6a740db6e2e397ee237d8261e0c36feef10c455c238f54135c6a622d2572",
"sha256:9b4d672df3fcd3e28763814721b8a6414f8abac12dd286330048eb2cc9b0aa67",
"sha256:ce15115060ae8e8115c9f064c05e43cfc03007d26ad5ae2e3e3331cf87564e36",
"sha256:edabf843284bdb6f2ee6d9c75c8a426dfdf0a42b435ea1db71096b03417b413f",
"sha256:be8aebf98af007c3edf440d82b08eedf280e5e87fea260e66095577faf8be7af"
]
},
"Metadata": {
"LastTagTime": "0001-01-01T00:00:00Z"
}
}
]