Deploy your Bitnami Jenkins Stack on AWS Cloud now! Launch Now

Bitnami Jenkins for AWS Cloud


Jenkins is the leading open source Continuous Integration and Continuous Delivery (CI/CD) server that enables the automation of building, testing, and shipping software projects.

First steps with the Bitnami Jenkins Stack

Welcome to your new Bitnami application running on Amazon Web Services! Here are a few questions (and answers!) you might need when first starting with your application.

What credentials do I need?

You need two sets of credentials:

  • The application credentials that allow you to log in to your new Bitnami application. These credentials consist of a username and password.
  • The server credentials that allow you to log in to your AWS Cloud server using an SSH client and execute commands on the server using the command line. These credentials consist of an SSH username and key.

Watch the following video to learn quickly how to obtain the application credentials of those applications deployed using the AWS Console:

What are the default ports?

A port is an endpoint of communication in an operating system that identifies a specific process or a type of service. Bitnami stacks include several services or servers that require a port.

Remember that if you need to open some ports you can follow the instructions given in the FAQ to learn how to open the server ports for remote access.

Port 22 is the default port for SSH connections.

Bitnami opens some ports for the main servers. These are the ports opened by default: 80, 443.

How to start or stop the services?

Each Bitnami stack includes a control script that lets you easily stop, start and restart services. The script is located at /opt/bitnami/ Call it without any service name arguments to start all services:

$ sudo /opt/bitnami/ start

Or use it to restart a single service, such as Apache only, by passing the service name as argument:

$ sudo /opt/bitnami/ restart apache

Use this script to stop all services:

$ sudo /opt/bitnami/ stop

Restart the services by running the script without any arguments:

$ sudo /opt/bitnami/ restart

Obtain a list of available services and operations by running the script without any arguments:

$ sudo /opt/bitnami/

How to install plugins for Jenkins?

To install and use a Jenkins plugin, you must manually create the plugin directories under the /opt/bitnami directory and change the directory ownership to the tomcat user. For example, to use the Gradle plugin with Jenkins, follow these steps:

$ cd /opt/bitnami
$ sudo mkdir .gradle
$ sudo chown -R tomcat:tomcat .gradle

How to create a full backup of Jenkins?


The Bitnami Jenkins Stack is self-contained and the simplest option for performing a backup is to copy or compress the Bitnami stack installation directory. To do so in a safe manner, you will need to stop all servers, so this method may not be appropriate if you have people accessing the application continuously.

Follow these steps:

  • Change to the directory in which you wish to save your backup:

      $ cd /your/directory
  • Stop all servers:

      $ sudo /opt/bitnami/ stop
  • Create a compressed file with the stack contents:

      $ sudo tar -pczvf application-backup.tar.gz /opt/bitnami
  • Restart all servers:

      $ sudo /opt/bitnami/ start

You should now download or transfer the application-backup.tar.gz file to a safe location.


Follow these steps:

  • Change to the directory containing your backup:

      $ cd /your/directory
  • Stop all servers:

      $ sudo /opt/bitnami/ stop
  • Move the current stack to a different location:

      $ sudo mv /opt/bitnami /tmp/bitnami-backup
  • Uncompress the backup file to the original directoryv

      $ sudo tar -pxzvf application-backup.tar.gz -C /
  • Start all servers:

      $ sudo /opt/bitnami/ start

If you want to create only a database backup, refer to these instructions for MySQL and PostgreSQL.

How to upgrade Jenkins?

To upgrade Jenkins without losing your data, download the latest jenkins.war file, copy it to your apache-tomcat/webapps directory and restart Tomcat.

It is recommended to create a backup of the previous jenkins.war file. You may want to revert to the previous version if you find any issues after upgrading.

