Straight to the point. The basic idea is to hide Jenkins behind an Apache reverse proxy. I’m using cPanel on CentOS – and cPanel doesn’t like fiddling with httpd.conf. You’ll find lines like this in it:

# To customize this VirtualHost use an include file at the following location
# Include "/usr/local/apache/conf/userdata/std/2_4/user/domain.com/*.conf"

I created two config files – I want to set up proxy and redirect non-HTTPS requests to HTTPS:

"/usr/local/apache/conf/userdata/ssl/2_4/user/domain.com/ssl.conf":

ProxyRequests     Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode

<Proxy *>
 Order deny,allow
 Allow from all
</Proxy>

ProxyPass         /  http://localhost:8080/ nocanon
ProxyPassReverse  /  http://localhost:8080/

RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"

"/usr/local/apache/conf/userdata/std/2_4/user/domain.com/redirect.conf"

RewriteCond %{REQUEST_URI} !^/.well-known
RewriteRule (.*) https://jenkins.domain.com/$1 [R=301,L]

After that, run commands to refresh the configs and restart Apache:

$ /usr/local/cpanel/bin/apache_conf_distiller --update
$ /usr/local/cpanel/bin/build_apache_conf
$ service httpd restart

And we’re done!

UPDATE – iptables rule to block port 8080 traffic outside of localhost:

iptables -A INPUT -p tcp --dport 8080 -s localhost -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j DROP