Rebuild the Jenkins master image to embed nginx to handle some redirects

This should make it a bit easier to enforce some routing policies rather than
trying to coerce Kubernetes to do everything for us.

Dockerfile.master

@@ -1,8 +1,74 @@
-FROM jenkins/jenkins:alpine
-
+FROM nginx:alpine
 USER root
-RUN curl -sSL https://ci.jenkins.io/job/Core/job/jenkins/job/master/lastSuccessfulBuild/artifact/war/target/linux-jenkins.war  > /usr/share/jenkins/jenkins.war
 
+# Prepare the alpine image with some Jenkins dependencies
+################################################################################
+RUN apk add --no-cache git \
+        openssh-client \
+        curl \
+        unzip \
+        bash \
+        ttf-dejavu \
+        coreutils \
+        supervisor \
+        openjdk8-jre && \
+            mkdir -p /usr/share/jenkins && \
+            curl -sSL https://ci.jenkins.io/job/Core/job/jenkins/job/master/lastSuccessfulBuild/artifact/war/target/linux-jenkins.war  > /usr/share/jenkins/jenkins.war
+################################################################################
+
+
+# Snippet taken from Dockerfile.alpine
+################################################################################
+ARG user=jenkins
+ARG group=jenkins
+ARG uid=1000
+ARG gid=1000
+ARG http_port=8080
+ARG agent_port=50000
+
+ENV JENKINS_HOME /var/jenkins_home
+ENV JENKINS_SLAVE_AGENT_PORT ${agent_port}
+# Jenkins is run with user `jenkins`, uid = 1000
+# If you bind mount a volume from the host or a data container,
+# ensure you use the same uid
+RUN addgroup -g ${gid} ${group} \
+    && adduser -h "$JENKINS_HOME" -u ${uid} -G ${group} -s /bin/bash -D ${user}
+
+# Jenkins home directory is a volume, so configuration and build history
+# can be persisted and survive image upgrades
+VOLUME /var/jenkins_home
+
+# `/usr/share/jenkins/ref/` contains all reference configuration we want
+# to set on a fresh new installation. Use it to bundle additional plugins
+# or config file with your custom jenkins Docker image.
+RUN mkdir -p /usr/share/jenkins/ref/init.groovy.d
+
+ENV TINI_VERSION 0.14.0
+ENV TINI_SHA 6c41ec7d33e857d4779f14d9c74924cab0c7973485d2972419a3b7c7620ff5fd
+
+# Use tini as subreaper in Docker container to adopt zombie processes
+RUN curl -fsSL https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-static-amd64 -o /bin/tini && chmod +x /bin/tini \
+  && echo "$TINI_SHA  /bin/tini" | sha256sum -c -
+
+ENV JENKINS_UC https://updates.jenkins.io
+RUN chown -R ${user} "$JENKINS_HOME" /usr/share/jenkins/ref
+
+# for main web interface:
+EXPOSE ${http_port}
+
+# will be used by attached agents:
+EXPOSE ${agent_port}
+################################################################################
+
+
+# Grab the latest jenkins.sh from the Jenkins on Docker project
+RUN curl -fsSL https://github.com/jenkinsci/docker/raw/master/jenkins.sh > /usr/local/bin/jenkins.sh && \
+        chmod +x /usr/local/bin/jenkins.sh
+
+
+# Ensure that all our plugins are bundled properly, along with Groovy bootstrap
+# scripts and other build-related content.
+################################################################################
 ADD build/plugins/*.hpi /usr/share/jenkins/ref/plugins/
 RUN for f in /usr/share/jenkins/ref/plugins/*.hpi; do mv  $f $f.override ; done
 ADD init.groovy.d/*.groovy /usr/share/jenkins/ref/init.groovy.d/
@@ -15,6 +81,16 @@ RUN mkdir /usr/share/jenkins/ref/userContent
 RUN date > /usr/share/jenkins/ref/userContent/builtOn.txt
 ADD build/git-refs.txt /usr/share/jenkins/ref/userContent
 RUN for f in /usr/share/jenkins/ref/userContent/*.txt; do mv $f $f.override ; done
+################################################################################
 
-ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false -Dhudson.DNSMultiCast.disabled=true -Djenkins.CLI.disabled=true"
-USER jenkins
+
+# Prepare the nginx instance itself
+################################################################################
+COPY nginx.master.conf /etc/nginx/conf.d/default.conf
+################################################################################
+
+# Prepare the supervisor script to run nginx and Jenkins inside the container
+################################################################################
+COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+CMD /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf
+################################################################################

nginx.master.conf

@@ -0,0 +1,22 @@
+#
+# This nginx configuration is meant to be embedded into a Jenkins master container
+# for automatically routing some things
+#
+# Related to: https://issues.jenkins-ci.org/browse/JENKINS-46706
+
+server {
+    listen 80;
+
+    location = / {
+        return 301 /blue/pipelines;
+    }
+
+    location / {
+        proxy_redirect off;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_pass http://localhost:8080;
+    }
+}

supervisord.conf

@@ -0,0 +1,18 @@
+[supervisord]
+nodaemon=true
+
+[program:nginx]
+command=nginx -g "daemon off;"
+autorestart=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+redirect_stderr=true
+
+[program:jenkins]
+command=/usr/local/bin/jenkins.sh
+directory=/var/jenkins_home
+environment=JAVA_OPTS="-Djenkins.install.runSetupWizard=false -Dhudson.DNSMultiCast.disabled=true -Djenkins.CLI.disabled=true",JENKINS_HOME=/var/jenkins_home,COPY_REFERENCE_FILE_LOG=$JENKINS_HOME/copy_reference_file.log
+user=jenkins
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+redirect_stderr=true