Upgrading only Jenkins

Execute the following steps to upgrade only Jenkins:

  • Stop the server:

     $ sudo /opt/bitnami/ stop tomcat
  • Copy your previous .war file in case you need to restore it:

     $ cd /opt/bitnami
     $ cp apache-tomcat/webapps/jenkins.war apps/jenkins/jenkins.war.bak
  • Remove all Jenkins files to force Tomcat to deploy the new version:

     $ rm -r apache-tomcat/webapps/jenkins
     $ rm -r apache-tomcat/webapps/jenkins.war
     $ rm -r apache-tomcat/work/Catalina/localhost/jenkins
  • Download the new version of Jenkins:

     $ wget
     $ mv jenkins.war apache-tomcat/webapps/
  • Start the server:

     $ sudo /opt/bitnami/ start tomcat

Upgrading all the components

Start a new image with the latest Jenkins version and move the content of /opt/bitnami/apps/jenkins/jenkins_home in your current installation to the new installation. Then, restart the server.

Upgrading Jenkins plugins

To upgrade the Jenkins plugins to the latest version, please follow these instructions:

  • Enter the server's IP in your browser, then log in to the Jenkins dashboard using your credentials.

  • Click on "Manage Jenkins" in order to access the admin panel:

    Access to Manage Jenkins

  • Click on "Manage Plugins":

    Access to Manage Plugins

  • On the resulting page, click on "Download now and install after restart":

    Update all plugins

Jenkins will now download the latest version of your plugins and will install them automatically.

How to enable SSL access over HTTPS?

You can configure Apache Tomcat to enable SSL access to applications using HTTPS. It is necessary to configure Tomcat with the location of the Apache SSL certificate, as described below.

  • Check that the certificate file is present at /opt/bitnami/apache-tomcat/conf/ssl/tomcat.cert.pem and the certificate key file is present at /opt/bitnami/apache-tomcat/conf/ssl/tomcat.key.pem.

  • Uncomment the following line in the /opt/bitnami/apache-tomcat/conf/server.xml file:

       <Connector port="8443"
                  protocol="HTTP/1.1" SSLEnabled="true"
                  maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
                  enableLookups="false" disableUploadTimeout="true"
                  acceptCount="100" scheme="https" secure="true"
                  clientAuth="false" sslProtocol="TLS"
  • Restart the Apache Tomcat server

You should now be able to access your Web applications over HTTPS by browsing to https://SERVER-IP:8443.

How to create an SSL certificate for Apache Tomcat?

A detailed guide is available in the official Apache Tomcat documentation at

How to enable HTTPS support with SSL certificates?

NOTE: The steps below assume that you are using a custom domain name and that you have already configured the custom domain name to point to your cloud server.

Bitnami images come with SSL support already pre-configured and with a dummy certificate in place. Although this dummy certificate is fine for testing and development purposes, you will usually want to use a valid SSL certificate for production use. You can either generate this on your own (explained here) or you can purchase one from a commercial certificate authority.

Once you obtain the certificate and certificate key files, you will need to update your server to use them. Follow these steps to activate SSL support:

  • Use the table below to identify the correct locations for your certificate and configuration files.

    Variable Value
    Current application URL https://[custom-domain]/
      Example: or
    Apache configuration file /opt/bitnami/apache2/conf/bitnami/bitnami.conf
    Certificate file /opt/bitnami/apache2/conf/server.crt
    Certificate key file /opt/bitnami/apache2/conf/server.key
    CA certificate bundle file (if present) /opt/bitnami/apache2/conf/server-ca.crt
  • Copy your SSL certificate and certificate key file to the specified locations.

    NOTE: If you use different names for your certificate and key files, you should reconfigure the SSLCertificateFile and SSLCertificateKeyFile directives in the corresponding Apache configuration file to reflect the correct file names.
  • If your certificate authority has also provided you with a PEM-encoded Certificate Authority (CA) bundle, you must copy it to the correct location in the previous table. Then, modify the Apache configuration file to include the following line below the SSLCertificateKeyFile directive. Choose the correct directive based on your scenario and Apache version:

    Variable Value
    Apache configuration file /opt/bitnami/apache2/conf/bitnami/bitnami.conf
    Directive to include (Apache v2.4.8+) SSLCACertificateFile "/opt/bitnami/apache2/conf/server-ca.crt"
    Directive to include (Apache < v2.4.8) SSLCertificateChainFile "/opt/bitnami/apache2/conf/server-ca.crt"
    NOTE: If you use a different name for your CA certificate bundle, you should reconfigure the SSLCertificateChainFile or SSLCACertificateFile directives in the corresponding Apache configuration file to reflect the correct file name.
  • Once you have copied all the server certificate files, you may make them readable by the root user only with the following commands:

     $ sudo chown root:root /opt/bitnami/apache2/conf/server*
     $ sudo chmod 600 /opt/bitnami/apache2/conf/server*
  • Open port 443 in the server firewall. Refer to the FAQ for more information.

  • Restart the Apache server.

You should now be able to access your application using an HTTPS URL.

How to create an SSL certificate?

OpenSSL is required to create an SSL certificate. A certificate request can then be sent to a certificate authority (CA) to get it signed into a certificate, or if you have your own certificate authority, you may sign it yourself, or you can use a self-signed certificate (because you just want a test certificate or because you are setting up your own CA).

Follow the steps below:

  • Generate a new private key:

     $ sudo openssl genrsa -out /opt/bitnami/apache2/conf/server.key 2048
  • Create a certificate:

     $ sudo openssl req -new -key /opt/bitnami/apache2/conf/server.key -out /opt/bitnami/apache2/conf/cert.csr
    IMPORTANT: Enter the server domain name when the above command asks for the "Common Name".
  • Send cert.csr to the certificate authority. When the certificate authority completes their checks (and probably received payment from you), they will hand over your new certificate to you.

  • Until the certificate is received, create a temporary self-signed certificate:

     $ sudo openssl x509 -in /opt/bitnami/apache2/conf/cert.csr -out /opt/bitnami/apache2/conf/server.crt -req -signkey /opt/bitnami/apache2/conf/server.key -days 365
  • Back up your private key in a safe location after generating a password-protected version as follows:

     $ sudo openssl rsa -des3 -in /opt/bitnami/apache2/conf/server.key -out privkey.pem

    Note that if you use this encrypted key in the Apache configuration file, it will be necessary to enter the password manually every time Apache starts. Regenerate the key without password protection from this file as follows:

     $ sudo openssl rsa -in privkey.pem -out /opt/bitnami/apache2/conf/server.key

Find more information about certificates at

How to force HTTPS redirection?

Add the following to the top of the /opt/bitnami/apps/jenkins/conf/httpd-prefix.conf file:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

After modifying the Apache configuration files:

  • Open port 443 in the server firewall. Refer to the FAQ for more information.

  • Restart Apache to apply the changes.

How to debug Apache errors?

Once Apache starts, it will create two log files at /opt/bitnami/apache2/logs/access_log and /opt/bitnami/apache2/logs/error_log respectively.

  • The access_log file is used to track client requests. When a client requests a document from the server, Apache records several parameters associated with the request in this file, such as: the IP address of the client, the document requested, the HTTP status code, and the current time.

  • The error_log file is used to record important events. This file includes error messages, startup messages, and any other significant events in the life cycle of the server. This is the first place to look when you run into a problem when using Apache.

If no error is found, you will see a message similar to:

Syntax OK

How to change the Java memory settings?

The Java Virtual Machine (JVM) determines the default settings for your Java application:

JAVA_OPTS="-Xms256m -Xmx512m"

You can increase these Java settings for your application if necessary. The settings are in the /opt/bitnami/java/bitnami/ file. Here is an example of how to change the memory settings:

$ export JAVA_OPTS="$JAVA_OPTS -Xms256M -Xmx768M"
IMPORTANT: This file is a symlink to a configuration file that changes depending on the instance type that you are currently using. The symlink will be automatically changed when you resize your server.

How to debug errors in Tomcat?

The main Apache Tomcat configuration file is at /opt/bitnami/apache-tomcat/conf/server.xml.

Once Apache Tomcat starts, it will create several log files in the /opt/bitnami/apache-tomcat/logs directory. The main log file is the catalina.out file where you can find error messages. On some platforms, you may need root account privileges to view these files.

How to upload files to the server with SFTP?

Although you can use any SFTP/SCP client to transfer files to your server, the link below explains how to configure FileZilla (Windows, Linux and Mac OS X), WinSCP (Windows) and Cyberduck (Mac OS X). It is required to use your server's private SSH key to configure the SFTP client properly. Choose your preferred application and follow the steps in the link below to connect to the server through SFTP.

How to upload files to the server

How to configure slaves as Docker containers?

By configuring your Bitnami Jenkins instance with containers as ephemeral slaves, you can run tests for specific languages on demand within a pre-configured and fully isolated environment. This method uses Docker with Bitnami containers.

You will need an instance of the Bitnami Jenkins Stack and administrator access to it.

Step 1: Prepare the environment

  • Confirm that you have Docker installed:

     $ sudo docker version

    If Docker is not installed, install it using the instructions in the Docker documentation.

  • Allow the user running Jenkins to connect to the Docker daemon by adding it to the docker group:

     $ sudo usermod -aG docker tomcat
     $ sudo /opt/bitnami/ restart
    NOTE: By adding the user tomcat to the group docker, you are granting it superuser rights. This is a serious security issue not addressed in this guide. Please be aware of the risks before proceeding.
  • Check that you have the Docker Pipeline plugin installed. From the Jenkins administration panel, navigate to the "Manage Jenkins" section and click the "Manage Plugins" link. On the resulting page, select the "Installed" tab and look for "Docker Pipeline" or use the filter bar.

    Docker plugin

    The plugin should be installed by default in Jenkins v2.x and may need to be manually installed in Jenkins v1.x.

Step 2: Configure a job

Create a job that uses the Docker Pipeline plugin to build the application inside the container and ensure the container itself is created and destroyed when the job starts and finishes.

Follow these steps:

  • From the main panel, click "New Job".
  • Give the job a name and select "Pipeline" as the project type.

    Jenkins job configuration

  • In the "Pipeline" tab, configure the pipeline using the fields below as reference. Replace GITHUB-REPO-URL and GITHUB-REPO-BRANCH with the GitHub repository URL and repository branch to be built.

    • Definition: Pipeline script from SCM
    • SCM: Git
    • Repository URL: GITHUB-REPO-URL
    • Branch specifier: GITHUB-REPO-BRANCH
    • Script path: Jenkinsfile

    Jenkins job configuration

  • Save the job.

Step 3: Create the pipeline script

The Docker Pipeline plugin looks for a pipeline script containing build instructions. The script consists of a series of steps, is typically named Jenkinsfile and is stored as part of the source code repository.

As an example, this guide assumes that the Jenkins job uses a GitHub source code repository containing a PHP application with a composer.json file and a set of phpUnit tests. Here is a sample Jenkinsfile for this example PHP application:

node {
  stage("Main") {
    checkout scm

    docker.image('bitnami/php-fpm:latest').inside("-e COMPOSER_HOME=/tmp/jenkins-workspace") {

      stage("Prepare folders") {
        sh "mkdir /tmp/jenkins-workspace"
      stage("Get Composer") {
        sh "php -r \"copy('', 'composer-setup.php');\""
        sh "php composer-setup.php"

      stage("Install dependencies") {
        sh "php composer.phar install"

      stage("Run tests") {
        sh "vendor/bin/phpunit"


  // Clean up workspace
  step([$class: 'WsCleanup'])


This Jenkinsfile checks out the source code for the PHP application using the GitHub repository URL and branch specified in the job configuration. It then launches a Docker container with Bitnami's PHP-FPM image and creates a temporary workspace to perform all operations. Finally, it runs the listed commands to download and install Composer, download dependencies and run phpUnit tests in the container. The build is considered successful if all tests pass.

NOTE: Every project will be built and tested differently. The steps shown in the Jenkinsfile above are shown for illustration purposes assuming a sample PHP project. You will need to create a custom Jenkinsfile depending on your project's build/test requirements.

Step 4: Run the job

From the Jenkins dashboard, select the sample job and click the "Build Now" link. Jenkins should go to work building and testing the code using the specified container. Check the build results and the console output to see the job progress.

Docker job dashboard

Docker job console output

Where does the JENKINS_HOME variable point to?

JENKINS_HOME is defined in the apache-tomcat/conf/Catalina/localhost/jenkins.xml file. By default it is pointing to /opt/bitnami/apps/jenkins/jenkins_home.

How to use the Android SDK Manager plugin with Jenkins?

When building an Android application using Gradle on Jenkins with the Android SDK Manager Gradle plugin, there may be an error running the aapt tool. Typically, this produces an error message like that shown below: Cannot run program "/home/tomcat/.android-sdk/build-tools/22.0.1/aapt": error=2, No such file or directory
  at java.lang.ProcessBuilder.start(
Caused by: error=2, No such file or directory
  at java.lang.UNIXProcess.forkAndExec(Native Method)
  at java.lang.UNIXProcess.<init>(
  at java.lang.ProcessImpl.start(
  at java.lang.ProcessBuilder.start(
  ... 4 more

To resolve this, execute the following command to install missing libraries needed by the aapt command:

  • Debian:

    $ sudo apt-get install lib32stdc++6 lib32z1
  • CentOS:

    $ sudo yum install libstdc++.i686

How to use a custom executable in a Jenkins job?

If you wish to use a custom binary executable or custom shell script in a Jenkins job, follow these steps:

  • Copy the custom binary or shell script to the /opt/bitnami/apps/jenkins directory. For example:

      $ sudo cp /opt/bitnami/apps/jenkins/
  • Change the permissions as shown below:

      $ sudo chmod +x /opt/bitnami/apps/jenkins/

You should now be able to use the custom binary or shell script in a Jenkins job using the "Execute shell" build step and entering the complete path to the target file in the "Command" field.

Jenkins build step

How to start with Git and Jenkins?

Jenkins runs as the tomcat user so it is necessary to configure this user in case you want to access to a private repository. If you use a public repository, it is not necessary to configure the Tomcat user.

Configure the tomcat User to Access the Git Repository

  • Previous versions of Jenkins require creation of the tomcat user folder:

     $ sudo mkdir /home/tomcat
     $ sudo mkdir /home/tomcat/.ssh
  • Copy the private key to access to the repository into the /home/tomcat/.ssh folder:

     $ sudo cp /path/to/id_rsa /home/tomcat/.ssh/
  • Change the permissions

     $ sudo chown -R tomcat:tomcat /home/tomcat
  • Save the hostname of your repository into the known_hosts file. Replace the YOUR_REPOSITORY placeholder with the URL to your Git repository.

     $ sudo su tomcat
     $ /opt/bitnami/git/bin/git ls-remote -h git@YOUR_REPOSITORY.git HEAD
     The authenticity of host ' (xx.yy.zz)' can't be established. 
     ECDSA key fingerprint is e5:xx:9d:yy:ff:89:55:47:aa:fd:b5:ee:0a:pp:6f:8d.
     Are you sure you want to continue connecting (yes/no)? yes

Configure the Git Repository in Jenkins

Before creating the first Job, it is necessary to configure the Git user and email that Jenkins will use to clone the repository. You can configure these options in the "Manage Jenkins -> Configure System -> Git plugin" section.

Jenkins configuration

  • Create a new Job in Jenkins and specify the Git repository.

    Jenkins configuration

  • Run the build.

If everything was properly configured, Jenkins will checkout the code from the Git repository.